http://www.informationweek.com/news/security/attacks/showArticle.jhtml;jsessionid?articleID=208403740 By Thomas Claburn InformationWeek June 12, 2008 A San Diego network engineer, Jon Paul Oson, was sentenced to more than five years in prison this week for intentionally damaging computers at his former workplace. The sentence issued Monday is one of the longest imposed to date in the United States for computer hacking, according to the Office of the U.S. Attorney in San Diego. Oson was convicted last summer of accessing the network of his former employer, The Council of Community Health Clinics (CCC), without authorization. CCC provides various services to 17 regional health clinics in San Diego and Imperial counties in California. According to the government's account of the jury findings, Oson resigned from CCC following a negative performance review. He subsequently accessed the CCC network, disabled the automatic backup process, and later deleted data and software on CCC servers, including patient data belonging to North County Health Services Clinic (NCHS), one of CCC's member clinics. The intrusion was made through a server that held medical information submitted by CCC member clinics for a federal research program, according to the government's trial brief. Access to it was supposed to be restricted because it contained personally identifiable medical information. But the server was in fact accessible through the Internet using the "Remote Desktop" application that's part of Windows Terminal Services, with a CCC password. During the internal CCC investigation into the breach, engineers concluded that the damage had to have been done by an insider who had knowledge of CCC's systems. Server logs revealed that the intruder had used a computer named "TEMP3" that had been equipped to work with anHP (NYSE: HPQ) 2100 LaserJet printer. Those investigating the incident searched CCC's computer logs for other logins associated with that model printer. Only one CCC employee was found to have logged in remotely using a computer associated with an HP 2100 printer: Jon Oson, using his CCC-supplied computer named CCC-JOSON. Another unauthorized access was made using a computer named "KUKU," the nickname of Oson's son, the trial brief says. Additional evidence pointing to Oson was uncovered and a search warrant was obtained for Oson's residence. An HP 2100 LaserJet printer was found at Oson's house. The computer seized from Oson's residence all had their operating systems re-installed after December 29, 2005, the date of the last unauthorized access, effectively erasing potential evidence on them. However, other evidence gathered from CCC's logs and witness testimony proved sufficiently compelling for the jury to convict Oson. The trial brief says that the deletion of CCC's data hit the organization hard. "Patients who visited the clinic in the weeks following the network disruption were kept waiting hours and sometimes futilely while their charts were located and delivered to the appropriate clinic and doctor," the court documents explain. "With the shutdown of its Practice Management system, NCHS had to shift to a paper-based system. It took dedicated NCHS staff months to collect the paper records, input them into Practice Manager and initiate billing for those visits. The unavailability of charts and the associated computerized records impacted patient care." Oson was ordered pay restitution of $144,358.83 to CCC and $264,979.00 to NCHS. _______________________________________________ Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Fri Jun 13 2008 - 00:17:53 PDT