Man Incriminates Self in FedEx Hack

Robert LilesHacking

It is inevitable that in every workplace within every sector there will be an employee—or a number of them—who grow to resent their employer. In many cases, these employees will leave on their own will. In others, the employer must force them out.

Forcing out employees may exacerbate their ill will toward the employer. While most terminated or laid off employees will move on and focus on their presents and futures, a minority of them retaliate and become referred to as disgruntled employees.

Contact Us Now

In many cases, following a retaliation the former employee is caught which can make him or her liable for damages incurred. Such was the case for Deepanshu Kher, an IT specialist who helped a Carlsbad company migrate to Office 365, only to be fired by his immediate employer; he subsequently lashed out against the client.

When a former employee attacks the employer, it can result in costly or even tragic consequences. Often in cyberspace and intangible space attacks, an employer must undertake an investigation to determine the full cost and scope of the damage, as well as finding the culprit. While the onus is usually on the employer to discover the identity and point the finger at someone, recently a man did it to himself.

Botched Cyberattack

Jonathan E. Butt, a New Hampshire man from Manchester who formerly worked as a manager at ERT Logistics in the nearby town of Londonderry, was arrested for his attack against his recent employer. ERT is a FedEx subcontractor and helps the parcel delivery giant deliver and pick up over 10,000 packages per week.

Butt had access to programs ERT and FedEx used to manage routes, logistics, and delivery information: Route Smart and Dynamic Route Optimization (DRO). The information in DRO includes driver details, service areas, which truck a package belongs in, and package counts, among other details. He was terminated on January 6, 2021 and his credentials and access to these systems were revoked.

Despite no longer being able to access the systems, Butt still had a company laptop in his possession. This enabled him to attack DRO, and he deleted essential information from the system. Surprisingly, he admitted to the crime—per a text message he sent to Nihat Ertas, his boss, Butt “cleaned out dro [sic]” and remarked that it was his hard work and he would not “hand it over.”

In this exchange with Butt, Ertas mentioned that his action was prosecutable and expressed his disappointment in him. This action forced ERT to work overtime to repair the database, and not play around with the severity of this breach. Butt was later arrested and had to reimburse ERT $4,349 in overtime pay.

Not Everyone Is So Lucky

Butt took credit for the attack and revealed his criminal behavior to his former employer, thereby making it easy to bring charges against him. His admission through text messages provided evidence that could be used in court. Many others in his position would use more stealth.

When disgruntled employees attack in cyberspace and have more sense to not reveal their crime to the employer, it often requires detective work and deep, thorough professional analysis. However, the victim may be entitled to compensation and damages.

Secure Forensics is an industry leader in providing digital forensics services, combining the science and art of data retrieval and analysis to provide evidence for use in court. We understand the importance of collecting digital information as proper evidence makes or breaks a case.

If you suspect a disgruntled employee has gone after your digital space or assets, and would like to discuss your forensics options, contact one of our experts today at 1-800-288-1407.