Leeds IT bloke pleads guilty to hacking Jet2 CEO's email account

Wednesday 6th November 2019 14:16 GMT BrownishMonstr

Sounded like he had a chip on the shoulder.

Sorry.

14 0 Reply
1. Thursday 7th November 2019 00:42 GMT Fungus Bob
  
  No, you're not.
  
  7 0 Reply
Wednesday 6th November 2019 14:56 GMT GnuTzu

Yet, he either got cocky or lazy, by eventually using his own name. Or, did he finally decide he wanted the fame?

3 2 Reply
Wednesday 6th November 2019 15:05 GMT Alister

One wonders what exactly he got out of the exercise? I see no mention that he was able to access anything other than the email accounts.

12 0 Reply
Wednesday 6th November 2019 15:25 GMT Blockchain commentard

Seems to me he was charged with migrating their email to Office 365. A serious crime indeed!!

43 0 Reply
1. Thursday 7th November 2019 11:11 GMT Korev
  
  Well that changes the Outlook...
  
  6 0 Reply
  1. Thursday 7th November 2019 11:33 GMT Anonymous Coward
    
    The use of that Virgin Media account seems to have set the Dominos tumbling...
    
    2 0 Reply
    1. Thursday 7th November 2019 12:47 GMT Anonymous Coward
      
      bet he's .pst off now
      
      9 0 Reply
Wednesday 6th November 2019 15:31 GMT Anonymous Coward

If he was involved in setting up the Dart group Office365, then he probably had Admin credentials, and would be able to access any mailbox he wanted. To call that "hacking" is a bit of a stretch, really.

20 0 Reply
1. Wednesday 6th November 2019 15:45 GMT IT Hack
  
  Setting Up
  
  Dunno...he was a project manager. An org like Dart would not give a PM that level of access. If they did then I bet it contravenes their ISMS.
  
  Beer coz well...Beer
  
  2 1 Reply
  1. Wednesday 6th November 2019 16:07 GMT Aristotles slow and dimwitted horse
    
    Re: Setting Up
    
    Agreed. As a PM myself it's highly unlikely that anyone other than the actual techies pushing buttons would get admin level access when doing a migration of sensitive corporate data. That said, different companies do have different protocols and policies.
    
    1 0 Reply
  2. Wednesday 6th November 2019 16:11 GMT sal II
    
    Re: Setting Up
    
    It's not unusual to use a generic/service high privilege accounts to run scripts etc. for the migration. Easy enough for a PM to get his hands on the credentials, as they are even hard codded in plain text in scripts.
    
    Bad idea, but I have seen in done plenty of times.
    
    8 0 Reply
    1. Wednesday 6th November 2019 16:23 GMT IT Hack
      
      Re: Setting Up Generic
      
      Sounds fishy to me....
      
      7 0 Reply
      1. Wednesday 6th November 2019 20:26 GMT Steve K
        
        Re: Setting Up Generic
        
        Yes - a bit of a security haddock too?
        
        Turbot for the grace of God..
        
        7 0 Reply
        
        Wednesday 6th November 2019 21:28 GMT Stevie
        
        Re: Setting Up Generic
        
        The cost of access on the net.
        
        2 0 Reply
        
        Thursday 7th November 2019 11:08 GMT OssianScotland
        
        Re: Setting Up Generic
        
        Cod Almighty, this is not the plaice for such fishy puns
        
        3 0 Reply
    2. Wednesday 6th November 2019 16:46 GMT Claptrap314
      
      Re: Setting Up
      
      Then get away from those script kiddies & bring in some engineers. Credentials should NEVER be hard coded.
      
      6 3 Reply
      1. Wednesday 6th November 2019 21:29 GMT Stevie
        
        Re: Setting Up
        
        I wish you'd said sooner. Now I'll have to spend weeks redacting "correctbatteryhorsestaple" from about half a hundred webpages.
        
        15 0 Reply
Wednesday 6th November 2019 15:38 GMT Flywheel

No physical property was harmed by this crime so he should get a slap on the wrist...

1 17 Reply
1. Thursday 7th November 2019 18:36 GMT Nick Ryan
  
  99.9999% of money does not exist in anything more than a database. So if someone stole £2,000 from your bank account it would be ok if the perpetrator just got a slap on the wrist? After all, the money never really existed...
  
