Hacking threat rises with high-tech layoffs

posted onJune 4, 2001
by hitbsecnews

When someone cracked Slip.net's computer system, altered customer accounts and deleted important databases, the Internet service provider didn't need to look far to find the attacker.

It wasn't a criminal outfit seeking credit card numbers, and it wasn't a scrawny whiz kid hacking away for a challenge in his dark bedroom.

It was Nicholas Middleton, a former computer administrator for Slip.net, who had been unhappy at the San Francisco company and recently quit. Middleton fought the resulting criminal charges on a legal technicality but lost and got three years' probation.

Federal investigators say this type of computer crime is on the rise. As layoffs become more common at technology companies, an increasing number of disgruntled or fired employees are hacking their companies in revenge.

"The whole nature of computer crimes has changed," said Agent Greg Walton of the FBI's San Francisco-area computer intrusion squad. "The problem at big companies is, the network administrator is probably the last guy who finds out you got fired, and doesn't cut off your access. Or it's the network administrator who gets fired, and he has access."

Walton and the nine other members of his squad -- most of whom work out of a small, nondescript suite in Hayward -- have about 10 active investigations involving allegations of hacking by disgruntled or laid-off workers. It's a significant phenomenon, since the squad usually works on 50 to 60 cases at a time.

The jury that convicted Middleton found he caused more than $40,000 in damage to Slip.net, which spent days repairing its systems. Slip.net was sold the next year.

More embarrassment than expensive

Sometimes, the cost is not as problematic as the embarrassment a former worker can create.

Take the case of Joseph Durnal, a former contract employee for Peak Technologies in Columbia, Maryland. Durnal hacked its computer system and sent e-mails purportedly from management -- with a pornographic attachment -- telling workers the company was going out of business. Durnal pleaded guilty and was ordered to pay $48,520 in restitution in December.

Computer crimes of all kinds -- by insiders and outsiders -- are increasing and getting more costly, according to a recent survey of 538 companies, universities and government agencies by the San Francisco-based Computer Security Institute and the FBI.

Eighty-five percent said their networks were breached in the previous year. The 186 respondents who were willing to quantify the damage they suffered put their total losses at $378 million. In last year's survey, 249 companies said they lost a total of $266 million.

Richard Power, the institute's editorial director, said former employees need to be watched closely as firms downsize. "It is a known fact, a rule of thumb, in (computer security) that you have got to pay closer attention at times like these," he said.

Companies doing enough?

At many Silicon Valley companies, laid-off workers are instantly marched out of the building, with barely enough time to gather personal belongings. Plainclothes and uniformed security guards are usually on hand.

Still, the FBI worries that many companies aren't doing enough to keep their computer systems secure. Agents emphasize the point in regular lectures at Silicon Valley companies, especially ones going through layoffs.

Walton often tells human resources managers: "Not only do you know who you just hired, but do you know who you just fired?"

Ross Nadel, chief of the hacking and intellectual property unit in the U.S. Attorney's Office in San Jose, said his team is also prosecuting more cases involving thefts of trade secrets and break-ins at corporate networks by former employees.

Though it makes sense that Silicon Valley's economic downturn is responsible, more cases may be popping up simply because more companies are reporting such crimes to authorities than in the past, he said.

Indeed, in the report from the Computer Security Institute, 36 percent of the companies, schools and agencies hacked in the previous year said they reported the incident to law enforcement, up from 25 percent the year before.

Nearly all the companies that didn't tell law enforcement about their hacking problems said they feared negative publicity. Many file civil suits against perpetrators instead.

CNN

Source

Tags

Networking

You May Also Like

Other Articles In This Section

Recent News

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes
Apple announces macOS 15 Sequoia with window tiling, iPhone mirroring, and more
Apple integrates ChatGPT into Siri, iOS, and macOS
British police to scan 480,000 Formula 1 fans’ faces at Silverstone
Hackers steal “significant volume” of data from hundreds of Snowflake customers

Friday, June 7th

7,000 LockBit decryption keys now in the hands of the FBI, offering victims hope
FCC pushes ISPs to fix security flaws in Internet routing
Can a technology called RAG keep AI models from making stuff up?
How to Lead an Army of Digital Sleuths in the Age of AI

Thursday, June 6th

Mystery object waits nearly an hour between radio bursts
Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab
Ex-Microsoft security expert torches Windows' new 'Recall' feature
The Age of the Drone Police Is Here

Wednesday, June 5th

Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File
TikTok Hack Targets ‘High-Profile’ Users via DMs