Application security, Threat Management

New Jersey email admin charged with accessing former company’s account

A New Jersey man was arrested for placing and using a hidden sub-user account in his former company's email system, allowing him to enter and remove emails without authorization.

Jian Yang Zhang, a/k/a “Kevin Zhang,” 37, is charged with one count of unauthorized access of a protected computer and one count of interception of electronic communications by the U.S. Attorney's Office, District of New Jersey.

A Department of Justice statement described Zhang's alleged actions as having taken place while he was the email administrator at his family-owned company, identified in court documents as Company 1. The court stated that at some point prior to Company 1 being sold, Zhang placed a hidden sub-user account within the company's email server account.

Later, Zhang provided the new owners with the login credentials needed to operate the email system. He then left the company on Feb. 1, 2015, after the purchase was completed.

The court alleges Zhang proceeded to access the account numerous times without authorization over the next 14 months using his sub-account and forwarded various employee emails to an outside account.

If convicted, Zhang could face five years in prison and a fine of $250,000, or twice the gross gain or loss from the offense.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.