Forwarded from: William Knowles <wk@private> http://www.jsonline.com/bym/news/jun05/337260.asp By RICK BARRETT rbarrett [at] journalsentinel.com June 28, 2005 The FBI is investigating whether a former P&H Mining Equipment employee hacked into the company's computer system from his home and copied files of projects he had worked on. The FBI has seized about a dozen computers from the suspect's Milwaukee home and is analyzing them for evidence that could result in criminal charges. The former employee, a computer systems administrator, has not been charged with a crime and is not being named for this article. "It takes us a while to work these cases to fruition," said Mike Johnson, cyber crimes supervisor for the Milwaukee office of the FBI. "They are time consuming, depending on how much data we find in the computers," he said. "Computer hard drives keep getting bigger, and the bigger they are, the longer it takes for us to get through them." P&H Mining Equipment, a division of Joy Global Inc., makes some of the world's largest mining shovels and draglines. One shovel alone can move about 360 tons of coal in 90 seconds. The company has operations in 46 countries. In a search warrant affidavit, FBI investigators said the former P&H employee was a systems administrator with the company before he was fired on April 1. Systems administrators have "root level" access to the computer systems they manage, which effectively gives them master keys to open any account and to read any file on their systems, according to the FBI. About six weeks after the P&H employee was fired, someone accessed the company's computer system from a remote location and turned off the monitoring programs on a company server, according to the FBI. The former employee was intimately familiar with the server because he built the system, FBI officials noted. The same day, about 3 gigabytes of data were copied from a computer folder with the former employee's name on it, to a computer with his home Internet address, according to the FBI. The files were then deleted and purged from the company system. Only a systems administrator would have the privileges to purge the files, which permanently removes them from the system, the FBI said. P&H had a backup tape of the former employee's folder, which indicated it contained about 3 gigabytes worth of data. The FBI subpoenaed the former employee's Internet service provider, in an effort to track the copied information. It also sought a search warrant to seize his personal computers, along with other computer equipment, disks, magazines and papers. Joy Global officials did not return Journal Sentinel calls asking about the alleged computer break-in and whether any damage was done to P&H computer systems. The former employee might have had help accessing the system, according to the FBI. The computer intrusion cost the company more than $5,000 in manpower, the agency noted in the search warrant affidavit. Randall Kaiser is a Milwaukee attorney representing the former employee. "This is definitely not a situation where he was trying to do any damage," Kaiser said of his client. "It's an unfortunate situation that we are trying to resolve." As many as half of all businesses experience break-ins from computer hackers, also called crackers, but most don't report it to law enforcement, according to a government report. As many as 70% of businesses included in a Computer Security Institute survey said they didn't report computer intrusions to the FBI because they didn't want negative publicity. About 85% of all computer break-ins are done by company insiders, said Michael Higgins, managing director of TekSecure Labs, a Woodbridge, Va., technologies firm that helps large companies protect their data. Higgins was not familiar with this particular FBI investigation. But he said it's not unusual for people to try and steal something from their former employers' computers, either for personal gain or as revenge for being fired. A fired computer administrator can cause a great deal of harm. "If you fire the guy with the keys to the kingdom, you had better do it very carefully," Higgins said. "There have been numerous cases where fired employees knew the back doors to get inside the company, and destroying data is one of the ways they use to get revenge." Companies should have a plan that spells out what steps to take when a computer systems manager leaves his employment, according to Higgins. Some plans can be thwarted if the former employee has personal contacts in the company willing to assist in a computer break-in. But any employee who offers help puts himself at tremendous risk, Higgins said. *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* _________________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 23-28 - 2,000+ international security experts, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Tue Jun 28 2005 - 22:28:26 PDT