For 14 years, a Massachusetts system administrator worked at high-performance computing component manufacturer Allegro MicroSystems with particular responsibility of administration of Allegro's Oracle financial database module.
It is claimed that the administrator resigned on January 8 and that his admin rights were not revoked from the database even after he left the job. The organization din't collect one of his two laptop's from the administrator since only he had the technical expertise to continue the database operations and the company wanted to continue with it till they found his replacement.
Since the administrator's laptop also contained sensitive information about the employees' credentials, he used this laptop to connect to the network using other employee's credentials and planted a logic bomb on 31st January. The logic bomb was designed to be triggered on 1st of April to delete key financial data headers and pointers from the Oracle files, rendering the module useless.
As expected, on 1st of April, the accounts team identified some critical files missing and on forensic investigation they discovered that the only other employee with the skills to write code for the Oracle database had left long before the system administrator's departure. So, only the system admin had the specific skills to do that and Allegro also claims that he logged into the network using his subordinate's ID before he quit the job.
Currently, he is facing charges of breaking the Computer Fraud and Abuse Act, trespassing, and conversion – using other people's property for a crime – after booby-trapping his former employer's servers. The company claims that the software issues cost it over $100,000 and it is seeking to recover these costs from the system administrator. Additionally, the court could impose other penalties if he was found guilty.
Lessons learnt:
1) Change the administrator passwords before the admin leaves.
2) Revoke logical access to the organization's assets once an employee leaves the organization.
3) Ensure that an employee has handed over all the assets back to the organization before his last day.
No comments:
Post a Comment