In what most employers would consider a ‘nightmare scenario’ an ex-employee took down the network of an ISP and caused them to be offline for a week. This employee was finally sentenced this week to 2 years in prison and fined $26,000 for the incident in June 2010 which took his ex-employer offline.
According to the charge sheet, within days of being fired by Harrisburg internet service provider Pa Online in June 2010, Dariusz J Prugar (now 32) used privileged credentials (which has obviously not been changed) to access the network in order to retrieve software he believed he had written and had ownership rights to.
To maintain his covert access, he also planted backdoors and attempted to hide his tracks using scripts that deleted log files from the servers he had logged into.
Unfortunately, doing this caused the company’s systems to crash, leaving several thousand of its residential and business customers without internet or email access.
When his former employee phoned him for help, Prugar tried to negotiate his rights to the software in return for co-operation. Now becoming suspicious, the company called in the FBI to investigate, and it was at this point that his activity was uncovered.
It is still not clear how much damage Darius Prugar intended to cause but the end result was a week of downtime spent rebuilding the network from scratch to avoid future compromise and a lot of unhappy customers. The case took more than 6 years to come to court and the ISP is no longer in business (although it is unknown if this was the cause of the business cessation).
It’s exactly this sort of bad-actor type incident that will send a chill through IT departments. Incidents where lone ‘rogue-admins’ turn on employers often feature very similar patterns to this.
For this reason and more, it’s highly recommended that employers with significant exposure to this consider a full ‘data loss prevention’ solution, such as Safetica DLP.