IT Professional Sentenced to 15 Months in Prison for Installing and Activating Malicious Code
GREENBELT, MD—U.S. District Judge Deborah K. Chasanow sentenced Anand Venkatraman, age 41, of Clarksburg, Maryland today to 15 months in prison, followed by three years of supervised release, for installing code that intentionally caused damage to a computer. Judge Chasanow also entered an order requiring Venkatraman to pay restitution of $157,300.
The sentence was announced by United States Attorney for the District of Maryland Rod J. Rosenstein; Special Agent in Charge Kevin Perkins of the Federal Bureau of Investigation; and Special Agent in Charge Brian Murphy of the United States Secret Service—Baltimore Field Office.
According to his plea agreement, from September 17, 2012 through January 29, 2014, Venkatraman worked as a contractor and employee of a privately held staffing company serving a variety of industries, based in Hanover, Maryland. Venkatraman held the position of Senior Developer, and was skilled in computer code, server and database construction and maintenance, and website design and architecture.
During the course of his employment with the company, Venkatraman was provided administrator credentials and passwords, and had access to and control over the infrastructure of the website of one of the company’s subsidiaries that helped people with disabilities to find employment. Venkatraman admitted that he used his access privileges and his technical skills to implant malicious code on the subsidiary’s webservers, which allowed him to remotely execute commands that, among other things, would cause the website to crash.
On January 29, 2014, Venkatraman’s last day of employment, the company disabled his credentials and passwords. After his separation from the company, on three separate occasions Venkatraman accessed, without authorization, the malicious code that he had previously implanted on the subsidiary’s webservers, causing the website to crash on June 13, 18 and 20, 2014. On June 26, 2014, Venkatraman again accessed the subsidiary’s webservers without authorization, and posted a blog post disparaging the subsidiary. On June 28, 2014, Venkatraman sent an e-mail to a company official in which he admitted posting the “derogatory blog.” Approximately six months later, Venkatraman again attempted to access the malicious code that he had implanted on the subsidiary’s webservers, but the company had discovered and removed the malicious code.
As a result of Venkatraman’s actions, the company and its subsidiary sustained a loss of $157,300.
United States Attorney Rod J. Rosenstein praised the FBI and U.S. Secret Service for their work in the investigation and thanked the Maryland State Police for its assistance. Mr. Rosenstein thanked Assistant U.S. Attorney Nicolas A. Mitchell, who prosecuted the case.