Threat Management, Incident Response, TDR

Former Cox Communications employee pleads guilty to hacking company network

A Georgia man, asked to resign from his job at Cox Communications, pleaded guilty on Wednesday to hacking into his former employer's network and shutting down telecommunications services, including 911 numbers in major U.S. cities.

William Bryant, 38, of Norcross, Ga., pleaded guilty on Wednesday in U.S. District Court in Atlanta to one count of knowingly causing the transmission of information to a computer used in interstate commerce.

Bryant, after being asked to resign his position, remotely shut down portions of Cox's national telecommunications network on May 6, according to a news release from the U.S. Department of Justice.

Customers in Dallas, Las Vegas, New Orleans and Baton Rouge, La., were left without access to 911 emergency services for hours.

Bryant faces 10 years in prison and a fine of up to $250,000. He is scheduled to be sentenced Dec. 13.

“Hacking – intruding into and causing damage to a computer system – is a serious crime,” U.S. Attorney David Nahmias said Wednesday in a news release. “Such electronic attacks threaten our nation's technological infrastructure, and we will aggressively investigate and prosecute them.”

Cox spokesman David Grabert told today that the Atlanta-based company uncovered the security breach itself and then notified law enforcement authorities.

“It's unfortunate that this happened, but it's a testament to our acumen as a provider that our security and engineering teams were able to notice there was a problem and restore service so quickly,” he said.

Phil Neray, vice president of marketing at data security vendor Guardium, told today that there are a number of reasons why Bryant may have had access to Cox's network after he was asked to resign.

“Every organization has different procedures for terminating accounts. The issue in a lot of organizations is that privileged users share accounts, so they can access one account that can't be turned off,” he said. “There's not a lot of details [on this case], but many organizations have basic logging facilities, and the problem is that they rely on these logging facilities as security measures, but that will only tell you [of a breach] after the fact.”
Mark McClain, CEO and founder of SailPoint, a risk management vendor, told today that Bryant was likely a privileged user with broad access.

“There is a special class, of which this guy is one – privileged users,” he said. “There is a set of people who, by the nature of their work, have very powerful access, and the security solution can't be just to shut off their access. So more and more [companies are] going to take a monitor-and-watch approach.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.