Employee Revenge: Corporations Lose Millions to Internal Data Theft

[InfoSec News <isn () c4i org>]

Forwarded from: "eric wolbrom, CISSP" <eric () shtech net>

http://abcnews.go.com/sections/business/TechTV/techtv_employee_revenge_020604.html

June 4 -- There was a time when vindictive former employees sought
revenge by taking a couple of office supplies or spreading rumors
about the boss.

But in today's computerized offices, angry workers and disgruntled
employees can access computer systems and destroy data with a click of
the mouse, causing millions of dollars in damage.

Richard Hunter, an analyst with Gartner, says that while cybersabotage
is rampant and rising, companies are usually too embarrassed to report
cases.

A recent FBI survey of anonymous companies showed 85 percent had a
computer intrusion in the last year. Of these intrusions, 30 percent
were from outside hackers, while 70 percent came from people
associated with the company.

Despite the wall of silence, we managed to dig up some notable cases
of employee sabotage. Below you'll find five examples of disgruntled
employees who wreaked havoc on corporate computer systems and ended up
in jail.

Crashing Forbes:

A Forbes computer technician deliberately caused five of the
publisher's eight network servers to crash as retribution for his
termination from a temporary position.

All the information on the affected servers was erased, and no data
could be restored. As a result of this one act of sabotage, Forbes was
forced to shut down its New York operations for two days and sustained
losses in excess of $100,000.

E-Mail overload:

Lockheed Martin's email system crashed for six hours after an employee
sent 60,000 co-workers a personal email message complete with a
request for an electronic receipt.

The defense contractor, which posts 40 million emails a month, was
forced to fly in a Microsoft rescue squad to repair the damage caused
by the employee.

Data destruction at Verizon:

A 32-year-old Florida man pleaded guilty to a charge of intentionally
damaging protected computers at a network support center owned by
Verizon Communications.

Verizon said that at 3 a.m. on a weekday the employee began to erase
data contained in the computers and entered a command that prevented
anyone from stopping the destruction process.

His actions resulted in more than $200,000 in damage. He now faces up
to 10 years in prison and a $250,000 fine.

Server sabotage:

A Hewlett-Packard employee sabotaged important tests on one of HP's
new computer servers, giving it lower performance results that cost
millions of dollars in resources and lost sales, according to a
lawsuit filed by HP.

Just before he was fired, the employee reformatted important computer
disks, cut cables to the test computer, and altered logs to try to
hide his acts. HP says it spent more than $1 million trying to fix the
problems.

HP also alleges that the employee copied email records, accessed
private computer systems, and transferred confidential information
outside the company. HP is asking that the ex-employee be forced to
pay unspecified damages.

Omega's $10 million software bomb:

Omega Engineering suffered losses of $10 million when a terminated
network manager detonated a software time bomb he had previously
planted in the network he helped create.

The bomb paralyzed Omega, a manufacturer of high tech measurement and
control devices used by the Navy and NASA. The malicious software code
destroyed the programs that ran the company's manufacturing machines.

One fateful morning, a worker at Omega's manufacturing plant booted up
the central file server that housed more than 1,000 programs and the
specifications for molds and templates. Immediately after the bootup,
the server crashed, erasing and purging all the programs on it.

The incident led to 80 layoffs, and the company says it caused the
departure of several of its clients.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.