IT services pro hacked former client’s email – Naked Security

Source: National Cyber Security – Produced By Gregory Evans

An IT project manager has pleaded guilty to accessing the email account of a former client’s CEO, said reports this week.

According to the Register, 27-year-old Leeds resident, Scott Burns, was charged under the Computer Misuse Act for tinkering with systems owned by Dart Group, which owns the Jet2 airline.

The hapless hacker was reportedly an IT project manager at Blue Chip Data Systems, which offers IT support and managed services. He accessed the email inbox of Steve Heapy, the CEO of Jet2 and its sister company Jet2holidays, although it isn’t clear what Burns was using the information for.

The Register found Burns’ LinkedIn account, which had listed a project entry under ‘Accomplishments’ relating to his work for Dart Group. Apparently, he helped move the company to Microsoft’s Office 365, including preparing back-end systems for a smooth migration of around 5,000 users.

As of yesterday, his LinkedIn account had been scrubbed of any accomplishments, and also didn’t show any employment history, although both Jet2 and Blue Chip Data Systems show up in his interests. He also posted seven months ago as an employee of Pure Technology Group, where he was “really chuffed to have been awarded employee of the quarter”.

According to the indictment, Burns accessed the CEO’s inbox over three weeks in January 2018. He tried to cover his tracks by accessing from different IP addresses. However, he slipped up when he eventually accessed the inbox from a Virgin Media account in his own name. That gave investigators the information they needed to track Burns’ computer, and it was game over.

Accessing a victim’s computer from an identifiable account is a common theme among hackers who get caught. For example, the FBI collared US hacker Kyle Milliken after he forgot to use his VPN to protect his IP address when hacking Disqus.