IT technician jailed for wiping school's and pupils' devices

Court told he'd acted from 'spite and revenge' due to grudge over sacking

A former school IT technician who wiped his ex-employer's network but also the devices of children connected to it at the time has been sentenced – after telling a judge he was seeking a new career in cybersecurity.

Adam Georgeson, 29, went on the digital rampage after being dismissed by Welland Park Academy in Leicestershire, England, last January. He wiped 125 devices "including those belonging to 39 families", according to the Leicester Mercury.

The IT professional, of Robin Lane, Wellingborough, Northamptonshire, pleaded guilty to two crimes under the Computer Misuse Act 1990 last year.

Sentencing him to 21 months in prison late last week, His Honour Judge Mark Watson said: "You made deliberate efforts to sabotage the networks of your victims. Your actions, towards both sets of victims, were committed out of spite and revenge."

When he was arrested on 22 January 2021 local police described Georgeson's actions as a "sophisticated cyber attack."

It resulted in a 10-day outage, with some staff being unable to work remotely for four months afterwards.

Having been fired from Welland Park Academy's IT department in 2017 after failing to disclose two previous fraud convictions (for posting Gumtree ads selling computers he didn't own and couldn't supply), Georgeson had "a great deal of resentment," police said. During the January 2021 COVID-19 lockdown he gained access to his former employer's network.

The former IT technician's precise method was not described in reports of the case but local police said it involved "fourteen different steps."

His spree also affected remote-learning pupils at home as well as the school itself. Parents told Leicester Crown Court of the harm caused, including one father of three who said he had lost 1,000 family photographs. Another parent said five years of family photos and images of now-dead relatives had been lost, along with his son's GCSE coursework, while a third said her son's laptop had factory-reset itself "as if it was a brand new computer."

Detective Constable Anthony Jones, from Leicestershire Police's Digital Hub, was the investigating officer. After the case ended he said in a statement: "Georgeson said he went into the school's system because he was bored and decided to start deleting things. However, he realised his actions were traceable and would be caught and so his actions became even more malicious."

Before his January 2021 arrest Georgeson was employed by Millennium Computer Services in Oakham, Rutland as an analyst.

Barrister Kevin Barry, for Georgeson, told the judge in mitigation that his client suffered from "depression and anxiety." He had also been offered a place on a university cyber security course on the grounds that "poachers turned gamekeepers" were valued in infosec. These, said the lawyer, were grounds for mercy.

Judge Watson didn't agree and handed down a relatively long sentence for one guilty plea to each of sections 3(2)(a) and 3(2)(b) of the Computer Misuse Act 1990. Under current UK sentencing laws Georgeson is likely to spend less than a year of his 21-month sentence in prison.

Previous analysis by The Register showed the average prison sentence for CMA crimes in 2020 (the latest year for which statistics are available) was 15.7 months long.

Georgeson seemingly fit some of the criteria of the typical profile of a CMA offender, being relatively young and male – though his level of skill is above the average observed by a Royal Holloway researcher last year. ®

Narrower topics

Other stories you might like

  • Apple's guy in charge of stopping insider trading guilty of … insider trading
    He had one job

    One of Apple's most senior legal executives, whom the iGiant trusted to prevent insider trading, has admitted to insider trading.

    Gene Levoff pleaded guilty to six counts of security fraud stemming from a February 2019 complaint, according to a Thursday announcement from the US Department of Justice on Thursday.

    Levoff used non-public information about Apple's financial results to inform his trades on Apple stock, earning himself $227,000 and avoiding $377,000 of losses. He was able to access the information as he served as co-chairman of Apple's Disclosure Committee, which reviewed the company's quarterly draft, annual report and Securities and Exchange Commission (SEC) filings.

    Continue reading
  • Five Eyes alliance’s top cop says techies are the future of law enforcement
    Crims have weaponized tech and certain States let them launder the proceeds

    Australian Federal Police (AFP) commissioner Reece Kershaw has accused un-named nations of helping organized criminals to use technology to commit and launder the proceeds of crime, and called for international collaboration to developer technologies that counter the threats that behaviour creates.

    Kershaw’s remarks were made at a meeting of the Five Eyes Law Enforcement Group (FELEG), the forum in which members of the Five Eyes intelligence sharing pact – Australia, New Zealand, Canada, the UK and the USA – discuss policing and related matters. Kershaw is the current chair of FELEG.

