A recent news story has brought to mind a threat which probably sends a shiver down the spine of many system administrators.
A 32-year-old man was sentenced to two years in prison this month for hacking the computer systems of his former employer.
Dariusz Prugar, of Syracuse, New York, worked as a systems administrator for ISP Pa Online until June 2010. But after a series of “personal issues”, he was let go.
You can probably guess what happened a few days later.
Prugar logged into PA Online’s network, using his old username and password. With his network privileges he was able to install backdoors and retrieve code that he had been working on while employed at the ISP.
Prugar tried to cover his tracks, running a script that deleted logs, but this caused the ISP’s systems to crash – impacting 500 businesses and over 5,000 residential customers of PA Online, causing them to lose access to the internet and their email accounts.
According to court documents, that could have had some pretty serious consequences:
“Some of the customers were involved in the transportation of hazardous materials as well as the online distribution of pharmaceuticals.”
Unaware that Prugar was responsible for the damage, PA Online contacted their former employee requesting his help. However, when Prugar requested the rights to software and scripts he had created while working at the firm – in lieu of payment – the ISP got suspicious and called in the FBI.
A third-party contractor was hired to fix the problem, but the damage to PA Online’s reputation was done and the ISP lost multiple clients.
Prugar ultimately pleaded guilty to computer hacking and wire fraud charges, and received a two year prison sentence alongside a $26,000 fine.
And PA Online? Well, they went out of business in October 2015.
Cases like this underline the importance of having regular reviews of your user database – removing unknowns, changing passwords and resetting access rights when a worker leaves your company’s employment.
Failing to revoke network access to a fired employee, or a lack of tight control over who can access what systems, is an indication that your internal processes are not sufficient. Don’t give disgruntled workers and former staff a window of opportunity to cause damage or steal company confidential information.
Simply having policies in place for when staff leave your employment isn’t enough, you need to enforce those policies to reduce the changes of a disenfranchised worker getting revenge.
With the increase in remote working the challenges in ensuring that staff no longer have access to your company’s hardware or data are even trickier than they were in the past – opening up new opportunities for those with malice in mind.
It’s really no wonder that for many system administrators the biggest security fear is not financially-motivated external hackers trying to break into the network but the risks posed by the insider threat.
Of course, it’s also worth remembering that people change jobs all of the time, and the vast majority of them would never dream of accessing company systems at their old workplace to cause mischief.
But all it takes is one disaffected former worker to create havoc, and cause your company to have a serious security headache. Ensure that your defences are firmly in place, and that only authorised users can access sensitive corporate systems.
And when those authorised users are no longer authorised, to revoke their access rights immediately.