When it comes to school lunch, you’ve got choices.
You can get 1) the French toast sticks, 2) the baked fish sandwich with lettuce and tomato, or 3) to be a ruthless school concession tycoon who hacks into your competition, rips off student data, and tries to anonymously frame them for having crappy security.
Keith Wesley Cosbey, the chief financial officer of a Bay Area company in the student lunch business called Choicelunch, was arrested in April on two felony counts of allegedly choosing menu item No. 3. Or, in legal terms, for “illegal acquisition of student data” from the website of Choicelunch’s archrival, The LunchMaster, of San Carlos, California.
Vishal Jangla, the San Mateo County deputy district attorney, says that Cosbey, 40, is looking at more than three years in prison if he’s convicted of charges of hacking into The LunchMaster’s site to get data about hundreds of students, including their names, their meal preferences, information about allergies, their grades, and more, according to the San Francisco Chronicle.
Cosbey’s been charged with unlawful computer access and fraud, as well as identity theft. Jangla said he hasn’t encountered anybody at the executive level who’s pulled something like this:
Someone who’s an executive, that’s surprising. It’s a first for me.
Cosbey’s accused of not just hacking the data, but also sending it anonymously to the California Department of Education and claiming that The LunchMaster wasn’t appropriately protecting student privacy.
Cosbey hasn’t responded to media inquiries looking for a comment, but Choicelunch provided this statement:
Choicelunch is aware of the allegations and is awaiting more information before we can make a substantive comment. In its 15-year history serving California schools, Choicelunch has always endeavored to provide excellent service to its school lunch customers and will continue to do so while we await resolution of this matter.
Forks and drawn knives
The rivalry between the two lunch companies is no petty squabble. The $15 billion industry involves feeding kids 4.9 billion school lunches annually, according to FoodCorps. It’s a complex business, too: it involves navigating state and federal regulations and reporting requirements, planning menus, negotiating contracts with food distributors, hiring and managing staff, running the daily cafeteria operations, and collaborating with custodial and administrative staff, as FoodCorps tells it. It all differs from district to district, and all those lunches have to ring in at around $1.19 each.
So yes, competition is fierce as companies vie for multimillion-dollar contracts, but there’s also a most particularly fierce history between Choicelunch and The LunchMaster. As the SF Chronicle tells it, in 2014, Choicelunch sued The LunchMaster’s parent company, Nob Hill Catering, over alleged copyright infringement in its online ordering system.
It won. Choicelunch succeeded in getting Amazon Web Services to yank The LunchMaster’s website. That tasted pretty good, so it went in for a second helping, seeking to get the replacement site pulled, too.
“Please, sir, may I have another?” didn’t work out too well for Choicelunch, though: a federal judge slapped down the request and chewed out Choicelunch for overly broad interpretation of copyright laws. LunchMaster’s second website survived.
The Chronicle quoted Ted Giouzelis, founder of The LunchMaster:
We try to serve school lunches, but it’s so complicated sometimes.
The telltale IP address
The hacking is a whole ‘nuther nut ball, though. Giouzelis said that the Department of Education confronted the company about the security concerns, and that’s how it learned about the hack. Staff managed to find the breach and trace it back to an IP address in Danville – that’s where Choicelunch is located – among other locations.
An investigation suggested that the hacker ran an automated program that bombarded the site and revealed the students’ information at one school. The LunchMaster contacted the FBI and the county sheriff in April 2018. Cosbey was arrested following a year-long investigation. He’s now out on $125,000 bond and is due back in court on 22 May.
He went to the extreme this time. It’s ruthless.
Source : Naked Security