Ex-Hawaii IT manager receives probation for computer network hijacking

A former IT Administrator at Finance Insurance Ltd. was sentenced to three years of federal probation on Monday after admitting to illegally accessing the company’s network and barring employees from core functions.

Federal prosecutors asked a judge to sentence Casey K. Umetsu Sr., 40, to between 30 and 37 months in prison under US sentencing guidelines after his week-long siege of the company’s computer network resulted in a loss of between $95,000 and $150,000 Had led.

Umetsu’s attorney, Assistant Federal Defense Attorney Jacquelyn T. Esser, asked for two years’ probation.

Umetsu has pleaded guilty to a single charge of intentionally damaging a protected computer under an agreement with the government. He faced up to 10 years in prison and a $250,000 fine.

U.S. District Judge Jill A. Otake granted a three-year federal suspended sentence and barred Umetsu from any direct or indirect third-party contact with the President, Vice President, or former supervisor of the defendant, identified in court documents as “FK,” of Finanzversicherung AG

In a letter to Otake filed Jan. 24, Umetsu wrote that he is “remorseful for the damage done to Finance Insurance, Finance Factors, its employees and customers.”

“A lot of people were affected. Confusion, anger, panic, frustration, and concern are some of the emotions or feelings that the people involved may have experienced. These are things we need less of in our lives. I regret the extra work that has been done to everyone involved and all the unnecessary burden/stress that has resulted. I am ashamed. There are no words that can express the shame felt,” Umetsu wrote. “I take responsibility for the damage that has been done. Computers should always be used for good, not evil, regardless of the circumstances. There is no excuse that could justify harm. No one forced me to do anything and I take responsibility for any resulting damage.”

Assistant US Attorney Wayne A. Myers, who is prosecuting the case for the government, declined to comment. A spokesman for Finance Insurance Ltd. declined to comment.

Umetsu resigned from financial insurance on August 16, 2019, following an incident involving an “employee’s compensation claim and insurance default that resulted in the interruption of medical treatment” and a second incident allegedly involving sexual “harassment and bullying” in the workplace concerned. “, it says in a judgment note from Esser.

Umetsu was a Senior Information System Technologist at Finance Insurance and was responsible for a variety of duties including managing the computer network, domain, website and computer servers; hardware and software upgrade monitoring; Cooperation with external providers; and assisting employees with general computing and technology issues under an agreement filed September 28.

A day after leaving the company, Umetsu logged into Finance Insurance Network Solutions’ account, which allowed him to change domain routing settings and update contact and payment information.

Using an Internet connection from his home in Honolulu, Umetsu accessed Network Solutions’ website and used Finance Insurance’s unique “user ID” and password to log into the portal.

After gaining access to the portal, the defendant “then made numerous unauthorized changes” to the Network Solutions account. Umetsu changed the customer’s company name from Finance Insurance to Honolulu Disposal Service.

He changed the customer’s email contact to a Gmail account he controlled; changed the customer phone number to his personal cell phone number; changed the password required to access Finance Insurance’s account through the Network Solutions portal; and changed the primary contact name to “Supah Dung”.

Umetsu changed the Domain Name System settings for Finance Insurance’s domain so that “inbound web and email traffic destined for Finance Insurance’s domain” from IP addresses associated with the company were redirected to IP addresses not associated with the company. This resulted in “prospective visitors being unable to access Finance Insurance’s website” and company employees being unable to send or receive emails.

Umetsu also sent fake emails allegedly from “management” across the company and deleted all of the company’s Microsoft Office accounts.

When a company employee attempted to use a personal email address to regain control of the Network Solutions platform, Umetsu started a dispute and locked everyone out until it could be resolved.

Umetsu went so far as to “suggest his previous employer that he was not responsible for the attacks, while offering to help them identify the culprit and repair the damage he caused,” according to one of Myers’ written opinion.

Umetsu’s crime, “regardless of what motivated it,” was an extremely “serious crime that caused disaster for a sophisticated corporation that employs many members of the community and provides even more important services,” Myers wrote.

“During the course of the week-long criminal escapade, the defendant had numerous opportunities to calm down, reconsider his actions and stop sabotaging his former employer. But he didn’t,” Myers wrote. Rather, he continued to invent and carry out new methods of wreaking havoc, many of which he was only able to successfully carry out because of the trust placed in him by his former employer (and former colleagues, who incidentally withstood the defendant’s worst actions). “