[BreachExchange] New Jersey Man Pleads Guilty to Hacker Attack Involving Hardware Keyloggers

Tue Oct 29 10:02:23 EDT 2019

https://www.securityweek.com/new-jersey-man-pleads-guilty-hacker-attack-involving-hardware-keyloggers

A New Jersey man has pleaded guilty in federal court to hacking two
companies and installing keyloggers in an effort to steal data.

The man, Ankur Agarwal, 45, pleaded guilty to two counts of obtaining
information from computers and one count of aggravated identity theft.

Starting February 2017, Agarwal physically trespassed onto a company’s
premises in New Jersey to install hardware keylogger devices that
would allow him to record the keystrokes of employees and obtain their
usernames and passwords.

Agarwal also installed his personal computer and a hard drive onto the
company’s computer network and, using the fraudulently obtained
credentials, hacked into the firm’s network, targeting various
employees.

He admitted to stealing, transferring, and exfiltrating various pieces
of data and information from the company, including details on
emerging technology. He also built malware that he installed on the
company’s computer systems to steal data.

Agarwal also hacked a second company in New Jersey using the same
general scheme. He illegally installed hardware keylogger devices to
steal login credentials, as well as his personal computer and a hard
drive to harvest and pilfer data and information, including an
emerging technology.

The Department of Justice also reveals that Agarwal obtained
unauthorized access to an employee’s computer and then created an
access badge that he used to physically trespass onto the company’s
premises.

The hacker faces a maximum potential penalty of five years in prison
for each of the charges of obtaining information from the two
companies’ computers. He also faces a mandatory term of two years in
prison for aggravated identity theft, which must run consecutively to
the other term of imprisonment imposed.

The DoJ also reveals that Agarwal could be fined $250,000 for each
charge, or twice the gross gain or loss from the offense. He is
scheduled for sentencing on January 28, 2020.

“Agarwal also consented to a forfeiture judgment requiring him to
forfeit numerous computers, storage devices, and related equipment,”
the DoJ announced.