Insider threats are of serious concern for all businesses. Former or recently terminated employees add a much higher level of risk for theft, destruction, or release of company data. A former credit union employee is now facing a ten (10) prison sentence after pleading guilty to destroying large amounts of corporate data in revenge for being fired.
This former employee who lives in Brooklyn NY, pleaded guilty in the US Eastern District Court recently, admitting to one count of computer intrusion arising from her “unauthorized intrusion into, and destruction of data” on her former employer’s computer system. Two days after being fired on 19 May 2021, she acknowledged to having accessed the file server of her employer, a New York-based credit union, and opened confidential files. She deleted 21.3 GB of data, including 20,000 files and almost 3500 directories, according to the US Department of Justice (DOJ).
The deleted files apparently related to mortgage loan applications and the company’s anti-ransomware software. She also sent a text message shortly after to a friend claiming, “I deleted their shared network documents.” According to the DOJ, the credit union spent $10,000 fixing the unauthorized intrusion and deletion of documents.
“Ms. Smith may have thought she was getting back at her employer by deleting files, however she did just as much harm to customers. Her petty revenge not only created a huge security risk for the bank, but customers also depending on paperwork and approvals to pay for their homes were left scrambling,” said FBI who investigated the cyber intrusion. “An insider threat can wreak just as much havoc, if not more, than an external criminal. The bank and customers are now faced with the tremendous headache of fixing one employee's selfish actions.”
This intrusion example exposes the importance of prompt off-boarding of terminated employees and safely deleting any/all access to systems and services, prior to the firing procedure. According to the court documents, a credit union employee requested that its IT support firm disable Smith’s network access, but this was not done by the time Ms. Smith was notified she was fired. Instead, she was able to use her username and password to access the file server remotely for about 40 minutes.
This company failure demonstrates how all departments, Executive, HR, IT and Security all need to coordinate the immediate actions required when an employee is being terminated. The best practices include the cancellation of all IT and shared services begin prior to the termination event and escorted exit from the premises. Ideally this should be accomplished the evening prior to the termination date. Procedures should include the recovery all company owned assets including cell phones, lap top computers and PDAs.
Revenge Happens
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
source: https://www.infosecurity-magazine.com/news/sacked-employee-deletes-credit/
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/3702558539639477516
Comments