Ex-employee jailed after targeting Marden firm Water Wellbeing in revenge cyber-attack which put 150 jobs at risk
Published: 06:00, 13 July 2021
Updated: 15:32, 13 July 2021
A Marden-based company was almost brought to its knees after being targeted in a "vicious, revenge" cyber-attack.
The computers of Water Wellbeing were hacked and bosses were blackmailed - as 150 jobs were put at risk, a judge has heard.
Now "disgruntled ex-employee" Nicholas Creevy, 32, has been jailed for two-and-half-years after admitting demanding 75 Bitcoins with menaces, hacking company computers and diverting wages into his pocket.
The judge, Recorder David Jeremy QC told him they were "vindictive" crimes which had inflicted "cruelty" on many innocent people.
He added: "You are not a bad man but you were consumed by your sense of being wronged. These were sophisticated crimes."
The judge said Creevy was a narcissist who had put his desires for revenge above the harm and damage caused to the company and its employees.
Maidstone Crown Court heard how he "wreaked havoc" after his sacking - even though he was planning to take Water Wellbeing to an industrial tribunal.
Prosecutor Sam Trefgarne told how in 2018, Creevy worked as a delivery driver for Water Wellbeing, which is based in Kent and supplies water to businesses around the country.
"In August he was dismissed as a result of poor attendance and a poor attitude. He had a close friend, Michael Hennessey, 32, of north London, who worked in IT.
"He encouraged Creevy in gaining access to Water Wellbeing's computer system, which allowed Creevy to obtain goods without authorisation and using its accounts."
Hennessy, who admitted helping in the fraud and received an 18 month jail sentence suspended for 18 months and was ordered to carry out 180 hours of unpaid work for the community, will also have to pay £5,000 in compensation to the firm.
Between November 2018 and April the following year, Creevy, acting alone, blackmailed the company by mounting a cyber-attack on the company's server and website and then demanding money.
"This was a ransom of the company by electronic means, done to cause disruption and misery but the prosecution accepts that Hennessy played no part in encouraging that, " added Mr Trefgarne.
Creevy, from Luton, Bedfordshire, demanded 75 Bitcoins in cryptocurrency- worth at the time £140,000 - and also opened a bank account in the name of a senior executive and then opened an account with online casino 888UK.
He also used another employee's name to order goods through Amazon including a number of camera lenses, a drone, a camera body, a Nintendo switch including a Mario Kart 8 deluxe console; Apple ipads and card readers.
Creevy later told police he ordered the goods from Amazon and sold some of them on eBay to help him in a "photographic career as a photographer."
The court heard how the loss to the company, which is based in Pattenden Lane, Marden, was £9,529, with other "indirect" losses estimated at £5,600.
Mr Trefgarne added that the impact on its business could be up to £250,000.
A company statement, from victim Michael Beaumont, the group's facilities manager, said the attack could have cost 150 workers their jobs.
He added: "This was a vicious and prolonged attack over a two-to-three week period and could quite easily have caused us to cease trading."
Mr Beaumont said it had caused his staff "anguish, mental stress and sleepless nights."
But defence barrister Amy Hazelwood said Creevy had not made "a single penny" out of his illegal criminal behaviour, "and there was no money he was expecting to make, and the blackmail was just wishful thinking"
"This was a vicious and prolonged attack over a two-to-three week period and could quite easily have caused us to cease trading..."
She added that he was a "disgruntled ex-employee who had been dismissed from his job.
Kevin Barry for Hennessey, said his involvement in the incident stopped before Creevy carried out his revenge and had started out as a "flippant" comment and he regrets the damage caused to the company.
Creevy admitted 20 offences, including committing "an unauthorised act intending to impair the company's computer" by using malware called Memz which caused data to be deleted.
He also pleaded guilty to another charge of hijacking the company's internet domains.
The charges also involve him claiming to be "Benjamin McGannan" to open an account with Fineco Bank and claiming to be "Michael Beaumont" to open a gambling account with 888UK.
He also admitted that between January 1 and February 22, he defrauded Barry McGannon and Simon Elgar by claiming their salaries.
For information on how we can report on court proceedings, click here.
Read more: All the latest news from Weald
More by this author
Paul Hooper