Ryan Fisher, 24, of Vernal, Utah, received a sentence of 24 months in prison to be followed by 36 months of supervised release for intentionally damaging a protected computer. U.S. District Judge Paul G. Cassell also ordered Fisher to pay $65,000 in restitution.
Fisher was charged on Feb. 15, 2006, in connection with the Feb. 28, 2005, attack that shut down Wi-Fi service to the customers of SBT Internet and UT1 Internet, which both provide service in and around Vernal, Utah. He pleaded guilty and was sentenced on Wednesday.
The attack cut off service for one woman who was waiting for an e-mail notifying her about the availability of an organ transplant that she required, according to prosecutors. Because of her critical status, her provider gave her priority status and restored her access within 24 hours.
"Had her medical providers sent her an e-mail notifying her of a suitable organ donor and had she not responded because of her lost Internet access, she might have lost her priority for an organ, thus potentially extending the period she would have to wait for another donor," wrote prosecutors in the indictment.
SBT Internet hired Fisher in the fall of 2004 as a contractor to help install and support wireless networks. The company trained Fisher and provided him administrator-level access to its networks. They also gave him passwords and encryption keys for customers' access points, as well as for the computer that controlled the company's radio towers that transmit Wi-Fi signals to its users.
Fisher reportedly stopped working at SBT in February 2005 because of a "disagreement about some financial and business issues," according to the indictment.
After he left SBT, he went to work for Internet Works, a competing service provider in the same area. He then bought the company and changed its name to East Basin Internet.
According to the government, Fisher admitted he used an administrative password to break into SBT's network on Feb. 28, 2005. Once in the network, he planted malicious code that directed the radio tower computer to cut off Wi-Fi service to the company's users.
The malicious code also locked SBT out of its own network so the damage couldn't be repaired by the normal process of remotely reconfiguring the access points from the company's office. This forced SBT's executives to send technicians to the homes or businesses of every single subscriber. Some users were down for less than a day while others were out of service for up to three weeks, according to the indictment.
Fisher's malicious code also was designed to force SBT's equipment to repeatedly broadcast radio signals that would interfere with the signals of UT1 Internet and its customers. Both companies reported spending at least $5,000 each to discover what was causing the outages and get service back up.
In total, more than 170 customers lost Internet service. The attack reportedly caused more than $65,000 in damages.