Fired IT staffer created virtual chaos at pharma company

it staffer jason cornish

A Georgia man who allegedly froze the operations of a
New Jersey pharmaceutical company where he had worked by deleting
portions of its computer network has been federally charged in
connection with the alleged attack, U.S. Attorney Paul J. Fishman

Jason Cornish, 37, of Smyrna, Ga., was arrested this morning near his
residence by special agents of the FBI on a Complaint charging him with
knowingly transmitting computer code with the intent to damage
computers in interstate commerce. He is expected to make an initial
appearance this afternoon before US. Magistrate Judge Janet F. King in
Atlanta federal court.

“The computers on which companies do business are the engines of the
21st century economy,” U.S. Attorney Fishman stated. “Malicious
intrusions are against the law, regardless of motive. Hacking attacks
devised as personal revenge can have serious repercussions for
perpetrators as well as victims.”

“As the general public is becoming increasingly aware, the impact of
cyber intrusions can be substantial, whether it occurs at home, a
commercial institution, or with critical national infrastructure,” said
Newark FBI Special Agent in Charge Michael B. Ward. “In this instance,
Jason Cornish allegedly was able to inflict great damage to Shionogi,
Inc., with the stroke of a few computer keys. Unfortunately, given his
choice to misuse his considerable cyber skills, his actions now have him
facing a potential decade-long prison sentence and untold financial

According to the Complaint unsealed today:

Cornish was an information technology employee at Shionogi, Inc., a
United States subsidiary of a Japanese pharmaceutical company with
operations in New Jersey and Georgia.
In late September 2010,
shortly after Cornish had resigned from Shionogi, the company announced
layoffs that would affect B.N., Cornish’s close friend and former

In the early morning hours of February 3, 2011, Cornish gained
unauthorized access to Shionogi’s computer network. Cornish used a
Shionogi user account to access a Shionogi server. Once he accessed the
server, Cornish took control of a piece of software that he had secretly
installed on the server several weeks earlier.

Cornish then used the secretly installed software program to delete
the contents of each of 15 “virtual hosts” on Shionogi’s computer
network. These 15 virtual hosts (subdivisions on a computer designed to
make it function like several computers) housed the equivalent of 88
different computer servers. Cornish used his familiarity with Shionogi’s
network to identify each of these virtual hosts by name or by its
corresponding Internet Protocol address.

The deleted servers housed most of Shionogi’s American computer
infrastructure, including the company’s e-mail and Blackberry servers,
its order tracking system, and its financial management software. The
attack effectively froze Shionogi’s operations for a number of days,
leaving company employees unable to ship product, cut checks, or
communicate by email. Shionogi sustained at least $300,000 in losses
responding to the attack, conducting damage assessments, and restoring
the company’s network to its prior condition.

The FBI’s
investigation revealed that the attack originated from a computer
connected to the wireless network of a Smyrna McDonald’s where Cornish
had used his credit card to make a purchase minutes before the attack.
Cornish also gained unauthorized access to Shionogi’s network from his
home Internet connection using administrative passwords to which he had
access as an employee.

The count with which Cornish is charged carries a maximum potential penalty of
10 years in prison and a $250,000 fine.

U.S. Attorney Fishman thanked special agents of Newark FBI’s Cyber
Crimes Task Force, under the direction of Special Agent in Charge
Michael B. Ward; and in Atlanta, under the direction of Special Agent in
Charge Brian D. Lamkin, with the investigation leading to this
morning’s arrest. Mr. Fishman added that the investigation is

The government is represented by Assistant U.S. Attorney Seth B.
Kosto of the U.S. Attorney’s Office Computer Hacking and Intellectual
Property Section in the Office’s Economic Crimes Unit in Newark.

The charges and allegations contained in the Complaint are merely accusations, and the
defendant is considered innocent unless and until proven guilty.

11-261                                                                                        ###

Defense counsel: Richard V. Merritt Esq., Smyrna, Ga.

Cornish, Jason Complaint

Link to original post

Leave a Reply