Monday, August 22, 2011

IT staff member wipes out company’s servers–after he was terminated!

I read this InfoWorld article this morning and figured I’d pass it on. It’s yet another story where a terminated IT staff member subsequently does something bad.
Logging in from a Smyrna, Georgia, McDonald's restaurant, a former employee of a U.S. pharmaceutical company was able to wipe out most of the company's computer infrastructure earlier this year.
Jason Cornish, 37, formerly an IT staffer at the U.S. subsidiary of Japanese drug-maker Shionogi, pleaded guilty Tuesday to computer intrusion charges in connection with the attack on Feb. 3, 2011. He wiped out 15 VMware host systems that were running email, order tracking, financial, and other services for the Florham Park, New Jersey, company.

Using vSphere, he deleted 88 company servers from the VMware host systems, one by one.
I sure hope Shionogi had an effective backup policy in place. Aside from that, I wonder how long it will take for IT to understand the importance of de-provisioning an employee and better access control around privileged account management?

A few weeks ago I overhead someone saying that identity management was passé. I don’t think so! This is a great example of how far we still have to go…


sjhudson11 said...

Interesting AND disturbing. There is NO REASON for this, as we have "passe" software available to counteract this type of activity. Think they will get fined by the Japanese government?

guenots said...

Wonder if he nailed the backup first, then deleted the servers. Problem in small IT departments. In order to operate everyone can do everything, segregation is important as well, but many people forget this.

Richard Blackham said...

What a classic. How many times have we been warned about this? Once again, it's incredible to me that a pharmaceutical company isn't subject to more rigorous controls and audit. Where was the FDA with their attestation requirements? Simple IAI could have prevented this. The IDM journey is just beginning!