How Alleged Dark Web Hacker ‘w0zniak’ ‘Tried To Put’ MSP Chimera Out Of Business
The hacker known on the dark web as ‘w0zniak’ was allegedly an MSP employee attempting to sell access to the company's customer data, according to the FBI.
A hacker who allegedly threatened to sell access to all of an MSP’s data on the dark web for $600 left millions of dollars of damage in his wake, his former employer said.
The alleged criminal hacker who went by the alias “w0zniak” when attempting to sell business secrets on the dark web was in reality a “very smart” albeit directionless young man with military aspirations and a bright future in IT, according to court filings and an interview with his former employer.
“He was smart at technology, but he was dumb at criminal activity. I really told him that in a text. Like ‘Are you really that dumb? Everybody cannot be a criminal,’” said Raymond Alexander, co-owner of Atlanta-based MSP Chimera Technologied, also affiliated with Chimera Innovations, LLC, in an interview with CRN.
[RELATED: FBI: MSP Engineer Arrested In Attempt To Sell Access to Clients]
Marquavious D. Britt, 26, of Augusta, Ga., in January was charged in U.S. District Court with computer fraud and abuse as well as unauthorized use of a computer for his attempts to sell access to his employer and his employer’s customers. Britt's alleged attempts to sell access to Chimera's data came via multiple online posts to the dark web under the name "w0zniack" beginning in September. Britt’s screenname is an apparent reference to Apple Co-founder Steve Wozniak.
The FBI alleges that Britt first tried to extort Chimera customers by holding their information hostage in exchange for a cryptocurrency ransom. When that failed, he allegedly tried to sell access to the cloud servers used by Chimera – which contained the data of several law firms, accountants and a pharmaceutical company – for $600.
“The FBI wanted to know how much harm did he do. They wanted me to monetize time, labor, how much it was costing me,” he said. “I’m still giving customers stuff for free to make it right. After we did our calculations it was millions. Basically, we did the labor, which is my time, my customer’s time, because we had multiple companies with their full IT departments working on this. Then the services that I provide, me having to give them six months free, one year free. We’re talking about a lot of money that I’m basically throwing away … I really don’t have any sympathy for him. The fact is he knew what he was doing. He had no remorse after I told him to stop.”
Attempts to reach Britt through his lawyer were unsuccessful. Reached this morning, attorney Holly Chapman said she represented Britt at his appearance but is no longer representing him. She said his counsel would likely be assigned by the Northern District court where his case was transferred. No attorney has yet been assigned according to paperwork there.
The U.S. Attorney's Office for Georgia's Northern District had no comment outside of the court filings.
Trouble at Chimera started not long after Britt was hired on May 6, 2019, Alexander said. Britt was selected as project manager to help move a pharmaceutical company’s workloads to Microsoft Office 365.
Britt allegedly accessed the pharmaceutical company's communications and used knowledge gleaned there to try to blackmail the company in an email sent on July 26.
“He gave himself rights to the CEO’s emails. He went in and started going through the CEO’s documents, [looking at] their competitors, who they were about to do business with, the whole nine [yards],” Alexander said. “Then [he targeted] the IT group. He deleted their account. He sent a ransom email to the CEO saying ‘I know about your deals. I know about this. Here’s some screen shots. If you don’t give me ‘x’ amount in Bitcoin, I’m going to release this to your competitors.’”
The FBI included a copy of the July 26 email with documents in Britt’s court file. In it, Britt, posing as a spokesperson for a hacker group, told the CEO that his IT provider should have done a better job to protect them.
“By now you should realize you've been pwned, or hacked lulz (sic). If not, now you're aware,” Britt allegedly wrote, according to a screen shot of the email. “We used a form of the bluekeep malware to penetrate your servers as well as phishing user accounts. Your IT company should have done more to protect you and themselves. We were able to gather data from all customers, access email accounts, and other personal data, as well as change usernames and passwords. The data we hacked is important, we have social security numbers, bank account data, and proprietary data from the emails. This very unfortunate. Bright side is there is a way to fix this, we're requesting 1.5 BTC [bitcoin], which currently is worth $14722.51 (sic).”
