Authorities on Monday indicted a former IT employee at Gucci for hacking into the company’s computer network, deleting files and emails, and causing an estimated $200,000 in damage.
“Computer hacking is not a game. It is a serious threat to corporate security that can have a devastating effect on personal privacy, jobs, and the ability of a business to function at all,” said Manhattan district attorney Cyrus R. Vance Jr., in a statement.
More Security Insights
In a 50-count indictment, authorities charged the former Gucci network engineer — named as Sam Chihlung Yin, 34, who had been fired in May 2010 for unrelated reasons — with accessing the Gucci corporate network via VPN on November 12, 2010, and over a two-hour period deleting virtual servers, taking a storage area network offline, and deleting mailboxes from the corporate email server.
“As a result, Gucci staff [were] unable to access any documents, files, or other materials saved anywhere on its network,” said authorities.
According to the district attorney’s indictment, “Yin’s destruction of data from the email server cut off the email access not only of corporate staff, but also of store managers across the country and the e-commerce sales team — resulting in thousands of dollars in lost sales.” While email access was restored by the end of the day, authorities said that a full clean-up took weeks or months of effort.
How did a former employee gain access to a corporate network and delete data? Authorities accuse Yin of creating “a VPN token in the name of a fictional employee,” and then, when he was fired, stealing this USB-based token to gain remote access.
According to authorities, “in the months that followed, using the VPN token, Yin exploited his familiarity with Gucci’s network configuration and administrator-level passwords to gain nearly unfettered access to Gucci’s network.”
What’s the takeaway from this insider attack? “The importance of reviewing your user database and removing unknowns, changing passwords, and resetting access rights when a member of your staff leaves your employment,” said Graham Cluley, senior technology consultant at Sophos, in a blog post.
“It only takes one disaffected former worker to wreak havoc — so make sure your defenses are in place, and that only authorized users can access your sensitive systems,” he said.
In this Tech Center report, we explain why DB2 users need to focus on security, and how to meet essential vulnerability assessment and remediation, monitoring, and audit requirements using tools in the IBM portfolio. Download it now. (Free registration required.)