Disgruntled Ex-Gucci Network Engineer Allegedly Goes on IT Rampage

Paul Mah
Slide Show

Five Tips for Keeping Passwords Safe

Check out the key issues your users should always be aware of when it comes to password security.

A former network engineer of Gucci America has been accused of breaking into the computer systems of the upscale fashion boutique and going on an IT rampage. Sam Chihlung Yin allegedly accessed the company's network using a private network (VPN) token that he took with him after being fired over an unrelated matter. After tricking the Gucci IT department into activating the token a month later, Yin used it to gain remote access to the company's network. He then exploited his familiarity with Gucci's network configuration and administrator-level passwords to execute various misdeeds.

 

Below is a partial snapshot of what transgressed:

  • Virtual servers were deleted
  • The company's storage area network was shut down
  • A disk containing corporate mailboxes from an email server was deleted

 

The various activities also prevented store managers as well as the e-commerce sales team from accessing their emails at one stage, which resulted in a loss of sales. In all, the intrusion was estimated to have cost Gucci more than $200,000 in diminished productivity, restoration and remediation measures, as well as other related expenses.

 


It is not known how Yin was finally caught, though reading through this statement from the Manhattan District Attorney's office indicated that the mischief spanned months. This would have allowed the company to hire security experts to more closely monitor the network after the first few incidents. Of course, depending on the circumstances under which Yin was dismissed, the company probably already had its suspicions. Yin now faces a 50-count indictment that carries penalties of between one and 15 years in prison.

 

While many sites have weighed in on this case, I think Sophos security expert Graham Cluley summed it up best. Writing in a company blog earlier this week, he wrote:

People do, of course, leave jobs all the time and most of them would never dream of logging back in to their old place of work to cause mischief. But it only takes one disaffected former worker to wreak havoc-so make sure your defenses are in place, and that only authorized users can access your sensitive systems.

While it would admittedly be hard to protect against, this incident does reiterate the somber point that security threats resulting in the most damages often originate from within the network. With this in mind, SMBs should be cognizant about not being too focused on investing solely in security appliances and software.

 

In addition, the administrative process of issuing accounts and system access should be more tightly monitored; dormant accounts should be disabled or deleted. Finally, companies should take password security more seriously and periodically change the administrative passwords to crucial servers and appliances on the network.



Add Comment      Leave a comment on this blog post

Aug 3, 2011 3:46 AM Cazare Costinesti Cazare Costinesti  says:

This sounds like a stupid idea. I just hope the Police will take measures against this guy. These are confidential data and this guy must go to the jail.

Reply
Aug 29, 2011 12:54 PM Rick Rick  says:

"People do, of course, leave jobs all the time and most of them would never dream of logging back in to their old place of work to cause mischief. But it only takes one disaffected former worker to wreak havoc-so make sure your defenses are in place, and that only authorized users can access your sensitive systems." Not that I condone the actions of the disgruntled worker, but it sounds like the employer did not have proper actions in place to lock him out when he left. 

Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 

Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data