Then, one of Chimera’s food manufacturing customers lost access to its website hosting services.
“He went in there and basically took over their GoDaddy account. He shut them out. We ended up having to go to another provider,” Alexander said. “He gave himself access to the owners and a bunch of their people’s email accounts and started going through it. Fortunately, we caught that in time to avert the damage. After that happened, I went back and started doing forensics and trying to see who, what, when and where, and it turns out it was him.”
Alexander said he fired Britt for on-the-job negligence and not following through with instructions.
After that, he got a call from ConnectWise altering him to a posting on the dark web that offered insider access to Chimera's customer data for $600.
“They reached out and said ‘Hey, we’ve seen some information on the dark web with your name and your clients. We’re trying to mitigate this,” Alexander said. “So yes. That was the second time that [Britt] tried. The first time we caught him. This was the second incident. What he did was, not knowingly, he sold it to the FBI. The FBI basically pretended to be a hacker and reached out to him and bought the information and then that’s when the Atlanta FBI agent reached out to us and said this is what we purchased.”
The FBI arrested Britt on January 17. At the time, Britt lived in a 1,000-square foot, tan, two-story, two-bedroom, townhome on Major Circle Drive in Augusta, Ga. According to a returned search warrant, the FBI seized a “hacking book,” a 128-gigabyte thumb drive, an HP laptop, an Acer laptop, and an Apple Macbook Pro, from the address.
For Alexander, word that Britt allegedly attempted to undermine his business was a blow both professionally and personally.
Alexander –a U.S. Army vet with six years of service – had tried to mentor Britt on a path toward a military career.
“I was telling him different ways to maneuver around the military. I told him to get a degree and go in as an officer,” said Alexander. “What really made me mad, after the fact, is he was doing all this while I’m giving this dude good advice, not knowing the whole time he’s in the middle of the night going in there doing dirt. He literally tried to put us out of business.”
When Alexander first met Britt, he was struck by the young man's high intelligence for technology, though he was a bit rough around the edges.
“He didn’t iron his clothes. He didn’t iron his shirt. It looked like he just jumped out of bed for lack of a better word,” Alexander said. “But he was smart. And he told me his parents worked for NASA. I don’t know how true that is.”
Alexander said on the strength of that conversation, Britt impressed him enough to win a job.
“He had great knowledge about the subject matter. We were sitting there basically just nerding out,” Alexander said. “We were talking about different technologies, and coding, because we write software as well. I could just tell he was a very smart guy.”
Alexander opened Chimera in 2013 and said he has developed a strong line of business through word of mouth and customer retention. Miraculously, he said, none of his customers have abandoned the business in the wake of the allegations against Britt.
“We don’t do any marketing or advertising. It's all referrals,” Alexander said. “We never over-price. We will lose a dollar to save a relationship. We’re just honest. A lot of companies would have hidden or run or not taken responsibility for this. That’s one thing that all of our customers will say, ‘If Chimera messed it up, they’ll come to us and say they messed it up.’ We’ll eat it. We’ll say ‘Don’t pay us for the next three months’ We’ll eat that. Mistakes happen. We have showed them that this will not happen again.”
In hindsight, Alexander said he wished he would have acted differently after first learning of Britt's hack into the pharmaceutical company.
“My team was like ‘Look. We need to prosecute. We need to go to the police.’ I was like ‘No. I don’t want the headache. I don’t want the stress.’ I told him ‘Don’t do it again,’" Alexander said. “He was young. I knew he didn’t have any direction. He did not know where he wanted to go. I was young once. I don’t know if I was that foolish, but I was young once and I just wanted him to have an opportunity to do something good. He didn’t take advantage of it. It is what it is.”