[ISN] Former IT Contractor Pleads Guilty To Chrysler Sabotage

From: InfoSec News (alerts@private)
Date: Wed Jun 06 2007 - 22:20:56 PDT


http://www.informationweek.com/news/showArticle.jhtml?articleID=199901760

By Sharon Gaudin
InformationWeek
June 6, 2007

An IT contractor who had been let go from his job at Daimler Chrysler 
pleaded guilty to sabotaging the auto-maker's wireless inventory network 
and causing more than $29,000 in damages.

William A. Johns, 65, of Lake Orion, Mich., pleaded to the charge of 
unlawful computer intrusion in U.S. District Court. Under the terms of 
the plea agreement, he faces up to 12 months in prison and a fine of up 
to $250,000. Johns also will be required to make full restitution to 
Daimler Chrysler in the amount of $29,916 to pay for the costs 
associated with repairing the damaged network.

"A case like this shows the potential vulnerability -- the potential for 
a seriously damaging breach," said Terrence Berg, First Assistant U.S. 
Attorney, in an interview with InformationWeek. "The company caught on 
quickly and took swift action so this didn't cause them especially 
significant damage. But it showed that the vulnerability was there and 
it gave them a chance to fix it."

According to a release from the U.S. Attorney's office, Johns worked for 
Intermec, a consulting company hired to come in and set up a new 
wireless network for Chrysler's remote parts distribution facilities in 
Atlanta, Georgia, Portland, Oregon, and Denver and Colorado. MOPAR is 
Chrysler's parts distribution component. Johns was part of the 
installation team.

However, Berg said at some point Johns was let go from the Chrysler job.

Court papers showed that on Oct. 3, 2003, Johns entered the Daimler 
Chrysler Assembly plant in Sterling Heights, Mich. and accessed a 
computer kiosk in the visitors' lobby. Based on his familiarity with 
Daimler Chrysler's computer system and security systems, he used the 
terminal to delete files and passwords from wireless devices used in 
remote parts distribution facilities in remote cities.

The government told the court that Chrysler was forced to remove and 
repair the devices, causing each MOPAR facility to shut-down for about 
seven and a half hours, causing more than $25,000 in damages.

Berg said that while Johns was making his plea to the court, he called 
his actions "a prank."

"If that's accurate, I don't know," added Berg. "Sometimes when someone 
is an IT consultant like that, they cause a problem because they want to 
be the one to fix it. They cause problems so they can be appreciated 
when they solve them."

Berg said Chrysler was quick to call in the FBI when they discovered the 
incident.

Johns is slated to be sentenced on Sept. 12.


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Wed Jun 06 2007 - 22:33:43 PDT