NetworkTigers discusses past hacks by disgruntled employees.
Worried about being hacked? The call might be coming from inside the house. Employee hacks have posed a threat to companies since 1999, when an IDC analyst warned companies during cybersecurity conference Directions ‘99 that approximately 70% of hacks at the time could be traced back to within the company. According to cybersecurity studies today, employee risk remains one of the most dangerous threats to your business network. Whether they are cyber saboteurs, unhappy workers, or disgruntled ex-employees, those who already have access to your network can do the most damage once they turn rogue.
Famous employee hacks through history
Many employee-driven hacks go undetected because systems do not recognise the activity as a threat. Employees-turned-hackers are often credentialed users or working off of company gear that is never decommissioned. Remote work has created another risk for system managers to monitor, especially when it comes to disgruntled ex-employees. Remote workers may be able to monitor, change, lock or deploy certain security features offsite that can hold an entire network hostage.
Whether they are out for financial gain or revenge, the consequences can be dire. Five examples of famous hacks done by disgruntled employees include:
- 2008 Terry Childs City of San Francisco hack: Public infrastructure is a frequent target for disgruntled civil servants, and the results can hold a whole city hostage. In 2008, Terry Childs worked as a network administrator for the fiber optic system that carried information about the city’s payroll, email, law enforcement data, and jail documentation. Childs changed the administrator passwords, locking all his colleagues out of the system. Because of his actions, the fiber optic network was operational but inaccessible for 12 days during a California summer. The standoff eventually ended when he turned in the passwords to the Mayor. He was sentenced to 4 years in jail.
- 2014 Brian Johnson Georgia Pacific hack: Paper manufacturing company Georgia Pacific fired Brian Johnson in 2014, and soon regretted it. Johnson created a VPN connection from his home to company servers and tormented IT for two weeks. He wreaked up to $1.1 million in damages to company business before he was eventually caught, jailed, and ordered to pay restitution.
- 2016 Jonathan Ly Expedia hack: In 2016, former IT department member Jonathan Ly at Expedia kept his company-issued laptop without causing a fuss or concern. The company never asked for it back. With it, Ly was hacked into senior executives’ files after he was let go. Based on the insider information he found, he made a profit buying and selling Expedia stock. Ly netted $331,000 before he was caught.
- 2021 Rambler Gallo Massachusetts water hack: Cyber security officials warn that water utilities are much more vulnerable than they should be to intrusion and tampering, especially from disgruntled former employees. One such hack took place in Massachusetts in 2021 when Rambler Gallo resigned from his private utility employer, Discovery Bay Water Treatment Facility. He then used his own computer to remotely access the water treatment network, using a previously installed software designed to allow remote monitoring of instrumentation readings and electrochemical processing. From home, Gallo sent commands to uninstall critical tools that monitored the water pressure, chemical readings, and filtration systems for the town. His actions put 15,000 residents who depended upon the water system at risk.
- 2023 Paige Thompson Capitol One hack: Not everyone knows that the second-largest hack of personally identifiable information (PII) took place due to the actions of a disgruntled Amazon Web Services employee from 2019 to 2023. Because of AWS’s unprecedented reach into different companies, the breach compromised approximately 40% of the American adult population’s data. The massive hack is attributed to Paige Thompson, an employee with Amazon Web Services, who created a program that scanned remote servers of AWS users to test for vulnerabilities. She got back information attributed to approximately 106 million people, including names, addresses, and dates of birth, as well as about 140,000 Social Security numbers and 80,000 bank account numbers. The hack was discovered and reported by Capitol One, who had to pay $190 million in a class action suit to affected consumers. They were also ordered to pay a federal fine of $80 million for leaving their IT unprotected in the cloud. The data breach was enormous enough that attorneys from both sides of the lawsuit had to admit that they may not be entirely objective advocates, as it was more likely than not that their own data had been included in the hack. While Capitol One was the most notable company Paige Thompson hacked, over 30 AWS users were affected.
Protecting your business against employee threat
Not every rogue employee or ex-employee works in IT. According to a recent OneLogin study, the most challenging company functions to decommission and contain disgruntled employee threats are:
- Operations employees
- Engineering and sales
- Human Resources
- Finance and customer support
- Marketing
Because of this, protecting your business against disgruntled employees may come down to hiring the right people, performing background checks, and ensuring that your company has a zero-tolerance policy for decommissioned gear and lingering employee access once they have been terminated or quit. The price for network security is never too high to pay, especially once employee risk is factored into the equation.
About NetworkTigers
NetworkTigers is the leader in the secondary market for Grade A, seller-refurbished networking equipment. Founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms, NetworkTigers provides consulting and network equipment to global governmental agencies, Fortune 2000, and healthcare companies. www.networktigers.com.
