Califorina Hacker Extorts Luxury Car Maker Maserati

September 24th, 2008 • RelatedFiled Under

Network SecurityA resident of Solana Beach, Calif., has been charged with stealing customer data from luxury car seller Maserati North America Inc. and then trying to extort money from the company by threatening to publicly disclose the details of the system intrusion.

Bruce Mengler was arraigned Monday on five charges, including extortion and illegally accessing a protected computer. He pleaded not guilty to the charges and is scheduled to appear for another hearing in U.S. District Court for the Southern District of California late next month.

Court papers filed by prosecutors in connection with the case allege that Mengler accessed data about Maserati North America customers in March by using an automated program to guess PINs that the company provided to customers for logging into a promotional Web site. Once his program successfully identified a PIN, prosecutors claim, he would use it to log into the Web site and then download the customer data associated with that PIN, basically consisting of a person’s name and address.

Next, Mengler tried to extort money from Maserati North America in exchange for his silence about the data breach, according to the court documents. Prosecutors said that in an e-mail sent to officials at the Englewood Cliffs, N.J.-based company two days after he stole the data, Mengler told them that he had “mined” the Web site and downloaded the names and addresses of most of Maserati’s customers in the San Diego area.

“Would you like this lack of security & privacy to become public knowledge?” Mengler is alleged to have asked in his e-mail. “If you would like to buy my silence, make me an offer I can’t refuse.”In other e-mails, Mengler threatened to “blast” the information that he had obtained to media organizations around the country if he wasn’t paid off and wondered whether the company’s “brain dead web implementation” had been corrected. He boasted that he had more than 2,600 customer records and threatened to make them available to Maserati’s competitors.

“What dollar amount is each name worth to Maserati to not be released to the public?” Mengler asked in one of his messages, according to the court filings.

Maserati North America officials didn’t immediately return a call seeking comment about the incident and Mengler’s arraignment.

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.

Popularity: 23% [?]

There Are 5 Responses So Far. »

  1. Comment by Mike Smith on 24 September 2008:

    So I take it they didn’t pay him off? and now, the news is public. Dumb people should not run big corporate websites or anything tech related. They need to pay the money need to hire a smart team of people, in my opinion.

  2. Comment by Drew and not u on 24 September 2008:

    Yes, a smart team of people, they’ll take care of anything!!!

  3. Comment by Free Back Links on 24 September 2008:

    Wow he is retarded, okay maybe if he had done this to a bank or something it would have worked. Seriously like a car maker is going to be threatened by that? Worst case scenario they spend the money to make their site hacker safe (their are several certified companies) and then release the info to their customers telling them the breach was minimal all data was recovered and they took steps to prevent further intrusions.

    Now a bank couldn’t do that…(stupid hacker)….

  4. Comment by Pedant on 24 September 2008:

    Not entirely sure where Califorina is.

  5. Comment by admin on 24 September 2008:

    @Pedant: It is located in the USA.
    @Mike: I agree, a lot of these large companies do not realize how important security is.

Post a Response

By submitting a comment here you grant this site a perpetual license to reproduce your words and name/web site in attribution.