Get Fired. Delete Colleague's Account. Go To Jail.

SierraPete writes "CNet reports that Thomas Millot, a former systems analyst for a major pharmaceutical company, has lost his appeal on a computer intrusion charge. Mr. Millot was convicted of unlawfully entering the system that he used to work on and deleting a colleague's account after his job was outsourced. Mr. Millot's attorneys argued that his actions did not amount to $5K in damage--the threshold for the crime he was convicted of. The court disagreed, saying that IBM had done over $20K in work to undo his handiwork." Update: 01/14 19:55 GMT by J : Typo corrected; turns out the word "not" is important...

Missing "Not" In Summary

[kmactane]

The summary should read: Mr. Millot's attorneys argued that his actions did not amount to $5K in damage...

It's those itsy-bitsy words that make all the difference.

Re:Or here is a better idea

[tomhudson]

Okay, I know this is slashdot and most people didn't RTFA:

A federal judge disagreed and handed down a relatively light sentence of three months of imprisonment, three months of home detention and three years of supervised release, plus a $5,000 fine and $20,350 in restitution.

So he IS going to repay them $$$, lots of it. Not just jail time.

IBM was grossly incompetent

[SHP]

Unless I'm missing something, I cannot understand how IBM needed 20K worth of incident response services to figure out what happened. SecurID systems can log all activity. A simple check of the logs would have indicated who disabled the access and when.

I would have told IBM to put that invoice where the sun don't shine if they tried to bill me for investigating such a simplisitic "compromise" of a system *they* were supposed to be managing.

-SHP (CISSP, CISA)