Incident Details
| Victimized Company: | First Republic Bank |
| Incident Dates: | 2020-03-11 to 2020-03-12 |
| Disclosure Date: | N/A |
| Current Status: | Perpetrator Plead Guilty |
First Republic Bank
In March 2020, a cloud engineer was terminated from First Republic Bank and subsequently accessed their AWS & GitHub environment to cause damage.
Incident
Details of the Incident
Miklos Daniel Brody was employed as a cloud engineer for First Republic Bank. In March of 2020, he was terminated for violation of company policies. He had in his possession a company-issued PC and Macbook. He surrendered the PC at his termination on March 11, 2020, but did not have his Macbook present at the time. Later that evening, he used the Macbook to log in to the corporate VPN.
Once logged into the corporate VPN, Brody, as alleged in the criminal complaint:
- Logged into a Linux jump box
- Overwrote system logs
- “used a Linux administrator account to impersonate” another employee
- From an enterprise GitHub server, used a script to “terminate almost all instances in Amazon Web Services”.
- Deleted code repositories
- “broke the Ansible Tower.”
- “locked users out of an Amazon service called EMR. The primary purpose of this is to do mathematics.”
Timeline
| Date | Event |
|---|---|
| March 2, 2020 | Brody plugs in two USB Sticks to his company-issued PC |
| March 11, 2020 3 pm | Brody is terminated from First Republic Bank |
| March 11, 2020 7:16 pm | Brody signs into First Republic VPN using MFA. |
| March 11, 2020 7:55 to March 12, 2020 10:30 am |
Malicious Activity at the bank |
| March 12, 2020 10:30 am | Brody’s credentials were finally deactivated |
| March 13 - 30, 2020 | FRB attempts to recovery Brody’s Macbook |
| March 16, 2020 | Brody files police report claiming the Macbook was stolen |
| April 5, 2023 | Brody pled guilty to two counts |
| December 11, 2023 | Brody sentenced to 24 months, and fined $529k |
Attribution / Perpetrator
Miklos Daniel Brody was indicted in 2020 and pled guilty in April 2023. He was sentenced on December 11, 2023, to 24 months in prison and ordered to pay restitution of $529k.
Long-term Impact
The Criminal Complaint lists monetary damages to First Republic Bank in excess of $220,000.
Summary of Coverage
- US District Court: Criminal Complaint March 11, 2021
- DOJ: “Disgruntled Cloud Engineer Sentenced To Two Years In Prison For Intentionally Damaging His Former Employer’s Computer Network After He Was Fired” December 11, 2023
- Bleeping Computer: Cloud engineer gets 2 years for wiping ex-employer’s code repos December 12, 2023
Cloud Security Lessons Learned
From 3 pm, when his termination meeting began, to 10:30 am, the next morning, First Republic neglected to disable Brody’s VPN access.