A former core infrastructure engineer has admitted to orchestrating a failed extortion plot that involved locking administrators out of hundreds of servers at his New Jersey-based employer. After gaining unauthorized access to the network, the employee attempted to force a ransom payment of 20 bitcoin by deleting administrator accounts and threatening to shut down systems.

Daniel Rhyne, a 57-year-old from Missouri, utilized an administrator account to infiltrate the network of an industrial company headquartered in Somerset County. Between early and late November, he systematically scheduled tasks on the company's Windows domain controller designed to paralyze their IT operations. These tasks were set to delete network administrator accounts and reset hundreds of user passwords to a specific phrase, effectively stripping the company's internal tech team of their control over the infrastructure.

The scope of the interference was extensive, impacting thousands of workstations and over 250 servers through the modification of local administrator accounts. Rhyne also planned to cause physical disruption by scheduling random shutdowns of servers and workstations throughout the following month. To cover his tracks, forensic evidence showed he used a hidden virtual machine to research methods for clearing Windows logs and manipulating domain accounts via command-line tools in the days leading up to the attack.

Once the technical groundwork was laid, Rhyne sent a ransom email to several colleagues falsely claiming that all server backups had been destroyed and recovery was impossible. He demanded a payment of 20 bitcoin, which was valued at approximately 750,000 dollars at the time, to prevent the daily shutdown of forty random servers. The company's IT staff realized the gravity of the situation on the afternoon of November 25 when they began receiving a flood of password reset notifications and found themselves locked out of the system.

Following an investigation into the breach, authorities traced the activity back to Rhyne’s unauthorized web searches and his use of company hardware to plan the extortion. He was eventually arrested in Missouri and faced federal charges related to the hacking and extortion attempt. By pleading guilty to these charges, Rhyne now faces a legal judgment that could result in a maximum prison sentence of fifteen years.

This case highlights a growing trend of insider threats involving technical staff attempting to leverage their high-level access for financial gain. It mirrors another recent incident where a data analyst in North Carolina was convicted for a multi-million dollar extortion attempt against his own firm. These events underscore the vulnerability of corporate infrastructures to those who possess the keys to their digital defenses.

Source: https://www.justice.gov/usao-nj/pr/former-employee-national-industrial-company-pleads-guilty-crimes-related-hacking