The Disgruntled Security Breach Strikes Again

Posted: April 5, 2011 in 2 Factor Authentication, Industry Commentary, IT policy
Tags: , , , , , ,

We’ve said it before and we’ll say it again – disgruntled, former employees pose a major risk to your network. If you’ve been following the headlines this week, you know why we’re bringing this up again.

A former IT employee at Gucci was charged with remotely taking over the haute-couture company’s computers, shutting down servers, and deleting emails, the Wall Street Journal reported yesterday. According to the WSJ, here’s what’s happened:

Sam Chihlung Yun, 34 years old, allegedly created an account in the name of a fictional employee and used it to access the company’s network after he was fired in May 2010, prosecutors said. He allegedly caused more than $200,000 in diminished productivity, as well as remediation costs, prosecutors said.

Now Mr. Yun is being charged with a 50-count indictment for unauthorized use of a computer, unlawful duplication of computer-related material, among other charges. So, how did he do it? InformationWeek is reporting that Yun created a VPN token in the name of a fictional employee, then when he was fired he used this USB-based token to gain remote access. In the aftermath of Yun’s attack in November, Gucci staff were not able to access any documents, files, or materials saved anywhere on its network.

Frightening, right? So what can you do? Review your user log carefully and often – if you spot a red flag, investigate. Also, make sure all former employees are completely provisioned off the network and reset all the passwords and access rights following their departure.

Gucci was lucky enough to catch and prosecute its culprit — but the fashion giant would have been luckier if it had stopped the breach before it even happened.

Comments
  1. […] Sony to Gucci, high-profile companies became victims of hacking with incredible frequency in 2011. Corporate […]

  2. […] Sony to Gucci, high-profile companies became victims of hacking with incredible frequency in 2011. Corporate […]

  3. […] From Sony to Gucci, high-profile companies became victims of hacking with incredible frequency in 2011. Corporate heists of this scale are typically complicated, but there are a few common lessons learned that we can glean from these breaches. For one, hackers are relentless and sophisticated, and will take advantage of every opportunity to sabotage a corporate network. This is the stark reality of today’s world, where stolen data is a billion-dollar business—not the climate in which businesses want to slack off on their VPN protection. […]

  4. […] Sony to Gucci, high-profile companies became victims of hacking with incredible frequency in 2011. Corporate […]

  5. […] Sony to Gucci, high-profile companies became victims of hacking with incredible frequency in 2011. Corporate […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s