A 27-year-old North Carolina man was found guilty of six counts of extortion for a series of crimes he committed while working as a data analyst contractor for a D.C.-based international technology company, the Justice Department said Thursday.
Cameron Nicholas Curry, also known as “Loot,” stole a trove of corporate data, including sensitive employee and compensation information, which he used to extort his employer, according to court records. Curry ultimately made off with approximately $2.5 million from the victim organization in January 2024.
The insider attack underscores immeasurable risks companies accept when employees, or contractors placed in roles by a third-party recruitment company, as was the case with Curry, are allowed to access sensitive data on a company-owned laptop. Officials did not name the company.
Curry used his access to the company’s network to remove corporate data for extortion while he worked for the company between August and December 2023. Immediately following his last day of employment with the company, Curry started sending threatening emails to its employees and demanded a ransom to not leak and destroy the data.
Officials said he sent more than 60 emails to various employees and executives over a six-week period, threatening to disclose the company’s payroll data, claiming it showed significant pay inequity across the workforce. In those emails, Curry framed the data theft extortion attack as an effort to implement salary transparency.
“Loot and our partners aim to ensure that everyone is being paid accordingly, providing employees with the leverage they deserve while also adhering to federal government regulations on protected acts,” Curry wrote in one of the emails, according to the indictment.
Curry included attachments with the emails containing screenshot images of spreadsheets listing the personally identifiable information of company employees. Officials said he also warned the company he would provide employees instructions on how to address pay discrimination through mediation, the Equal Employment Opportunity Commission or a class-action lawsuit.
Some of the extortion emails got personal, including a claim that one person on the legal team wasn’t getting a bonus while most employees in high-level positions did receive bonuses. Curry also threatened to report the breach to the Securities and Exchange Commission, citing rules that require public companies to disclose cyberattacks quickly.
The publicly traded company notified the FBI of the breach on Dec. 14, 2023 and paid Curry’s ransom demand almost a month later.
Multiple operational security mistakes helped authorities identify and build a case against Curry rather quickly. He used personal and verifiable data to establish a new Coinbase account, and two of the debit cards linked to the account Curry established to receive a ransom belonged to his mother and sister.
Authorities searched Curry’s apartment, digital devices and vehicle in Charlotte, North Carolina, just weeks after the ransom was paid. He was arrested and released on bond in late January 2024.
Officials said Curry initiated his extortion scheme after he learned his contract with the company wouldn’t be renewed. He faces up to 12 years in prison at sentencing.
You can read the full indictment below.
The post North Carolina tech worker found guilty of insider attack netting $2.5M ransom appeared first on CyberScoop.
Cameron Nicholas Curry, also known as “Loot,” stole a trove of corporate data from a D.C.-based tech company as his six-month contract gig came to a close.
The post North Carolina tech worker found guilty of insider attack netting $2.5M ransom appeared first on CyberScoop. Read MoreCyberScoop
