Smyrna man convicted in hacking that froze company's operations

A former IT employee from Smyrna faces up to 10 years in prison after using a McDonald’s restaurant wireless network to hack a company’s computer network and temporarily freeze its operations.

Jason Cornish pleaded guilty in U.S. District Court in New Jersey this week to using a secretly installed software program to delete portions of the computer network at Shionogi Inc., the U.S. subsidiary of a Japanese pharmaceutical company.

Shionogi, which has operations in Georgia and New Jersey, sells the cholesterol medicine Crestor and the anti-depressant Cymbalta.

The company had announced in September 2010 that it would begin laying off workers, including a close friend and former supervisor of Cornish, who had recently resigned, according to court documents.

Authorities say Cornish wirelessly transmitted computer code in February of this year to the software program he had installed. He managed to delete the contents of 15 “virtual hosts” Shionogi used to run the equivalent of 88 servers, according to court documents.

Shionogi said the deleted servers housed most of its American computer infrastructure, including the company’s e-mail and Blackberry servers, its order tracking system, and its financial management software.

The attack effectively froze Shionogi’s operations for a number of days, leaving employees unable to ship products, cut checks or communicate by email.

The FBI traced the attack to a computer connected to the wireless network of a Smyrna McDonald’s, where Cornish had used his credit card to make a purchase minutes before the attack. He was arrested near his Smyrna home in early July.

Shionogi said it suffered about $800,000 in losses responding to the attack, conducting damage assessments and restoring the company’s network to its prior condition.

In addition to the maximum 10 years in prison, Cornish also faces a $250,000 fine. Sentencing is scheduled for Nov. 10.