An Atlanta man was convicted Wednesday of placing malicious code on a U.S. Army computer that eventually cost taxpayers about $2.6 million, a federal prosecutor’s office said.
Mittesh Das, 48, was found guilty of knowingly transmitting malicious code with the intent to cause damage to an Army computer, John Stuart Bruce, U.S. attorney for the Eastern District of North Carolina, said in a news release.
Das committed the crime in 2014, officials said. He was indicted in 2016.
In November 2014, Army personnel noticed “unusual issues” with a computer program that handled pay and personnel matters for almost 200,000 Army reservists, according to the release. Five of the servers associated with the program are at Fort Bragg, N.C.
Suspicious code was found, and an investigation followed.
The Army had contracted with a private company to manage the system, which then subcontracted with Das in 2012 to lead the effort, according to the release.
In 2014, the contract was re-bid and awarded to another company, with a change date of Nov. 24, officials said.
Das inserted malicious code — commonly known as a “logic bomb” — in the days leading up to the changeover, officials said. The “progressively destructive nature” of this code took effect the day after the new contract took effect.
Officials had to fix the damage by removing the malicious code, restoring all information and features and reviewing the entire system to find any further malicious code, according to the release. The labor cost the Army about $2.6 million.
“Cyber-sabotage is not a prank. It is a very serious crime with real victims and real costs,” Bruce said. “In this case, the crime cost taxpayers $2.6 million. Thanks to great work by the investigators and prosecutor, Mr. Das is being held accountable for his criminal acts.”