1. Business

Websites vanish, tipping St. Petersburg business to crime from the inside

David Scott, owner of St. Petersburg-based web design firm Cosmic Digital Design, cut ties with a contract worker in March. Later that day, he discovered, someone had deleted 13 websites the company built, costing Cosmic Digitial $277,000 in lost product. [LARA CERRI   |  Times]
David Scott, owner of St. Petersburg-based web design firm Cosmic Digital Design, cut ties with a contract worker in March. Later that day, he discovered, someone had deleted 13 websites the company built, costing Cosmic Digitial $277,000 in lost product. [LARA CERRI | Times]
Published Nov. 23, 2017

ST. PETERSBURG — David Scott decided he had to cut ties with one of his contract workers.

A Web developer, the man was proving unreliable, said Scott, owner of the small St. Petersburg-based Web design and marketing company Cosmic Digital Design. Scott delivered the news in March.

Within hours, sites that Cosmic Digital had designed for client companies began disappearing from the Web. Somebody had logged into the servers remotely and deleted files. It cost Cosmic about $277,000 in lost product.

Scott feared he might be the victim of an inside hit — a modern scourge that's real and growing for businesses large and small as they come to rely more heavily on information technology.

"It was a pretty devastating attack," Scott said. "We weren't prepared for something like this."

• • •

Before the attack, security was low on Scott's priority list. Visual art and design have always been his passion.

He worked as an illustrator after graduating from Southern Methodist University in Dallas, then went to Bermuda for a few years to work at a friend's graphic design firm. He settled in the Tampa Bay area and opened Cosmic Digital Design in 2007, with an eye on getting a slice of the investments companies were making in their websites.

By 2017, more than half of Cosmic Digital's business was Web-based design, Scott said. So he hired contract Web developers to do what he couldn't. One of them was Ivan Marik, who came aboard in late 2015.

"Essentially he was in charge of making sure all the websites functioned the way they're supposed to," Scott said.

Scott was the artist, while Marik was supposed to turn his visuals into a working website.

Marik was loyal and dedicated, always in the office to address problems as they arose and answer any questions.

"He did a pretty good job," Scott said. "I was pretty happy with him."

• • •

Things went downhill at the beginning of 2017, Scott said.

Marik wasn't coming in regularly any longer. He'd say he was sick or had family issues, but Scott didn't feel it was his place to pry. What mattered to him, he said, was that Marik was missing deadlines.

Things came to a head when Marik was building a website for one of Cosmic Digital's larger client companies. The client wasn't happy with the work, Scott said. He told Marik they needed to go in a different direction but Marik resisted, so Scott took him off the project, he said.

The work had represented the bulk of Marik's responsibilities. Afterward, Scott said, he couldn't afford to keep Marik around.

"I had to make a decision and let him go."

Scott declined to describe their March 16 conversation.

"What I will say is the news didn't go over very well with him," he said.

• • •

That was 2 p.m.

Around 5 p.m., Scott was on the phone with one of his clients and he tried to pull up the client's website. But all that would load was a blank screen. So he checked another site, and found the same thing. And another, and another.

"Then panic set in," Scott said, "and I realized at that point in time what had happened."

In all, 13 of the company's sites had been deleted. Scott had backups for about half, but the ones that couldn't immediately be recovered included three of his biggest clients.

Scott checked his server logs first thing the next morning and identified the unique IP address he believed was responsible for the hack. He contacted St. Petersburg police who, due to the technical nature of the investigation, referred it to the Florida Department of Law Enforcement.

FDLE investigators linked the IP address to Marik, and they arrested him Nov. 1.

Marik, contacted by the Tampa Bay Times after he posted bail, denied that he accessed Cosmic Digital's servers and deleted files.

"I don't know what you're talking about," Marik said by phone. "I have nothing to say about that. This is an ongoing case and I'm not going to discuss any of that crap."

Scott stands by his story.

"I have his digital footprint," Scott said. "I have his IP address showing he accessed the website servers at that particular time. And the server logs do show that that IP address deleted files."

• • •

Afterward, Scott was able to rebuild the sites he had lost.

"We've basically recovered from it, but it did cost us some relationships," he said.

The episode highlights an all-too-common problem. On average, successful insider attacks cost companies about $445,000, according to a 2015 study referenced by a Carnegie Mellon University report. With an average of 3.8 insider attacks per year, the cost to a company can reach $1.7 million, the report said.