  2 0 Reply
Wednesday 6th November 2019 16:36 GMT Anonymous Coward

IT project manager compromised Jet2

What was his motivation and what did he hope to achieve?

6 0 Reply
1. Wednesday 6th November 2019 16:47 GMT Claptrap314
  
  Re: IT project manager compromised Jet2
  
  He was tired of paying for his room and board...
  
  11 1 Reply
2. Thursday 7th November 2019 16:25 GMT LeahroyNake
  
  Re: IT project manager compromised Jet2
  
  I was thinking the same, what was his motivation? It also didn't state if he used any of the information that he accessed for any nefarious means.
  
  What the hell was he thinking? Or was he just bored lol
  
  0 0 Reply
3. Thursday 7th November 2019 17:42 GMT Anonymous Coward
  
  Re: IT project manager compromised Jet2
  
  Maybe when someone said "Hack JET Blue" he thought they said Jet2?
  
  https://en.wikipedia.org/wiki/Extensible_Storage_Engine
  
  0 0 Reply
Wednesday 6th November 2019 16:53 GMT Pascal Monett

"statistically speaking, he is unlikely to end up behind bars"

Maybe, but he's also unlikely to ever work in IT again in a professional capacity. It's time for a career change - whether he wants to or not.

7 1 Reply
1. Wednesday 6th November 2019 17:09 GMT dnicholas
  
  Re: "statistically speaking, he is unlikely to end up behind bars"
  
  Nah he can do the infosec speaking circuit for a while. Might even be able to get some cash out of BoJo is he survives
  
  8 2 Reply
  1. Thursday 7th November 2019 05:49 GMT Mark 85
    
    Re: "statistically speaking, he is unlikely to end up behind bars"
    
    And then follow up with a career as an IT security consultant as several others have done.
    
    2 0 Reply
    1. This post has been deleted by its author
    2. Saturday 9th November 2019 11:56 GMT John Brown (no body)
      
      Re: "statistically speaking, he is unlikely to end up behind bars"
      
      "And then follow up with a career as an IT security consultant as several others have done."
      
      He could end up as a lawyer and/or mayor of New York. He has a background in IT so would never make a good IT security consultant.
      
      0 0 Reply
Wednesday 6th November 2019 17:59 GMT SW10

Question for shareholders

If no personal data or other customer, supplier or Group data [was] compromised after his in-box was accessed, what was your CEO doing?

13 0 Reply
1. Wednesday 6th November 2019 21:01 GMT robidy
  
  Re: Question for shareholders
  
  Not a lot...or perhaps GDPR had been well implemented...
  
  4 0 Reply
  1. Thursday 7th November 2019 08:57 GMT Gordon 10
    
    Re: Question for shareholders
    
    Eerr. Fail on your part and Jet2's. I think they meant to say no Customer's personal data was accessed. By definition an email address is personal data, and at a minimum he had that for every account he hacked, and probably a lot more besides from being able to scan the mails in those in-boxes.
    
    A breach of employee's data privacy is treated in exactly the same way as a breach of customers data privacy under GDPR - it makes no distinction between the two from a regulatory enforcement perspective - there might be different risk mitigations/justifications put forward though...
    
    3 0 Reply
Thursday 7th November 2019 13:14 GMT adam payne

Leeds IT bloke pleads guilty to hacking Jet2 CEO's email account...and pretty much ends any career that he thought he had in IT.

1 0 Reply
Friday 8th November 2019 09:50 GMT David Roberts

Someone doing a security audit?

And found that there were connections to the email account from unexpected sources?

As others have said, there seems to have been no attemp to exploit the access for gain.

Just someone making themselves feel special because they have secrets?

If so, sad rather than dangerous.

0 0 Reply
Wednesday 18th December 2019 18:30 GMT Alan J. Wylie

though statistically speaking, he is unlikely to end up behind bars

Sentenced: ten months in prison

https://www.thetelegraphandargus.co.uk/news/18110227.jail-disgruntled-employee-brought-jet2s-entire-computer-system-act-revenge/

0 0 Reply