A US-based systems administrator has been arrested for allegedly trying to extort money and even good job references out of a mutual fund company that had just laid him off.
Viktor Savtyrev, of Old Bridge, N.J., was arrested at his home on Monday morning. He faces two charges under the federal cyber extortion statue. Savtyrev, also known as Victor Savturev, was employed as a systems administrator for an unnamed mutual fund company in New York City until he was let go, along with nine other employees, on November 5.
All of the laid off workers were given a severance package, according to a criminal complaint filed with the courts.
"This is important, especially at this time of layoffs and financial difficulties, because we're making it clear that people can't take their frustrations out on companies and employers," said Assistant US Attorney Erez Liebermann. "This arrest should also send a message to other companies that extra vigilance is important right now."
Late in the morning of Thursday, November 6, Savtyrev allegedly used a Gmail account to email the company's general counsel and three other employees, saying he was "not satisfied with the terms" of his severance, according to FBI Special Agent Gerald Cotellesse in the complaint. Savtyrev allegedly threatened to cause extensive damage to the company's computer servers if they would not increase his severance pay, extend his medical coverage and provide "excellent" job references.
The system administrator also threatened to alert the media after attacking the server.
According to the complaint, the company contacted police on the day of Savtyrev's first alleged threat. That evening, at the direction of investigators, a company employee recorded a phone call in which Savtyrev allegedly repeated his demands. During the call, he also allegedly said he would get his "comrades from Belarus" to help him hack into the company's servers.
Savtyrev allegedly sent a second email to the company on Friday, November 7, and in a taped phone conversation that evening agreed to show company officials how he would exploit the systems in return for meeting his demands, the complaint said.
The criminal complaint notes that he sent a third email on Saturday saying he had opened several back doors in the company's system and it would take them months to find them.
Liebermann noted that with a rocky economy and increased layoffs, companies need to shore up their defences by shutting down internal and remote access immediately upon terminating a worker, monitoring system logs for any anomalies, adding extra layers of security and having a plan in place to quickly report any threats or breaches to law enforcement.
"And it's important that they report instances like this before they go from a threat to a loss of data," he added.