Sacked techies take revenge

Sacked IT workers in New Zealand have joined a global trend in taking revenge on their former employers.

Sacked IT workers in New Zealand are part of a global trend in taking revenge on their former employers.

The FBI has issued a formal warning about an upsurge of cyber attacks on US businesses, saying many cases are from disgruntled ex-employees. Similar trends are also reported in Australia (see Pink slips ignite revenge by system administrators).

Auckland IT security experts say recent cases include “industrial espionage” and the leaving of trojans.

Co-Logic director Arjen de Landgraaf says his clients include two large New Zealand corporates, a private Christian school and an ISP that were attacked this way.

“A key person left the ISP (last month) and compromised the system. He got financial information about customers and tried to sell it to another ISP. This is electronic espionage,” he says.

Three other customers also had trojans installed into their systems, and consequently, one firm is having a full security audit this week.

De Landgraaf says this is “a growing and very difficult problem” because usually Kiwi firms are small, with just one person knowing all about the network, security and passwords.

“When they gain strength, the IT worker demands a higher salary. If you don’t pay up, you are going to be screwed. It’s the biggest and most expensive risk for any firm, to have an insider leave on bad terms. They can place things in every nook and cranny because they know you will look for it,” he says.

Tony Krzyzewski of Kaon Technologies reports two recent cases where security was breached by a staff member once their contract was terminated.

“This emphasises the need to pay as much attention to internal security processes as external. A good internal security practice will have procedures in place to control the exit of staff and will also control information on a need to know basis so that when staff leave, they do not have the opportunity to attack.”

Krzyzewski says the procedures need to go beyond changing passwords and should include revocation of all remote access rights, closure of mail accounts and use of company communication services.

As in Australia, Krzyzewski says, New Zealand firms have little awareness of ‘the threat from within’.

Most organisations concentrate their security on external threats like the internet, when they also need to have internal procedures in place.

“This problem has been around for sometime, but the Americans, and other techies, have never got fired before,” he adds.

Join the newsletter!

Error: Please check your email address.

Tags securityhackershackingRedundancytrojan

More about FBI

Show Comments
[]