Ashley Liles, a 28-year-old IT Security Analyst working at Oxford BioMedica, was tasked with investigating a cybersecurity incident involving unauthorized access to a portion of the company’s systems.
The intruder had already notified the company’s senior staff members about the infiltration and demanded a ransom payment. Ashley Liles and his colleagues were working towards mitigating this issue.
Liles Became An Insider Threat
At one point, Liles decided to change the circumstances of this incident for his benefit. He devised a plan and exchanged the Bitcoin payment address of the attacker with his own. Furthermore, he also set up an email address that was similar to the attacker’s.
From that point, he acted as the attacker and forced the company to pay the ransom. Unfortunately, Oxford BioMedica didn’t pay a single dollar for ransom. In addition to this, his unauthorized access to private emails was revealed during the investigation, which was traced back to his home.
Authorities have seized a computer, laptop, phone, and a USB stick that was used as evidence against Ashley Liles. Liles managed to erase the device, but authorities recovered sufficient data to prove him guilty.
Trial and Sentence
Liles denied his act of involvement for 5 years until May 17, 2023, when he changed his plea to guilty. Reading Crown Court has adjourned the case, and the verdict will be released on July 11, 2023.
Ashley Liles’ case seems to be an opportunistic one instead of a planned attack. However, organizations must enforce effective control policies and limit access to resources.
“I would like to thank the company and their employees for their support and cooperation during this investigation. I hope this sends a clear message to anyone considering committing this type of crime. We have a team of cyber experts who will always carry out a thorough investigation to catch those responsible and ensure they are brought to justice.” Said Detective Inspector Rob Bryant.
Source: https://cybersecuritynews.com/it-security-analyst-pleaded-guilty/