Daniel Rhyne, a 57-year-old former core infrastructure engineer of a prominent U.S.-based industrial company headquartered in New Jersey, was arrested on August 27, 2024 for his role in an attempted data extortion campaign against his former employer.
Rhyne faces charges including one count of extortion related to threats of causing damage to protected computer systems, one count of intentional damage to a protected computer, and one count of wire fraud.
The extortion attempt began on November 25, 2023, when employees at the company received a threatening email claiming that IT administrators had been locked out or deleted from the computer network, server backups had been erased, and that additional servers would be shut down daily for ten days unless a ransom of 20 Bitcoin, valued at approximately $750,000 at the time, was paid.
Investigators uncovered that Rhyne had unlawfully accessed the company's computer systems by remotely accessing an administrator account. He scheduled multiple unauthorized computer tasks, including changing administrator passwords and shutting down servers. Furthermore, Rhyne controlled the email account used to send the extortion message.
The victimized firm provides services across various sectors, including aquaculture, biopharmaceuticals, electronics, and manufacturing, among others. As a core infrastructure engineer, Rhyne was responsible for managing the company's virtual machines, domain controllers, and administrative accounts, making his position critical to the company's IT operations.
The court documents revealed that Rhyne had set up a Hidden Virtual Machine on the company's network, which he used to access and manipulate critical systems. Between November 8 and November 25, 2023, Rhyne conducted several malicious activities, including changing passwords for over 300 domain user accounts and planning the shutdown of thousands of servers and workstations. Security footage showed Rhyne accessing the company's network from both his assigned laptop and remotely from his residence, indicating a well-coordinated effort to disrupt the company's operations.
The charges against Rhyne carry significant penalties, with potential prison terms ranging from five to twenty years, depending on the specific offenses and outcomes of the legal case.
In light of this incident, cybersecurity experts recommend that organizations implement robust access controls, regularly monitor and audit administrative activities, and ensure that all employees receive training on recognizing and responding to potential security threats. Additionally, maintaining up-to-date backups and having a comprehensive incident response plan are crucial in mitigating the impact of such attacks.
Google: Russian Hackers Use N-Day Exploits Only Known to Spyware Vendors
Leave a Reply