A fired IT worker from Texas broke into his former employer's computer system and deleted customer data while logged in at a restaurant's wireless network according to the Network World. https://www.networkworld.com/news/2011/090211-ex-employee-wiped-financial-data-from-250433.html.
According to the article the former employee, David Palmer, was angry that he had been fired and his former employer had not assisted him with getting unemployment benefits. Palmer logged into the system and used a backdoor account he created before leaving the organization. He deleted customer payroll and software files. Palmer logged into the system numerous times from his home as well as several wireless networks in restaurants prior to the offense.
The incident took place on January 21, 2010. The day after the files were deleted, company staff noticed that their punch clock software and payroll records were missing. The company contacted the U.S. Secret Service to report that there was an unauthorized intrusion into their system. Palmer was tried in US District Court in Texas September 1, 2011 and pled guility to computer intrusion. He is scheduled to be sentenced on November 2, 2011.
The article states that the situation is not unique. In several cases former employees have logged into their former employers system from restaurants with the idea that their traffic wouldn't be traced back because the individual was in a public place.
This situation begs the question, What steps should an organization follow when an IT employee with administrative privileges is terminated? Any organization firing an IT employee with special privileges should have reviewed accounts to ensure that all of the employee accounts had been removed and execute a search for unauthorized accounts were removed. Logging may have identified that the unauthorized access occurred if it was enabled, and periodic reviews were made of the logs.
So, it's clear that both Palmer and his company did forget something. Palmer created a backdoor account so he could log in to the system, in case he forgot something. The company forgot something too, they terminated an employee with the knowledge to get back into their system. The company should have set up roadblocks to prevent his re-entry or flares so they knew if he was back in the system.
No comments:
Post a Comment