Porn-Hacking Case Shows Insider Threat to Network Infrastructure Very Real
Porn and PowerPoint are two words not often said in the same sentence. But that combination proved to be a nightmare for the CEO of Baltimore Substance Abuse System Inc.
While giving a PowerPoint presentation on his accomplishments to the board in 2009, the CEO’s computer suddenly froze and shutdown. After rebooting, an image of a naked woman came up on the 64-inch screen.
The cause of the porn embarrassment? A former employee.
We’ve all heard about disgruntled IT staff taking liberty with a company’s network infrastructure, but the case of Walter Powell seems to show that the insider threat is all too real. Phillip Liberman, president of Liberman Software, also discusses the problem in June’s issue of Network-Centric Security ().
Powell was director of management information systems at Baltimore Substance Abuse System until September 2009. After his departure, using his still-active network login information, he began to wreak havoc from his home computer.
Along with the porn stunt, among other things, Powell allegedly installed keystroke loggers on various computers in the organization looking for other more login information, forwarded confidential e-mails to other employees and accessed the CEO’s e-mail numerous times. Thankfully, no confidential information was leaked.
Thanks to the hacking, Powell was sentenced this week to two years of suspended prison time along with 100 hours of community service and three years of probation.
Officials from the Baltimore Substance Abuse System said the cost to rebuild the network and install and upgrade security measures cost more than $80,000. That’s a big amount for an organization responsible for the administration of federal, state and local grant funds for substance abuse treatment and prevention services.
So, while shadowy hacking groups like LulzSec continue to make news, organization officials still need to realize that danger can be just as easily sitting in the IT office.
Posted by Brent Dirks on Jun 24, 2011