Fire a Techie, and Bad Things May Happen

HackerLet this scary story be a lesson to all IT executives who send an employee packing. Make sure you tighten up security in the wake of their departure. If you don’t, something like this may happen.

Jason Cornish, 37, formerly an IT staffer at the U.S. subsidiary of Japanese drug-maker Shionogi, recently pleaded guilty to computer intrusion charges in connection with an attack against the company on Feb. 3, 2011. He wiped out 15 VMware host systems that were running e-mail, order tracking, financial and other services for the Florham Park, N.J., company. Cornish had resigned in July 2010 after fighting with his bosses, but he stayed on as a consultant for two more months until he was laid off.

After his sacking, Cornish was able to log back into his company from a Smyrna, Ga., McDonald’s restaurant and fire up a vSphere VMware management console he’d installed on the company’s network a few weeks earlier. His nefarious task: deleting 88 company servers from the VMware host systems. The attack froze Shionogi’s operations for several days, leaving company unable to handle its regular operations. The cost was estimated at $800,000.

Cornish faces a ten-year sentence when he faces the judge in November. The rest of us face a good long think about how to protect mission-critical systems from the revenge of disgruntled employees.

Source: IT World

No Responses to “Fire a Techie, and Bad Things May Happen”

  1. wri7913

    Common sense states that a company should disable a former employees accounts when they resign or are fired. There is no reason an individual should still have an account. One would not allow that individual to walk around the company premises after being fired or resign, why would they allow them access to their computer systems?

    It would also be somewhat practical depending upon the systems logging ability to go back and review the last two weeks of that individual’s access to systems. Many people have daily habit based on their pattern of work at a job. If this individual were suddenly accessing system they normal did not access before, it would give a strong signal that this person might be up to something nefarious and worth checking out.

    If someone were to install a rootkit or some other means to bypass security, there would be little you could do unless you happen to come across it. Monitoring the users whereabouts two weeks before resign or firing would give a good heads up.

  2. A rootkit is difficult to find and even more difficult to get rid of. If it was me, I would install a rootkit and have access for a long time. Most companies don’t want to spend money to protect. They wait until something happens, get a subsidy, and write it off on taxes. Money isn’t everything.