Jan 26 2021

Ghost hack – criminals use deceased employee’s account to wreak havoc

Category: Cybercrime,Information SecurityDISC @ 12:00 pm

Many, if not most, organisations will tell you that they have processes and procedures that they follow when employees leave.

In particular, most companies have a slick and quick procedure for removing ex-staff from the payroll.

Firstly, it doesn’t make economic sense to pay someone who is no longer entitled to the money; secondly, many countries require employers to withold payroll taxes automatically, to pay them in promptly, and to account for them accurately.

Why get into trouble with the tax office over former employees when you can have a simple “staff leaving” checklist that will help to keep you compliant and solvent at the same time?

Unfortunately, we’re not always quite so switched on (or, to be more precise, not quite so good at switching things off) when it comes to ex-staff and cybersecurity.

History is full of stories of havoc wreaked by ex-employees who maintained both their grudges and their paswords or access tokens after being fired or laid off.

Some of these revenge attacks have acquired legendary status, like the man from the splendidly named town of Maroochydore in Maroochy Shire in Queensland, Australia, who used insider information and a purloined computer to “hack” the council’s waste management system.

This crook quite literally, if you will pardon the expression, showered the shire with… well, with 1,000,000 litres of raw sewage, by operating all the right pumps in all the wrong ways.

As amusing as this crime sounds with 20 years of hindsight – it happened in the year 2000 – the disgruntled former contractor caused an environmental hazard, including polluting a tidal canal, that took days to clean up.

He was caught, tried and convicted of 27 counts of unauthorised computer access, and one count of wilfully and unlawfully causing serious environmental harm:

“Marine life died, the creek water turned black and the stench was unbearable for residents,” said Janelle Bryant, investigations manager for the Australian Environmental Protection Agency.

Then there was the US sysadmin who was fired in 2009 and decided to get his own back by planting keyloggers on his former employee’s network, harvesting passwords until he had access to the accounts of senior staff, and then remotely hacking into a presentation by the CEO to the board of directors.

Source: Ghost hack

Leave a Reply

You must be logged in to post a comment. Login now.