A former IT administrator has admitted disrupting the communications infrastructure of his former employer after his contract was terminated in September 2010, highlighting the risk of insider threats.
Jason Cornish from Smyrna, Georgia, was working as a consultant for the US subsidiary of Japanese pharmaceutical company Shionogi when his contract was terminated in a round of cost cutting.
Jason Cornish initially left the firm in July 2010 after a dispute with a senior manager. However, he was re-hired as a consultant because of his knowledge of Shionogi's computer network.
In a revenge attack, Cornish used his old credentials to log into the firm's computer systems from a public Wi-Fi hotpot and delete 15 virtual hosts, taking down 88 virtual servers, according to reports.
The downed servers were running Shionogi's e-mail, Blackberry, order tracking and other services.
The attack froze Shionogi's operations for a number of days, costing the company an estimated £488,000.
The FBI tracked Cornish down through a link between his credit card and the Wi-Fi hotspot he used for the attack. He pleaded guilty to computer intrusion and faces up to ten years in prison and a fine when he is sentenced in November.
"Businesses need to be reminded of the importance of reviewing what users have access to your systems, and that changing passwords and resetting access rights is essential when a member of your staff leaves your employment," said Graham Cluley, senior technology consultant at security firm Sophos.
"People do, of course, leave jobs all the time and most of them would never dream of logging back in to their old place of work. But it only takes one bad apple to wreak havoc - so make sure your defences are in place, and that only authorised users can access your sensitive systems," Graham Cluley wrote in a blog post.
According to Eric Chiu, founder and president of security firm HyTrust, insider threats are on the rise from malicious or disgruntled employees.
"The breach at Shionogi is a great example of how vulnerable virtualisation infrastructure and the cloud can be. Critical systems like e-mail, order tracking, financial and other services were impacted, having been virtualised without the proper controls in place," he says.
A compromise at the virtualisation infrastructure layer is a potential compromise of everything else above it in the stack, said Eric Chiu. This is why organisations such as NIST and PCI place greater emphasis on associated security measures.