IT admin pleads guilty to hacking into and spying on New Jersey mayor's email

Filed Under: Data loss, Featured, Law & order

CCTV looking at a laptop. Image from ShutterstockThe former IT administrator for the US city of Hoboken, New Jersey, pleaded guilty on Tuesday to hacking into email accounts to spy on the mayor and other staff.

Patrick Ricciardi, 46, formerly the chief IT officer for the office of Mayor Dawn Zimmer, was charged on three counts, according to court documents:

  • Accessing a computer without authorization,
  • Intercepting wire and electronics communications, and
  • Disclosure of wire and electronic communications to a third party.

Ricciardi's admitted hacking was one manifestation of how the mayor's office suffered from bitterly divided political factions, as noted in the official complaint filed [PDF].

Zimmer stepped into her job as acting mayor in 2009 after winning a special election to replace Hoboken mayor Peter Cammarano, who was arrested on federal corruption charges.

(On the close-but-no-cigar corruption meter, note that this is not Felix Roque, former mayor of West New York, N.J., who was arrested last May with his son for allegedly hacking into a site that criticized his administration and for intimidating individuals associated with it.)

(However, if you're thinking, "New Jersey, seriously, what's up?" Then yes, I'm with you.)

The FBI's investigation found that many of the city's elected officials maintained strong ties to Cammarano's administration or were otherwise opposed to Zimmer, to whom they shoveled out grief and impediment on matters large and small.

The schism was reflected in comments on city-related blog postings. It was also reflected in leaks of confidential information, which caused the mayor's office to initiate a security audit.

Excerpt from the official complaint [PDF]:

US vs Ricciardi, Patrick - Complaint

The audit turned up an archive, located on Ricciardi's computer, of all emails sent to or received by Zimmer's account.

When interviewed by the FBI, Ricciardi admitted to configuring the archive file so that it would automatically collect all emails sent to the mayor and two high-ranking city employees.

He then forwarded those emails to three city officials, one of whom printed out a supposedly confidential email and laid it on the mayor's desk.

Ricciardi intercepted the email so that he could "spy" on the Mayor and her employees, he said, and determine whether his job was secure.

US vs Ricciardi, Patrick - Complaint

Apparently, breaking federal law to find out if your job is secure is not a good way to ensure that your job remains secure.

Ricciardi is scheduled to be sentenced on July 1, 2013, before U.S. District Judge Esther Salas in Newark federal court.

Each of the three counts carries a maximum potential penalty of five years in prison and a $250,000 fine.


Image credit: Shutterstock

, , , , , , ,

You might like

9 Responses to IT admin pleads guilty to hacking into and spying on New Jersey mayor's email

  1. Matt Hazz · 549 days ago

    If you are the IT admin you didn't hack into anything. I would love to know how they got a conviction on "Accessing a computer without authorization," since he was the admin he arguably had authorized access to everything!

    • Yeah, that's correct. But then again, I believe it's expected that IT admins have a high sense of integrity & ethics, thus automatically would mean that you won't mis-use your power as an IT admin

    • Rich Beyer · 546 days ago

      No doubt about it, he broke the law big time.

      He violated 18 USC § 2511 on the interception of wire and electronic communications as well as the disclosure of such communications to a third party.

      No, he is not "authorized" to access electronics communications unless it is for legitimate troubleshooting purposes or it is accidental or incidental to his duties. This is covered under 18 USC § 1030 in that he "exceeded" his authorization.

      Although he probably did have authorization to back-up or archive the emails under his duites to protect the integrity of the computer systems, that authorization would not normally extend to reading the emails and certainly not to disseminate the content without the permission of either the sender or recipient.

      I hope that clears up your confusion over the charges and conviction. Banners and policies do not trump the statutes when it comes to government systems.

    • Wolf_Star · 546 days ago

      Just because someone HAS authorized access doesn't automatically mean they need to USE that access in their day-to-day work. The sooner people like Mr. Ricciardi are weeded out, the better for all of the rest of us in IT who believe in integrity, honestry, responsibility and accountability.

  2. Mike · 549 days ago

    Not sure this counts as "hacking"

  3. Anon · 549 days ago

    It depends on their disclaimer and policies in place

  4. Bob Newhart · 549 days ago

    He did "hack" into the system and acted as a malicious insider. He accessed the system and manipulated it without authorization and leaked sensitive data with the intent to benefit from it financially. To say that he wasn't hacking because he is an admin is like saying well the cashier that stole your identity didn't steal it because you authorized them to use your card for a transaction.

  5. Freida Gray · 549 days ago

    Makes you wonder what happened to asking.Why didn't he ask to access the e-mails or ask about his job security?

  6. Mick A · 546 days ago

    This is what happens when duties aren't properly segregated. He shouldn't have had free reign to do this...

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.