Security Experts:

Former Sysadmin Sentenced to Prison for Hacking Industrial Facility

A man has been sentenced to 34 months in prison and three years of supervised release for hacking into the systems of pulp and paper company Georgia-Pacific, the Department of Justice announced on Friday.

Based in Atlanta, Georgia-Pacific is one of the world’s largest manufacturers and distributors of paper products. The company has more than 200 facilities worldwide and it employs roughly 35,000 people.

Brian P. Johnson, age 44, had worked at the company’s paper mill in Port Hudson, Louisiana, as an IT specialist and system administrator until February 14, 2014, when he was terminated and escorted from the facility.

Johnson then remotely accessed the facility’s computers and caused system failures over the course of several days. When the FBI searched the man’s home in late February 2014, agents noticed a VPN connection to Georgia-Pacific’s systems on his computer.

The damage caused by the disgruntled employee has been estimated at more than $1.1 million, which Johnson will have to pay in restitution to Georgia-Pacific. He has also been ordered to pay $100 to the government and forfeit the devices used to commit the crime.

The former sysadmin was indicted in June 2015 and he pleaded guilty to intentionally damaging a protected computer in February 2016. He will begin serving his prison term next month.

Last year, the U.S. Attorney’s Office for the Middle District of Louisiana launched a new cybersecurity initiative which handles such threats, including attacks on critical infrastructure. The initiative is a result of partnerships with several federal, state and local law enforcement agencies.

Related: Former Nuclear Regulatory Commission Worker Pleads Guilty Over Attempted Hack

Related: Ukrainian Cybercriminal Sentenced to Prison in U.S.

Related: Turkish Man Sent to Prison in U.S. for $55M Cyber Heist

view counter
Eduard Kovacs is an international correspondent for SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.