By Sharon Gaudin
June 6, 2007
An IT contractor who had been let go from his job at Daimler Chrysler
pleaded guilty to sabotaging the auto-maker's wireless inventory network
and causing more than $29,000 in damages.
William A. Johns, 65, of Lake Orion, Mich., pleaded to the charge of
unlawful computer intrusion in U.S. District Court. Under the terms of
the plea agreement, he faces up to 12 months in prison and a fine of up
to $250,000. Johns also will be required to make full restitution to
Daimler Chrysler in the amount of $29,916 to pay for the costs
associated with repairing the damaged network.
"A case like this shows the potential vulnerability -- the potential for
a seriously damaging breach," said Terrence Berg, First Assistant U.S.
Attorney, in an interview with InformationWeek. "The company caught on
quickly and took swift action so this didn't cause them especially
significant damage. But it showed that the vulnerability was there and
it gave them a chance to fix it."
According to a release from the U.S. Attorney's office, Johns worked for
Intermec, a consulting company hired to come in and set up a new
wireless network for Chrysler's remote parts distribution facilities in
Atlanta, Georgia, Portland, Oregon, and Denver and Colorado. MOPAR is
Chrysler's parts distribution component. Johns was part of the
However, Berg said at some point Johns was let go from the Chrysler job.
Court papers showed that on Oct. 3, 2003, Johns entered the Daimler
Chrysler Assembly plant in Sterling Heights, Mich. and accessed a
computer kiosk in the visitors' lobby. Based on his familiarity with
Daimler Chrysler's computer system and security systems, he used the
terminal to delete files and passwords from wireless devices used in
remote parts distribution facilities in remote cities.
The government told the court that Chrysler was forced to remove and
repair the devices, causing each MOPAR facility to shut-down for about
seven and a half hours, causing more than $25,000 in damages.
Berg said that while Johns was making his plea to the court, he called
his actions "a prank."
"If that's accurate, I don't know," added Berg. "Sometimes when someone
is an IT consultant like that, they cause a problem because they want to
be the one to fix it. They cause problems so they can be appreciated
when they solve them."
Berg said Chrysler was quick to call in the FBI when they discovered the
Johns is slated to be sentenced on Sept. 12.
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com