An Indian American defense contractor for the U.S. army who was convicted in September 2017 for knowingly transmitting malicious code to a computer used for national security reasons, has been sentenced to 24 months in prison followed by three years of supervised release and ordered to pay $1.5 million in restitution.
Mittesh Das, 49, of Atlanta, Georgia, was sentenced by the United States attorney for the Eastern District of North Carolina, Robert J. Higdon, Jr on Sept. 11. He was found guilty of knowingly transmitting malicious code to an army reserve computer used in furtherance of national security on Sept. 20, 2017.
According to a statement released by the U.S. justice department last year, Das was indicted by a grand jury in the Eastern District of North Carolina in 2016 for the incident that occurred in 2014.
In November 2014, a national level computer program responsible for handling pay and personnel actions for nearly 200,000 U.S. army reservists began experiencing unusual issues, the statement said. Five of the servers associated with the program are located at Ft. Bragg, North Carolina. Standard internal troubleshooting uncovered suspicious code that led to an investigation by the Army’s Criminal Investigation Command (CID).
The investigation revealed that in 2012, the contracted company responsible for oversight of the computer system had subcontracted with Das to assume lead responsibility for the system. However, the contract was subsequently re-bid and awarded to a different company with a hand-over date of Nov. 24, 2014. The investigation further showed that Das inserted malicious code – commonly referred to as a “logic bomb” – in the days leading up to the contract changeover and that the progressively destructive nature of this code began taking effect the day after the changeover.
According to the statement, the process of rectifying the damages and restoration of all the information and features along with a thorough review to spot any further damaging code caused a total labor cost to the U.S. army of approximately $2.6 million.
“Cyber-sabotage is not a ‘prank.’ It is a very serious crime with real victims and real costs. In this case, the crime cost taxpayers $2.6 million,” John Stuart Bruce, U.S. attorney for the Eastern District of North Carolina, had said at that time.
Das “exploited his position as a cleared defense contractor to sabotage the U.S. Army Reserve’s personnel system and disrupt pay to our nation’s Soldiers,” Daniel Andrews, director of the Computer Crime Investigative Unit, U.S. Army Criminal Investigation Command, was quoted as saying in the statement. “Cybercrime and insider threats present significant challenges to national security and military operations, and today’s sentencing serves as a stark reminder that we will continue to preserve strategic readiness by bringing violators to justice,” he added.