A California judge has found Yovan Garcia, a former security guard, guilty for hacking his former employer, stealing proprietary software, and trashing the company network after he resigned and left his job.

According to court documents obtained by Bleeping Computer, Garcia began working in 2012 as a security officer for Security Specialists, a California-based security company that provides private security patrols.

Garcia padded his timesheets

In July 2014, his boss discovered discrepancies between Garcia’s working schedule and his payroll data. An investigation revealed that Garcia had used an admin password to log into the company’s payroll program and tamper with his work records.

Four hours had been added into the lunch field each day, which accounted for the unexplained extra 40 hours of overtime in Garcia’s records. The hours had been entered in black text on a black background, in one-point font. As a result, the alterations to Garcia’s hours would not have been noticeable to the casual observer. The alterations resulted in Garcia’s being paid wages for overtime that, presumably, he did not work.

The company’s Founder and Operations Manager tracked down these edits going back to the beginning of 2014 and affecting Garcia’s payroll data only. In total, Garcia’s hacking pocketed $6,071.49 in unworked overtime pay. Further, the latest changes were made from an IP address assigned to Garcia’s patrol car.

Following the discovery of this event, the two managers called Garcia into a meeting the next day.

Garcia was recorded lying to his bosses

Garcia suspected his bosses discovered his actions and met up with a friend to talk about the incident. That friend, suspecting that Garcia had done something wrong, recorded the conversation, during which Garcia spun a wild tale, to which he later admitted in court that he lied.

When he met with his bosses — who also recorded the meeting — Garcia told the same tale, of how an employee of a rival company (PTS Security Services) had asked Garcia — known for having IT skills — to look over a broken laptop.

Garcia says he found a file on this laptop containing information on Security Specialists clients, which he copied to his own computer and deleted from the PTS laptop. Days later, another PTS employee phoned Garcia and asked him to remain quiet about the file he found on the PTS laptop, promising he’ll receive financial compensation.

Garcia argued to his bosses that the extra payroll hours were added by someone at PTS, as part of his compensation to stay quiet about what he found. To win over the trust of his current bosses, Garcia even gave the names of other Security Specialists employees he suspected were moles for PTS. Based on Garcia’s revelations, Security Specialists subsequently fired these persons.

Garcia resigns two months later

Following their meeting, Garcia was allowed to remain with Security Specialists, even if his bosses had evidence that the hack originated from his car. Things changed in September 2014, when his bosses noticed an uptick in car towing patterns on Garcia’s shifts.

While a Patrol Officer would typically tow one or two cars in any given day, Garcia was regularly towing between five and ten cars per day. Moreover, most of the cars were being towed by one particular company, L&M Towing. Tsotsikyan and Leon became concerned that Garcia was towing cars in exchange for illegal kickbacks from L&M Towing. To test this theory, the pair decided to transfer Garcia to a different patrol area, presumably one that L&M Towing did not service, to see whether his towing patterns would change.

When the two bosses [Tsotsikyan and Leon] informed Garcia of their decision, the security guard refused to move to a new patrol area and signed a written resignation in anger. Later, Garcia said in court he felt pushed out of the company, despite writing and signing his own resignation.

Security Specialists gets hacked two weeks later

Two weeks after Garcia left the company, on October 14, 2014, Security Specialists suffered a devastating hack. During this incident, a hacker gained access to the firm’s network and stole the boss’ archived emails, accounting software, and the databases used for accounting, invoices, and payroll operations.

Additionally, the hacker also deleted or corrupted backup files, and also started “the process of reformatting the company’s various drives when the intrusion was discovered and the servers disconnected from the internet.”

Testimonies and evidence shown in court connected Garcia to hack, as a conspirator, albeit as the hacker.

Evidence included conversations that Garcia had with other people during which he mentioned details that were only included in his former boss’ emails.

Additionally, on December 1, 2014, the hacker returned and defaced the Security Specialists website to show an unflattering image of Garcia’s former boss and the first five digits of his Social Security number. Garcia blamed his boss, Nick Tsotsikyan, for pushing him out of the company.

Furthermore, the defaced website also included a message that asked employees to send embarrassing stories about the company to an email address at theAnonygroup@gmail.com. After serving Google with a subpoena, Security Specialists discovered that the IP address used to register and access this service was at one point assigned a block away to where Garcia lived.

“A little birdy”

Security Specialists employees also testified they received phone calls from their competitor at PTS with questions and statements like “How is your system, I heard it was down?” and “Someone hacked it, did you check out the website?”

When asked where they heard this information, the PTS employee said “a little birdy.”

Garcia peddled former employer’s proprietary software

In addition to the hacks, investigators discovered that in September and October 2014, Garcia also approached a former Security Specialists employee, James Caspari, who by that point had founded a separate company, also offering security patrol services.

That former employee testified that Garcia approached him and offered software to Caspari in exchange for agreeing to serve as Qualified Manager in the security company that Garcia was in the process of creating. According to Caspari’s testimony, that software looked and behaved very similar to the software he saw while he previously worked for Security Specialists.

Last but not least, investigators discovered that Garcia also set up his own business and used Security Specialists’ data to lure away customers.

Garcia ordered to pay over $318,000 in damages

When questioned in court earlier this year, Garcia admitted to concocting the story he told his bosses but denied ever hacking his former employer. He also admitted giving software to Caspari but claimed he wrote the software from scratch, based on what he saw while working for Security Specialists.

The judge presiding over the case did not believe any of Garcia’s explanations and found the former security guard guilty of conspiring to hack his former employer.

Earlier this month, the judge ordered Garcia to pay $318,661.70 to Security Specialists for lost data and lost income. Garcia will also have to pay legal costs and attorney fees that will be decided at a later date.

Source: https://www.bleepingcomputer.com/news/security/security-guard-hacks-and-trashes-company-servers-after-quitting-his-job/