Disgruntled Ex-Gucci Network Engineer Allegedly Goes on IT Rampage

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
Slide Show

Five Tips for Keeping Passwords Safe

Check out the key issues your users should always be aware of when it comes to password security.

A former network engineer of Gucci America has been accused of breaking into the computer systems of the upscale fashion boutique and going on an IT rampage. Sam Chihlung Yin allegedly accessed the company's network using a private network (VPN) token that he took with him after being fired over an unrelated matter. After tricking the Gucci IT department into activating the token a month later, Yin used it to gain remote access to the company's network. He then exploited his familiarity with Gucci's network configuration and administrator-level passwords to execute various misdeeds.


Below is a partial snapshot of what transgressed:

  • Virtual servers were deleted
  • The company's storage area network was shut down
  • A disk containing corporate mailboxes from an email server was deleted


The various activities also prevented store managers as well as the e-commerce sales team from accessing their emails at one stage, which resulted in a loss of sales. In all, the intrusion was estimated to have cost Gucci more than $200,000 in diminished productivity, restoration and remediation measures, as well as other related expenses.


It is not known how Yin was finally caught, though reading through this statement from the Manhattan District Attorney's office indicated that the mischief spanned months. This would have allowed the company to hire security experts to more closely monitor the network after the first few incidents. Of course, depending on the circumstances under which Yin was dismissed, the company probably already had its suspicions. Yin now faces a 50-count indictment that carries penalties of between one and 15 years in prison.


While many sites have weighed in on this case, I think Sophos security expert Graham Cluley summed it up best. Writing in a company blog earlier this week, he wrote:

People do, of course, leave jobs all the time and most of them would never dream of logging back in to their old place of work to cause mischief. But it only takes one disaffected former worker to wreak havoc-so make sure your defenses are in place, and that only authorized users can access your sensitive systems.

While it would admittedly be hard to protect against, this incident does reiterate the somber point that security threats resulting in the most damages often originate from within the network. With this in mind, SMBs should be cognizant about not being too focused on investing solely in security appliances and software.


In addition, the administrative process of issuing accounts and system access should be more tightly monitored; dormant accounts should be disabled or deleted. Finally, companies should take password security more seriously and periodically change the administrative passwords to crucial servers and appliances on the network.