The former IT manager was sentenced to one year in prison

Nov 5, 2008 10:52 GMT  ·  By

Steven Barnes from Mill Valley, California pleaded guilty for hacking into the e-mail servers of Blue Falcon Networks and tampering with them. He was previously fired by the company, for which he worked as an IT manager for eight months between 2002 and 2003.

Blue Falcon Networks (BFN), now Akimbo Systems, is a San Mateo based company running an Internet media streaming business. In September 2002, they hired Steven Barnes as Information Technology Manager, only to fire him in April 2003. However, according to Mr. Barnes, another BFN employee, Robert Hammer, later came at his house along with his son and, surprisingly, a baseball bat. After making threats and forcing him to sign papers regarding his dismissal, they also allegedly took Barnes' personal computers.

In an open letter to the judge, the 37-year-old former IT Manager explains that his former drug and alcohol addiction reappeared because he took pain killer meds for his back. Barnes also claims that he illegally accessed the company's servers several months after he was fired out of curiosity. According to him, when hearing that the company moved their headquarters to a new location, he wanted to see if they also re-located their servers. "To my complete disbelief, I soon realized they did move their servers and they had no firewall and the passwords were not even changed!" he wrote in the letter.

Barnes admitted to hacking into the servers on two separate occasions. On September 30, 2003, he logged in using an old password that was still active and made the e-mail server open for everyone on the Internet to use. The server was later picked up by spammers, who used it for sending e-mails that spread malware. This prompted anti-spam groups to add it to their blacklists, thus hindering communications between the company and their clients. Barnes went even further and deleted the e-mail database and vital boot files from the company's Exchange server. Only one day later, on October 1, 2003, he accessed the server again, repeating the removal of files and also unregistering the server from the internal domain.

The judge sentenced Barnes to one year and one day in prison in order to legally make it possible for him to be released a few weeks earlier for good behavior. He was also forced to pay $54,000 to the company as restitution for the damage he caused. Barnes will begin serving his prison sentence on January 8 2009, until then being detained at his home, and after his release, he will be on probation for three years.

This should serve as a reminder for companies or institutions to revoke all access codes and credentials of inactive personnel. Just a few months ago, a former network administrator, who was fired by the municipality of San Francisco, used a master password to lock the city officials out of their multimillion-dollar FiberWAN network after successfully hacking into it. The admin claimed that incompetent department managers wrongfully qualified his performance as poor and got him fired. Even after his arrest, he only revealed the password after a personal meeting with Gavin Newsom, the mayor of San Francisco.