About a year ago, a disgruntled systems engineer for government contractor Federated IT was sentenced to two years in prison for illegally accessing his former employer’s network systems, stealing critical servers and information, and causing a loss valued at over $1.1 million. In a civil lawsuit against his girlfriend and arising out of much of the same conduct, a former project manager at the same company has been held in default and ordered to pay over $150,000 in damages for breach of fiduciary duty, conversion, and conspiracy.
The facts of the case, which are assumed to be true by virtue of the fact the defendant was held in default for violating a court order, are as follows. Federated IT provides cyber security, information technology, and analytic and operations support services, and managed a contract with the U.S. Army Office of the Chief of Chaplains. Ashley Arrington was a project manager for the Army contract and a direct supervisor of Barrence Anthony, the engineer currently serving a two-year prison sentence. Arrington and Anthony were romantically involved but did not notify Federated IT about the relationship. At some point during Anthony’s tenure, he began to behave insubordinately and failed to show up for work, eventually leading to his termination. He decided to go out with a bang. Among other spiteful acts he was accused of before and after he left, Federated IT alleged he:
- deactivated all administrator accounts except his own and refused to share the master password with his replacement
- changed the responsible-party contact information on Federated IT’s Amazon Web Services account to “Anthony Enterprises”
- modified Federated IT’s Help Desk email address to redirect emails to his personal email account
- deleted files from a SharePoint project folder, including encryption keys, account information, and network diagram files
- wiped the hard drive on his work laptop
- made unauthorized copies of the Army’s servers which contained their Financial Management System
- attempted thousands of “brute force cyberattacks” against the Chief of Chaplains’ web application system, which necessitated a shutdown of one of Federated IT’s servers.