IT technician jailed for wiping school's and pupils' devices
Court told he'd acted from 'spite and revenge' due to grudge over sacking
A former school IT technician who wiped his ex-employer's network but also the devices of children connected to it at the time has been sentenced – after telling a judge he was seeking a new career in cybersecurity.
Adam Georgeson, 29, went on the digital rampage after being dismissed by Welland Park Academy in Leicestershire, England, last January. He wiped 125 devices "including those belonging to 39 families", according to the Leicester Mercury.
The IT professional, of Robin Lane, Wellingborough, Northamptonshire, pleaded guilty to two crimes under the Computer Misuse Act 1990 last year.
Sentencing him to 21 months in prison late last week, His Honour Judge Mark Watson said: "You made deliberate efforts to sabotage the networks of your victims. Your actions, towards both sets of victims, were committed out of spite and revenge."
When he was arrested on 22 January 2021 local police described Georgeson's actions as a "sophisticated cyber attack."
It resulted in a 10-day outage, with some staff being unable to work remotely for four months afterwards.
Having been fired from Welland Park Academy's IT department in 2017 after failing to disclose two previous fraud convictions (for posting Gumtree ads selling computers he didn't own and couldn't supply), Georgeson had "a great deal of resentment," police said. During the January 2021 COVID-19 lockdown he gained access to his former employer's network.
The former IT technician's precise method was not described in reports of the case but local police said it involved "fourteen different steps."
His spree also affected remote-learning pupils at home as well as the school itself. Parents told Leicester Crown Court of the harm caused, including one father of three who said he had lost 1,000 family photographs. Another parent said five years of family photos and images of now-dead relatives had been lost, along with his son's GCSE coursework, while a third said her son's laptop had factory-reset itself "as if it was a brand new computer."
- Man arrested after UK school finds wiped hard drives on devices connected to network
- Average convicted British computer criminal is young, male, not highly skilled, researcher finds
- Labour reminds UK.gov that it's supposed to be reforming the Computer Misuse Act
- UK Computer Misuse Act convictions declined last year despite pandemic explosion in online criminal activity
Detective Constable Anthony Jones, from Leicestershire Police's Digital Hub, was the investigating officer. After the case ended he said in a statement: "Georgeson said he went into the school's system because he was bored and decided to start deleting things. However, he realised his actions were traceable and would be caught and so his actions became even more malicious."
Before his January 2021 arrest Georgeson was employed by Millennium Computer Services in Oakham, Rutland as an analyst.
Barrister Kevin Barry, for Georgeson, told the judge in mitigation that his client suffered from "depression and anxiety." He had also been offered a place on a university cyber security course on the grounds that "poachers turned gamekeepers" were valued in infosec. These, said the lawyer, were grounds for mercy.
Judge Watson didn't agree and handed down a relatively long sentence for one guilty plea to each of sections 3(2)(a) and 3(2)(b) of the Computer Misuse Act 1990. Under current UK sentencing laws Georgeson is likely to spend less than a year of his 21-month sentence in prison.
Previous analysis by The Register showed the average prison sentence for CMA crimes in 2020 (the latest year for which statistics are available) was 15.7 months long.
Georgeson seemingly fit some of the criteria of the typical profile of a CMA offender, being relatively young and male – though his level of skill is above the average observed by a Royal Holloway researcher last year. ®