A man has pleaded guilty to sabotaging his former employer's computer system after he was fired.
David Ernest Everett Jr. admitted in a federal court to intentionally damaging a protected computer at Wand Corporation. He was fired in March after working on the Eden Prairie, Minnesota-based company's helpdesk for about eight months.
He admitted that about three weeks after he was terminated, he launched a ‘malicious software attack' on the computer systems of Wand's clients, and also admitted to creating three malicious files designed to crash the computer servers. He did this from home and was able to install the files on 1000 servers. This led to computer servers at 25 fast food restaurants crashing in April.
Wand provides computer systems to fast-food restaurants throughout the country which connect the cash registers in a restaurant to one computer server that stores information such as transaction data, as well as "back office" information such as the restaurant's payroll, scheduling and inventory. Officials at Wand said that the restaurants affected by the malicious software were still able to serve customers as the systems can be managed remotely through an internet-based program.
Dave Perrill, Wand Corporation's vice president, claimed that had all 1000 systems crashed, the damage could have cost the company an estimated $4.25 million. It cost Wand approximately $49,000 to investigate the crashes and fix the problem.
Perrill said: “It was an employee who wasn't happy about being terminated. We were able to minimise the damage, once we knew what was going on. Everett was able to use inside knowledge to exploit what would be called a security hole, and the hole has since been closed.”
Everett will be sentenced later. He faces up to 10 years in prison.
Graham Cluley, senior technology consultant for Sophos, said: “I think the message we should all learn from this sorry case is the importance of changing passwords and resetting access rights when a member of your staff leaves your employment.
“People do, of course, leave jobs all the time and most of them would never dream of logging back in to their old place of work to cause mischief. But it only takes one disaffected former worker to wreak havoc - so make sure your defences are in place, and that only authorised users can access your sensitive systems.”
See original article on scmagazineuk.com
Ex-employee pleads guilty to sabotaging his former employer's computer system
By SC Australia Staff on Jan 19, 2009 11:29AM