[ISN] Hacking Threat Rises With High-Tech Layoffs

From: InfoSec News (isnat_private)
Date: Sun Jun 03 2001 - 15:08:01 PDT

  • Next message: InfoSec News: "[ISN] Waco bank targeted by computer hackers in Russia"

    http://ap.tbo.com/ap/breaking/MGAJV5G6JNC.html
    
    By Brian Bergstein The Associated Press 
    Published: Jun 3, 2001
    
    HAYWARD, Calif. (AP) - When someone cracked Slip.net's computer
    system, altered customer accounts and deleted important databases, the
    Internet service provider didn't need to look far to find the
    attacker.
    
    It wasn't a criminal outfit seeking credit card numbers, and it wasn't
    a scrawny whiz kid hacking away for a challenge in his dark bedroom.
    
    It was Nicholas Middleton, a former computer administrator for
    Slip.net, who had been unhappy at the San Francisco company and
    recently quit. Middleton fought the resulting criminal charges on a
    legal technicality but lost and got three years' probation.
    
    Federal investigators say this type of computer crime is on the rise.
    As layoffs become more common at technology companies, an increasing
    number of disgruntled or fired employees are hacking their companies
    in revenge.
    
    "The whole nature of computer crimes has changed," said Agent Greg
    Walton of the FBI's San Francisco-area computer intrusion squad. "The
    problem at big companies is, the network administrator is probably the
    last guy who finds out you got fired, and doesn't cut off your access.
    Or it's the network administrator who gets fired, and he has access."
    
    Walton and the nine other members of his squad - most of whom work out
    of a small, nondescript suite in Hayward - have about 10 active
    investigations involving allegations of hacking by disgruntled or
    laid-off workers. It's a significant phenomenon, since the squad
    usually works on 50 to 60 cases at a time.
    
    The jury that convicted Middleton found he caused more than $40,000 in
    damage to Slip.net, which spent days repairing its systems. Slip.net
    was sold the next year.
    
    Sometimes, the cost is not as problematic as the embarrassment a
    former worker can create.
    
    Take the case of Joseph Durnal, a former contract employee for Peak
    Technologies in Columbia, Md. Durnal hacked its computer system and
    sent e-mails purportedly from management - with a pornographic
    attachment - telling workers the company was going out of business.
    Durnal pleaded guilty and was ordered to pay $48,520 in restitution in
    December.
    
    Computer crimes of all kinds - by insiders and outsiders - are
    increasing and getting more costly, according to a recent survey of
    538 companies, universities and government agencies by the San
    Francisco-based Computer Security Institute and the FBI.
    
    Eighty-five percent said their networks were breached in the previous
    year. The 186 respondents who were willing to quantify the damage they
    suffered put their total losses at $378 million. In last year's
    survey, 249 companies said they lost a total of $266 million.
    
    Richard Power, the institute's editorial director, said former
    employees need to be watched closely as firms downsize. "It is a known
    fact, a rule of thumb, in (computer security) that you have got to pay
    closer attention at times like these," he said.
    
    At many Silicon Valley companies, laid-off workers are instantly
    marched out of the building, with barely enough time to gather
    personal belongings. Plainclothes and uniformed security guards are
    usually on hand.
    
    Still, the FBI worries that many companies aren't doing enough to keep
    their computer systems secure. Agents emphasize the point in regular
    lectures at Silicon Valley companies, especially ones going through
    layoffs.
    
    Walton often tells human resources managers: "Not only do you know who
    you just hired, but do you know who you just fired?"
    
    Ross Nadel, chief of the hacking and intellectual property unit in the
    U.S. Attorney's Office in San Jose, said his team is also prosecuting
    more cases involving thefts of trade secrets and break-ins at
    corporate networks by former employees.
    
    Though it makes sense that Silicon Valley's economic downturn is
    responsible, more cases may be popping up simply because more
    companies are reporting such crimes to authorities than in the past,
    he said.
    
    Indeed, in the report from the Computer Security Institute, 36 percent
    of the companies, schools and agencies hacked in the previous year
    said they reported the incident to law enforcement, up from 25 percent
    the year before.
    
    Nearly all the companies that didn't tell law enforcement about their
    hacking problems said they feared negative publicity. Many file civil
    suits against perpetrators instead.
    
    
    
    
    ISN is hosted by SecurityFocus.com
    ---
    To unsubscribe email isn-unsubscribeat_private
    



    This archive was generated by hypermail 2b30 : Mon Jun 04 2001 - 05:28:19 PDT