IT Admin Guilty of Hacking of Former Employer

A former IT system administrator is facing a decade in the slammer after pleading guilty to hacking his employer and shutting down key systems the day he was fired.

Joe Vito Venzor, 41, is also facing a bill of $250,000 and restitution to former employer Lucchese Bootmaker, after admitting one count of “transmission of a program to cause damage to a computer.”

The Department of Justice had the following:

“By pleading guilty, Venzor admitted that on September 1, 2016, after being terminated from his position at the company’s help desk, he logged onto the company’s network through an administrator account and shut down the company’s email server and application server while deleting systems files essential to restoring computer operations.”

The account in question – “elplaser” – had been used before and was easily traced by federal investigators to Venzor’s work computer.

They also apparently discovered a file sent from his work to personal account containing the log-ins of employees at the bootmaker. The order they were saved to the file was the same order in which Venzor is said to have changed them on the day of his sacking – meaning staff couldn’t help restore systems.

As a result of his actions, 300 employees were sent home after being unable to work in the production and shipping factory. Customers were not able to place any orders and goods could not be shipped.

The firm’s IT director was also forced to hire third party IT staff to set up a new application server – all of which presumably cost time and money for Lucchese Bootmaker.

“The company continued to suffer direct and indirect losses because of the intrusion into its computer server in the ensuing days and weeks, as they had to reconstruct files, and fulfill production and customer services issues,” the DoJ concluded.

The case is another example of the challenges associated with managing insider risk.

Research from Forcepoint released last week found that almost a third (29%) of employees at European companies have “purposefully” sent information outside their company, 15% have taken business critical info with them from one job to another and 59% planned to use it in their next job.

Source:https://www.infosecurity-magazine.com/news/it-admin-guilty-of-hacking-of/