San Francisco Held Cyber-Hostage? Disgruntled Techies Have Wreaked

Tag : Used Computer Equipment

The purported takeover of the San Francisco government's new fiberoptic network by an employee who locked out all the otheradministrators sounds extreme, but disgruntled or fired employeeshave always used computers to get a dose of revenge.
The city is still scrambling to regain control of the municipalnetwork that handles everything from the mayor's e-mail to SanFrancisco's electronic court records, according to Ron Vinson, thedeputy director of San Francisco's telecommunications and information services department .
Terry Childs, a city tech employee, allegedly modified the systemso that only he had top level permissions. Childs was arrestedSunday and is being held on $5 million bail, after allegedlyrefusing to hand over the passwords.
"This is a great example of how powerful insiders canbe," assuming the allegations are true, says security expertAdam Shostack, the author of the New School of Information Security . "Insiders do have a tremendous amount of power."
At the same time, such shenanigans are still rare, at leastcompared to how many network administrators are fired, or quit,without burning the system behind them, says Shostack. One thing'sfor certain: with no actual damage reported, the San Franciscoincident pales next to other reported cyber-sabotage efforts. In 2008, Danielle Duann, a former employee of the Life Gift OrganDonation Center in Houston, Texas, was indicted for computerhacking. Duann allegedly deleted database records used to matchorgans to needy patients after she was fired in November, 2005. Thefeds say the deletions caused more than $70,000 in damages, and hadthe potential to affect medical treatment.
In 2007, Lonnie Denison pleaded guilty to intentionally sabotaginga data control center in the California Independent System OperatorCorporation, which the Feds described as an effort to bring downthe Golden State's power grid. Denison, a contractor working at theCAL ISO, broke into a high security computer room and pushed anemergency electrical shut-off button for the computer room crashedcomputers that communicate with California's deregulated powermarket.
In October 2003, Andrew Garcia, a former employee of monitor makerViewsonic, was sentenced to a year in prison for deleting criticalserver files that were necessary for Viewsonic's Taiwan office todo work.
In 2002, a former American Eagle Outfitters employee postedpasswords and logins for the company's network on a hacker mailinglist on Yahoo. He also included instructions on how to get intoAmerican Eagle's wide-area network. He put those instructions intouse himself after Thanksgiving 2002, hoping to disrupt the companyduring the busy holiday season. For his trouble, Kenneth Pattersonwas sentenced to 18 months in prison.
A former network administrator for the Inglewood, California-basedAirline Coach Service and Sky Limo Company attacked his formeremployee's network, deleting files and changing passwords. The hackcrashed the company's dispatch system, causing thousands in losses.When his house was raided by the feds, they discovered a filefolder labeled "retaliation." In 2003, Alan Giang Tranplead guilty to one count of hacking.
A disgruntled Australian engineer used a laptop and radio controlequipment to dump hundreds of thousands of gallons of sewage intorivers and parks in Australia in 2000. The engineer was angry atbeing rejected for a job from the Maroochy Shire in Queensland,which contracted the company he worked for to make the sewagesystem.
Roger Duronio, a disgruntled former UBS PaineWebber employee wassentenced to 97 months in jail for planting a time-bomb programthat destroyed files on thousands of computers inside the financialgiant's computer network. Duronio planted the code before hisFebruary 22, 2002 resignation, which followed repeated complaintsby Duronio about his salary and bonuses. The timer for the codewent off on March 4, and Duronio shorted UBS's stock on the day ofthe time bomb, hoping to make a profit by having the rogue codedrive down the company's stock price.
In 1996, a network administrator planted computer code that deletedthe sophisticated production software of a high-tech measurementand control instruments company called Omega Engineering, causing$10 million in damages. Timothy Allen Lloyd designed the company'snetwork, but was fired after 11 years on July 10, 1996. The timebomb went off 20 days later. After being convicted in 2000, Lloydwas eventually sentenced to 41 months imprisonment.
Despite the horror stories, at least one can be thankful that whensomeone in the IT department goes postal, they tend to take downthe mail server, not pick up an assault rifle.