    “Criminals have weaponized technology and have become ruthlessly efficient at finding victims,” Kerhsaw told the group, before adding : “State actors and citizens from some nations are using our countries at the expense of our sovereignty and economies.”

    Continue reading
  • China reveals its top five sources of online fraud
    'Brushing' tops the list, as quantity of forbidden content continue to rise

    China’s Ministry of Public Security has revealed the five most prevalent types of fraud perpetrated online or by phone.

    The e-commerce scam known as “brushing” topped the list and accounted for around a third of all internet fraud activity in China. Brushing sees victims lured into making payment for goods that may not be delivered, or are only delivered after buyers are asked to perform several other online tasks that may include downloading dodgy apps and/or establishing e-commerce profiles. Victims can find themselves being asked to pay more than the original price for goods, or denied promised rebates.

    Brushing has also seen e-commerce providers send victims small items they never ordered, using profiles victims did not create or control. Dodgy vendors use that tactic to then write themselves glowing product reviews that increase their visibility on marketplace platforms.

    Continue reading
  • Ex IT chief at Homeland Security watchdog stole US govt software to pirate
    Murali Venkata found guilty of conspiracy to resell case management app

    A former acting branch chief of IT for the US Department of Homeland Security's (DHS) oversight office was convicted on Monday of conspiring to steal US government software in order to develop a commercial copy that could be resold to other government agencies.

    Murali Venkata, 56, of Aldie, Virginia, served as acting branch chief of the Information Technology Division of the DHS Office of the Inspector General (DHS-OIG). He was indicted in March 2020 alongside former acting inspector general of DHS-OIG Charles Edwards, 59, of Sandy Spring, Maryland.

    Both men faced charges that they and others conspired to steal government property and to defraud the US, that they stole government property, and that they committed wire fraud and aggravated identity theft. Venkata also faced an additional charge that he destroyed records.

    Continue reading
  • Yale finance director stole $40m in computers to resell on the sly
    Ill-gotten gains bankrolled swish life of flash cars and real estate

    A now-former finance director stole tablet computers and other equipment worth $40 million from the Yale University School of Medicine, and resold them for a profit.

    Jamie Petrone, 42, on Monday pleaded guilty to one count of wire fraud and one count of filing a false tax return, crimes related to the theft of thousands of electronic devices from her former employer. As director of finance and administration in the Department of Emergency Medicine, Petrone, of Lithia Springs, Georgia, was able to purchase products for her organization without approval if the each order total was less than $10,000.

    She abused her position by, for example, repeatedly ordering Apple iPads and Microsoft Surface Pro tablets only to ship them to New York and into the hands of a business listed as ThinkingMac LLC. Money made by this outfit from reselling the redirected equipment was then wired to Maziv Entertainment LLC, a now-defunct company traced back to Petrone and her husband, according to prosecutors in Connecticut [PDF].

    Continue reading
  • Cybercrooks target students with fake job opportunities
    Legit employers don't normally send a check before you've started – or ask you to send money to a Bitcoin address

    Scammers appear to be targeting university students looking to kickstart their careers, according to research from cybersecurity biz Proofpoint.

    From the department of "if it's too good to be true, it probably is" comes a study in which Proofpoint staffers responded to enticement emails to see what would happen.

    This particular threat comes in the wake of COVID-19, with people open to working from home and so perhaps more susceptible. "Threat actors use the promise of easy money working from home to collect personal data, steal money, or convince victims to unwillingly participate in illegal activities, such as money laundering," the researchers said.

    Continue reading
  • UK Computer Misuse Act reformers visit Parliament
    Cyberup campaign hasn't gone away, you know

    Infosec researcher Rob Dyke, best known to Reg readers for fending off legal threats from not-for-profit open-source foundation Apperta after finding a data breach, has visited Parliament to demand Computer Misuse Act reform.

    Dyke, an open-source security researcher, was threatened by the Apperta Foundation with High Court and criminal legal action after he discovered that some of the organisation's data was publicly available on GitHub.

    Speaking to The Register today, Dyke said: "The Home Office is still sitting on the consultation they opened nearly 10 months ago. It would have been lovely to see some drafts or summaries from that so the conversation could carry on."

    Continue reading

Biting the hand that feeds IT © 1998–2022