A New Jersey man has been sentenced to 94 months in prison for his role in a sophisticated computer hacking scheme that targeted two companies in the state. Ankur Agarwal, 45, of Montville, previously pleaded guilty in Newark federal court to two counts of obtaining information from computers and one count of aggravated identity theft, according to a Department of Justice press release. Agarwal also was sentenced to three years of supervised release and ordered to pay a fine of $25,000.
Citing documents filed in the case and statements made in court, the DOJ press release said Agarwal admitted that beginning in February 2017 he physically trespassed onto a Texas-based tech company’s New Jersey premises (Company One) and illegally installed hardware key-logger devices onto the company’s computers.
“The key-logger devices covertly recorded the keystrokes of the company’s employees and provided Agarwal with their usernames and passwords,” the press release said. He also surreptitiously installed his personal computer and a hard drive onto the company’s computer network. “Using the fraudulently obtained logon credentials, Agarwal hacked into the company’s computer network and targeted various employees, including employees developing an emerging technology,” according to the press release.
Agarwal admitted to stealing, transferring and exfiltrating Company One’s data and information, including its emerging technology. He also created a computer malicious code, which he installed onto the company’s computer systems and used to steal and transfer the data to himself.
Similarly, Agarwal also admitted that he hacked into, targeted, and stole data and information from a second company in New Jersey (Company Two). “Using the same general scheme, Agarwal physically trespassed onto Company Two’s premises, illegally installed hardware key-logger devices onto the company’s computers, installed his personal computer and a hard drive onto the company’s computer network, and stole, transferred, and exfiltrated Company Two’s data and information, including an emerging technology that Company Two was developing,” the press release said.
He also obtained unauthorized access into an employee’s computer system and then fraudulently created an access badge for himself, which allowed him to physically trespass onto Company Two’s premises. He also consented to a forfeiture judgment requiring him to forfeit numerous computers, storage devices, and related equipment.