cflWith companies cutting jobs as the economic downturn deepens, the incidence of corporate and organizational sabotage is spiraling. “There is a renewed threat from disgruntled employees in times of economic downturn because more people are angered at losing their jobs,” says Richard Power, editorial director at the CSI. Experts and law enforcers advise users to increase their vigilance in line with the potential threat from disgruntled ex-employees.

In San Francisco and Silicon Valley, mass lay-offs are creating extra casework for the local branch of the Computer Intrusion Squad. Supervisory special agent Peter Trahon says his team of nine agents, the largest of 16 teams located across the US, is fielding up to six cases a day arising from malicious attacks on firms by former employees nursing grievances — only a fraction of which it has the resources to pursue. The team is investigating between eight and 12 cases out of the 60 it has on its books.

Trahon’s squad is called on to probe a wide variety of cases. “Recently, a disgruntled former employee intruded into the network and sent disparaging e-mails about one individual to 50,000 employees across the company,” he recalls. Other hacks include denial of service attacks to bring down e-mail servers, stealing customer lists and destroying data.

You can add theft of intellectual property to that list, says Kris Hawarth, manager of consultant Deloitte & Touche’s San Francisco computer forensics laboratory. Investigations into smuggling of confidential competitive information to rivals accounts for 90% of her practice’s workload. “Intellectual property theft is the biggest threat because of its simplicity — $1m worth of R&D can be transferred onto a floppy. Twenty years ago, people had to walk out with a box,” says Hawarth.

Sabotage by ex-employees is not normally difficult to crack, says Trahon. “They are bright individuals, but they don’t have a criminal mindset and are a bit angry. Covering their tracks is often an after-thought.” However, in their determination to wreak vengeance, former insiders inflict far more damage than a disinterested, anonymous hacker.

In many cases, organisations leave themselves open through a basic oversight. “Typically, the last person to be notified that a person has been fired is the system administrator and they are the gatekeeper to the crown jewels of the corporation,” says Trahon. System administrators need to be in the loop when lay-offs are being made and advised of whose network access rights should be terminated, he recommends.

A clearly-defined exit procedure for outgoing employees is the cornerstone of any prevention policy, say the experts.

“Employees are increasingly asked to clear their desks out and are escorted to the door by a guard — companies must do the same process online. As well as being asked to give back the keys to the office, employees need to hand in their keys to the electronic office,” says Power. This entails immediate closure of e-mail accounts and network access.

As well as internal staff, external consultants working in-house pose a risk if they feel they have not been properly reimbursed or are otherwise aggrieved, says Trahon.

Other security loopholes are unused programs on servers, adds Trahon. Web servers often include file transfer protocol or e-mail management systems, pre-installed by suppliers so the hardware is ready to go for a range of purposes straight out of the box.

“Vulnerabilities escalate exponentially with these services,” says Trahon, who advises users to scan Internet protocol addresses for additional programs running on servers.

Firms need to be wise to the threat posed by security breaches, says Trahon. “Sometimes, when a company is intruded upon, we end up talking to a security person who doesn’t know anything about IT,” he says. End-users should be grilled on whether they shut down their systems after use or regularly change their password, to instill security awareness, suggests Power.

Much can be done to reduce exposure to the crippling financial, operational and public relations blows that sabotage by ex-IT staff can inflict. Failure to do so could make cost-cutting job lay-offs a false economy.

Ex-staff wreak havoc on IT systems

SEPTEMBER 2000

Former Federal Aviation Administration software engineer Thomas Varlotta was convicted of stealing the only copy of the source code for a vital program he co-developed for Chicago’s O’Hare airport. US federal investigators recovered the code, vital to fix glitches in the automated system used to transmit information between on-site and off-site air traffic control teams, from Varlotta’s house in June 1998. but took eight months to unscramble the 14-digit password the ex-IT staffer had encrypted it with

DECEMBER 2000

Joseph Durnal was ordered to pay Peak Technologies, where he had worked as an IT contractor. more than $48,000 after being convicted of hacking its computer systems. Durnal sent e-mails with pornographic attachments, purportedly from management, telling workers that the Columbia. Maryland-based logistics systems integrator was going out of business

FEBRUARY 2001

FBI counterintelligence agent Robert Hanssen was arrested for allegedly stealing dozens of files from the bureau’s computer network and passing them to the former Soviet Union and present day Russia over 15 years. Hanssen. described as a “highly-skilled programmer”, enjoyed access to the FBI’s internal network, containing its classified records of investigations, throughout this period.

Prevention measures

Users should tighten security during lay-offs, which could upset workers and lead them to lash out at the company. Suggested measures include:

* Changing passwords

* Instantly repealing all systems access for departing employees

* Closing unused server-based programs that could be used by former insiders to access internal systems

* Scanning systems, including user names and passwords, for anomalies

* Double checking software back-up tapes

* Appointing dedicated IT security management personnel.