Recession Turns IT Workers Into Hackers

If you think the IT guy at work is annoying now -- does he really have to roll his eyes when you ask him where to find to the power switch? -- just wait until he steals $5 million dollars from the company.

As the recession unfolds and companies lay off an increasing number of employees, firms face a new and growing threat in the form of disgruntled technology workers with access to a corporation's best-kept secrets.

Theft of intellectual property, fraud and damage of corporate networks cost corporations over a $1 trillion globally in 2008, according to a recent report by the security firm McAfee and Purdue University.

Any employee who has been laid off or fears he might soon lose his job could potentially steal proprietary information and is a threat to the company. Experts said IT workers are particular dangerous subset because they best know a company's security weaknesses.

"A HR employee, an accountant, a secretary, even a member of the janitorial staff can be a threat, but IT professionals know which systems are well protected and which are not," said Jackie Rees, a professor at Purdue's Center for Education and Research in Information Assurance and Security and a co-author of the report "Unsecured Economies: Protecting Vital Information."

Forty-six percent of the American companies surveyed for the study said "laid-off employees are the biggest threat caused by the economic downturn," followed by hackers with no connection to the company.

The companies surveyed lost an average of $4.6 million worth of intellectual property through cybercrime in 2008, according to the report.

In recent months current or former employees at companies and government agencies have wreaked havoc and stolen millions. The problem will continue to get worse as the economy craters, said Rees.

"Anecdotally, I think we're looking at an increase in these sorts of crimes as a result of the recession," she said.

Cybercrimes by laid-off employees fall into two broad groups -- theft and sabotage.

Cybercrime: Client Information Theft and Sabotage

David Everett, a laid off help-desk employee at Wand Corporation, last year infected his former company's computer network with a virus that cost the company $50,000 to repair.

In January, Everett pleaded guilty in federal court to launching a "malicious software attack" against the Minnesota-based company, which provides computers to fast-food restaurants, just three weeks after he was laid off.

Everett admitted that he uploaded a virus from his home computer onto 1,000 of Wand's network servers, causing computers at 25 restaurants to crash in April 2008.

Just as the housing bubble burst, Rene Rebollo last summer used his position as a senior financial analyst at the country's largest mortgage lender to steal information about borrowers' identities and sell them to identity thieves.

In August 2008, federal agents arrested Rebollo, a former senior financial analyst at Countrywide.

Rebollo is accused of stealing 2 million customer records, saving them to an easily portable flash drive.

According to court documents, most of the computers at Countrywide would not allow documents to be saved to a thumb drive, but Robello found one unprotected computer. For two years he downloaded some 20,000 records a week, which he sold for $400 to $500 a batch, or about $0.025 each -- a fraction of their cost.

Page
  • 1
  • |
  • 2
Join the Discussion
You are using an outdated version of Internet Explorer. Please click here to upgrade your browser in order to comment.
blog comments powered by Disqus
 
You Might Also Like...