Even Twitter, valued at more than $15 billion, fell victim to an insider attack this month when a contractor who was leaving the company disabled President Donald Trump's account.

Since the attack on Scott's company, he installed firewalls on all his websites. And he won't work with developers who require certain administrative privileges on his servers.

Security strategies vary by industry and company, but there are easy ways businesses can defend themselves from those on the inside. One is establishing a protocol to share network access with new employees and revoke it from departing employees, said FDLE Special Agent Corey Monaghan, who specializes in crimes that involve network intrusion and investigated Cosmic Digital's case.

Another is to ensure all employees have their own logon credentials and to encourage strong passwords, so internal leaks or breaches can be traced to one person, Monaghan said.

And because many people who commit insider attacks are unhappy on the job, Monaghan said, information technology departments at larger companies should work closely with human resources to identify disgruntled employees and, if necessary, pay extra attention to their network activity.

Scott called his experience "a cautionary tale." Cosmic Digital wasn't ready for an insider attack.

"It is now," he said. "If you're going to dabble in website design, you've got to pay attention to security."

Contact Josh Solomon at or (813) 909-4613. Follow @ByJoshSolomon.


  1. Hyde House in Hyde Park Village on Tuesday, Feb. 25, 2020 in Tampa.  [MARTHA ASENCIO-RHINE  |  Times]
  2. FILE - In this Dec. 16, 2019, file photo, Disney CEO Robert Iger arrives at the world premiere of "Star Wars: The Rise of Skywalker", in Los Angeles  The Walt Disney Co. has named Bob Chapek CEO, replacing Bob Iger, effective immediately, the company announced Tuesday, Feb. 25, 2020.  (Jordan Strauss/Invision/AP, FIle) [JORDAN STRAUSS  |  Jordan Strauss/Invision/AP]
  3. In this June 17, 2019, file photo, a cashier displays a packet of tobacco-flavored Juul pods at a store in San Francisco. Investigators from 39 states will look into the marketing and sales of vaping products by Juul Labs, including whether the company targeted youths and made misleading claims about nicotine content in its devices, officials announced Tuesday. Juul released a statement saying it has halted television, print and digital advertising and eliminated most flavors in response to concerns by government officials and others.  (AP Photo/Samantha Maldonado, File) [SAMANTHA MALDONADO  |  AP]
  4. St. Petersburg-based Jabil said Tuesday it's projecting that the spread of the coronavirus will hurt its second-quarter performance. [Handout photo]
  5. The future site of Green Light Cinema at 221 Second Ave on Monday, Feb. 24, 2020 in St. Petersburg. The art house theater will be nestled between Pour Taproom and 2nd & Second. [MARTHA ASENCIO-RHINE  |  Times]
  6. Keesha Benson is director of Thrive By Five Pinellas for the Early Learning Coalition of Pinellas. (Early Learning Coalition of Pinellas photo) [Early Learning Coalition of Pinellas County]
  7. The H. Lee Moffitt Cancer Center & Research Institute purchased 775 acres in central Pasco County for a planned expansion. TIMES [VYCELLIX, A SWEDISH CANCER THERAPY RESEARCH COMPANY, IS SETTING UP ITS U.S. HEADQUARTERS NEAR THE H. LEE MOFFITT CANCER CENTER & RESEARCH INSTITUTE IN TAMPA. (TIMES FILES]
  8. Trader Gregory Rowe works on the floor of the New York Stock Exchange, Monday. Stocks are opening sharply lower on Wall Street, pushing the Dow Jones Industrial Average down more than 700 points, as virus cases spread beyond China, threatening to disrupt the global economy. (AP Photo/Richard Drew) [RICHARD DREW  |  AP]
  9. [Getty Images] [Getty Images]
  10. Tampa Bay Lightning owner Jeff Vinik  [Times staff]
  11. The empty property is home to cattle and egrets, but neighbors fear the new occupants — owners of 218 proposed town homes near Lake Thomas in Land O' Lakes. [C.T. BOWEN  |  Tampa Bay Times]
  12. A "for sale" sign beckons Friday along Sixth Avenue N in the Kenwood area of St. Petersburg. [CHRIS URSO  |  Times]