A Morris County man admitted his role in a sophisticated computer hacking scheme that targeted two companies in New Jersey and stole their data, U.S. Attorney Craig Carpenito announced.
According to Federal officials, Ankur Agarwal, 45, of Montville, pleaded guilty before U.S. District Judge Susan D. Wigenton in Newark federal court to an information charging him with two counts of obtaining information from computers and one count of aggravated identity theft.
According to documents filed in this case and statements made in court:
Agarwal admitted that beginning in February 2017 he physically trespassed onto a company’s premises in New Jersey (Company One) and illegally installed hardware key-logger devices onto the company’s computers.
The key-logger devices covertly recorded the keystrokes of the company’s employees and provided Agarwal with their usernames and passwords. Agarwal also surreptitiously installed his personal computer and a hard drive onto the company’s computer network.
Using the fraudulently obtained logon credentials, Agarwal hacked into the company’s computer network and targeted various employees, including employees developing an emerging technology.
Agarwal admitted that he stole, transferred, and exfiltrated Company One’s data and information, including its emerging technology. Agarwal also created a computer malicious code, which he installed onto the company’s computer systems and used to steal and transfer the date to himself.
Agarwal also admitted that he hacked into, targeted, and stole data and information from a second company in New Jersey (Company Two).
Using the same general scheme, Agarwal physically trespassed onto Company Two’s premises, illegally installed hardware key-logger devices onto the company’s computers, installed his personal computer and a hard drive onto the company’s computer network, and stole, transferred, and exfiltrated Company Two’s data and information, including an emerging technology that Company Two was developing.
Agarwal also obtained unauthorized access into an employee’s computer system and then fraudulently created an access badge for himself.
This fraudulently obtained access badge, bearing another individual’s name, allowed Agarwal to physically trespass onto Company Two’s premises.
The charges of obtaining information from computers from Company One and Company Two each carry a maximum potential penalty of five years in prison. The charge of aggravated identity theft carries a mandatory term of two years in prison, which must run consecutively to the other term of imprisonment imposed.
All three charges are punishable by a fine of $250,000, or twice the gross gain or loss from the offense.
Agarwal also consented to a forfeiture judgment requiring him to forfeit numerous computers, storage devices, and related equipment. Sentencing is scheduled for Jan. 28, 2019.
U.S. Attorney Carpenito credited special agents of the FBI’s Cyber Division, under the direction of Special Agent in Charge Gregory W. Ehrie in Newark, with the investigation leading to today’s guilty plea.