Sometimes when you go fishing, the fish bites you back.
That might be the painful lesson for oil and gas jobs guru David Kent, arrested in Houston Wednesday on conspiracy and fraud charges. A criminal complaint reveals that the case against Kent was set in motion more than two years ago. That's when DHI Group Inc., which had bought Kent's website, Rigzone, became worried that the site had been breached and set a trap for the hacker using two phony customer accounts as bait.
Authorities claim that Kent, who now runs the employment networking site Oilpro, allegedly hacked into Rigzone's site and stole resume information from more than 700,000 customer accounts.
The complaint details how Kent aggressively worked to get jobs website operator DHI Group to purchase Oilpro for up to $20 million after he allegedly boosted Oilpro's customer base through hacking attacks on Rigzone, all while claiming that Oilpro had "increased its membership through standard marketing methods."
The complaint, which was filed in Manhattan federal court in New York, said that more than 111,000 accounts that were hacked on Rigzone ended up on Oilpro.
Kent's lawyer, Dan Cogdell, did not return a request for comment.
Oilpro's website was not functioning Thursday. Visitors were greeted with the message, "Oilpro is temporarily unavailable. The website will be back online soon, and we apologize for any inconvenience from the outage over the past day or so."
Kent, 40, founded Rigzone in 2000. He sold the site to DHI Group in 2010 for what ended up being about $51 million. Kent served as Rigzone's president after the sale for about a year, but he left the site in September 2011. A non-compete agreement he signed with DHI kept him out of the oil and gas jobs networking business for two more years, the complaint said.
Kent started Houston-based Oilpro in October 2013, after the noncompete expired. Oilpro's employees eventually included a person, identified only as "Co-Conspirator 1" in the complaint, "who previously worked for" Rigzone, the complaint said. That co-conspirator accessed Rigzone's Google Analytics account without authorization "and forwarded the information to Kent," the complaint said.
DHI Group apparently first became suspicious that Oilpro might be accessing Rigzone's customer information in early 2014. On Feb. 26 of that year, the complaint said, a member on Rigzone contacted the site's customer support line and reported receiving "an email solicitation from" Oilpro "even though [the member] had never provided any information in the past to Oilpro," the complaint said.
DHI Group then planted "two fictitious member accounts" in its user database "to determine if the members database was being accessed improperly," according to the complaint.
Soon afterward, on April 14, 2014, the email addresses associated with those bogus accounts were contacted by an employee from Oilpro who solicited the Rigzone members "to create profiles on Oilpro," the complaint said.
More than a year later, the complaint said, an employee of DHI Group who began creating a Rigzone member profile "reported receiving an email solicitation from Oilpro," the complaint said. The complaint noted that the DHI Group employee's information "was never published in the" Rigzone member database because the profile was incomplete.
The complaint later details that between Oct. 17, 2013, and April 15, 2014, there were about 100,000 "suspicious hypertext transport protocol (HTTP) requests" made to Rigzone's members database, which an FBI agent noted strongly suggested cases of automated hacking.
That first wave of hacks ended up giving unauthorized access to about 96,000 Rigzone resumes, the complaint said.
"Following the first round of hacks, web traffic to Oilpro increased dramatically and appears to correlate with the severity of the intrusions into" Rigzone, the complaint said. "Additionally, thousands of [Rigzone] members affected by the first round of hacks created profiles on Oilpro."
A second, much bigger wave of alleged hacks occurred between mid-June 2015 and early August 2015, when about 750,000 "suspicious HTTP requests were made to the" Rigzone database, the complaint said.
Kent was in federal court in Houston on Wednesday. He was released on a $250,000 bond secured by $25,000. Kent surrendered his passport and pilot's license and was ordered to have no contact with potential witnesses, victims or co-defendants, including Oilpro employees, according to the Manhattan U.S. Attorney's Office.
Michael Durney, president and CEO of DHI Group, said, "In early 2014 we detected unauthorized access to certain of our proprietary information in our Rigzone member database. The intrusions made to our database were contained to a backdoor entrance and, upon discovery, we launched an internal investigation, contacted the FBI and took steps to ensure that no further information was taken."
"The FBI launched its own investigation, which is ongoing," Durney said. "We have been and continue to be in full cooperation with governmental authorities. Only resume profile information was accessed; at no time was personally identifiable information compromised. The protection of our members' data is of the utmost importance to us and we continue to take serious measures to ensure our members' information is secure."