Monday, April 11, 2011

Fired Employee Wreaks Havoc Using Fictitious Employee Access Rights He Set Up Before Being Fired

It is no longer sufficient to disable the access of employees when they are terminated. As this incident demonstrates you must discover and disable dormant or bogus accounts that terminated employees can use as a backdoor into your systems.

A Gucci employee created an account for a fictitious employee well before he was fired. Then after he was terminated and his own accounts were disabled he used the fictitious employee account to access Gucci systems.
Learn how an Identity and Access Intelligence service can detect bogus user accounts and other access vulnerabilities- with no hardware and no on-site software.
According to New York District Attorney's office indictment, the attack caused more than $200,000 in damages by shutting down servers, deleted emails, and preventing Gucci employees from accessing email for 24 hours.
"This Office's Cybercrime and Identity Theft Bureau is committed to preventing and prosecuting crimes such as the one charged in today's indictment." - Cyrus R. Vance Jr., Manhattan District Attorney
The 50-count indictment charges him with unauthorized use of a computer, unlawful duplication of computer-related material and other charges. If convicted he could face up to 15 years in jail. Sources:
(a) Former Gucci Employee Charged in Computer Hacking Case - Wall Street Journal, April 2011


No comments:

Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.