A 26-year-old Hungarian man has pleaded guilty for breaking into the computer network of Marriott International. Perhaps inspired by stories of how some notorious hackers eventually clinched jobs as legitimate security consultants, Attila Nemeth reportedly targeted Marriott employees with a spear-phishing attack. 

After successfully planting malware in this manner, the man was able to steal sensitive documents, which he tried using to blackmail the company into hiring him. According to Dark Reading, Nemeth emailed Marriott's personnel group to inform them of the theft of information. 

Asking for a job maintaining the hotel chain's computers, he followed up two days later with an email containing various stolen financial and confidential information belonging to the company. This prompted Marriott to enlist the help of the U.S. Secret Service in a sting operation to catch Nemeth.

Nemeth was arrested after he flew to the United States--at Marriott's expense--to meet with an undercover agent on the pretext of an interview about his impending job offer. There he was cajoled into revealing how he broke into the network, the level of access gained, as well as the location of the stolen data stashed on a server back in Hungary.

As you can imagine, Nemeth was subsequently arrested and charged with computer hacking and threatening to expose confidential information. Marriott estimates that it spent between $400,000 and $1 million in consultation fees dealing with the security breach.

Personally, I find it bizarre how Nemeth could even believe that a company would even consider hiring a blackmailer who has no qualms about harming it by threatening to release confidential information. This incident also shows how spear-phishing attacks are a clear danger to corporations.

For more:
- check out this article at Dark Reading
- check out this article at The Register

Related Articles:
Another IT staffer pleads guilty to hacking into ex-employer
Fired Ga. man crashes ex-employer's VMware systems