“Admin from Hell” holds company to ransom with porn makeover

You might not be aware of a porn site titled teen[sexual orientation][bodypart].com.

You most certainly don’t want to discover that site when you type in your company’s URL and get redirected to teen[sexual orientation][bodypart].com… all thanks to refusing to pay a $10,000 ransom to an IT admin contractor from Hell.

The IT admin is Tavis Tso, a 40-year-old Arizona man who’s confessed to lying to a client company in Phoenix, telling them he didn’t have the login information for their account with the registrar GoDaddy (likely for domain name or hosting).

Tso had renewed the company’s GoDaddy account in 2011. In May 2015, the company wanted to update its contact details with the domain registrar. Can’t help, Tso said; I don’t have the login anymore.

Fibber. He did have the login.

He just didn’t want to give it to them, instead changing the contact information in the GoDaddy account so he could defraud the company, Tso said in a plea deal. Then, he went ahead and set up his own account with Microsoft to take over the company’s domain.

This all went down between May and June 2015.

Sophos Home

Free home computer security software for all the family

Learn More

By tweaking the account, Tso made it so the company’s employees couldn’t use their email accounts. At first, he redirected the company’s homepage to a blank page. Then, he offered to make it all better… in exchange for a cool $10,000 for returning everything to normal.

No dice, the company said. After the company refused to pay the ransom, Tso redirected the company’s homepage to the porn site. Visitors to the company’s website were redirected for several days, during which they found themselves looking at teen something-something, before the company’s homepage was returned to normal.

According to a release from the Arizona US Attorney’s Office, Tso was sentenced on Monday to four years of probation and an order to pay $9,145 in restitution after having pleaded guilty to one count of wire fraud.

And just how did this young extortionist IT admin from Hell escape jail time? According to the sentencing memorandum, posted courtesy of Ars Technica, assistant US Attorney Matthew Binford said that the crime, committed by Tso when he was 39, was apparently out of character: a “one-time lapse.”

Given the fact that this appears to be a one-time lapse in judgment, a term of probation is the best way to address the seriousness of this offense, while affording adequate deterrence to future criminal conduct and protecting the public from future crimes.

How to keep your domain from redirecting to What the (*&^?!

As we’ve advised in the past, a sound course of action in dealing with security breaches, be they from malicious insiders, insiders who make mistakes or contractors, is to have an incident-handling plan in place before a breach takes place, rather than after.

For example, a good incident-handling plan includes things such as the distribution of call cards, which could help in the event that normal communications are held hostage by a malicious insider who disrupts access to the LAN so that nobody can find anyone else’s phone number and email.

Knowing how to report crimes and engage law enforcement can also be important.

Naked Security has published a series of quick guides on reporting computer crimes that should help your organization find out who to contact if you need them.