Recession Turns IT Workers Into Hackers

Economic downturn pushes computer geeks into cybercrime for revenge, profit.

March 6, 2009, 7:17 PM

March 6, 2009— -- If you think the IT guy at work is annoying now -- does he really have to roll his eyes when you ask him where to find to the power switch? -- just wait until he steals $5 million dollars from the company.

As the recession unfolds and companies lay off an increasing number of employees, firms face a new and growing threat in the form of disgruntled technology workers with access to a corporation's best-kept secrets.

Theft of intellectual property, fraud and damage of corporate networks cost corporations over a $1 trillion globally in 2008, according to a recent report by the security firm McAfee and Purdue University.

Any employee who has been laid off or fears he might soon lose his job could potentially steal proprietary information and is a threat to the company. Experts said IT workers are particular dangerous subset because they best know a company's security weaknesses.

"A HR employee, an accountant, a secretary, even a member of the janitorial staff can be a threat, but IT professionals know which systems are well protected and which are not," said Jackie Rees, a professor at Purdue's Center for Education and Research in Information Assurance and Security and a co-author of the report "Unsecured Economies: Protecting Vital Information."

Forty-six percent of the American companies surveyed for the study said "laid-off employees are the biggest threat caused by the economic downturn," followed by hackers with no connection to the company.

The companies surveyed lost an average of $4.6 million worth of intellectual property through cybercrime in 2008, according to the report.

In recent months current or former employees at companies and government agencies have wreaked havoc and stolen millions. The problem will continue to get worse as the economy craters, said Rees.

"Anecdotally, I think we're looking at an increase in these sorts of crimes as a result of the recession," she said.

Cybercrimes by laid-off employees fall into two broad groups -- theft and sabotage.

Cybercrime: Client Information Theft and Sabotage

David Everett, a laid off help-desk employee at Wand Corporation, last year infected his former company's computer network with a virus that cost the company $50,000 to repair.

In January, Everett pleaded guilty in federal court to launching a "malicious software attack" against the Minnesota-based company, which provides computers to fast-food restaurants, just three weeks after he was laid off.

Everett admitted that he uploaded a virus from his home computer onto 1,000 of Wand's network servers, causing computers at 25 restaurants to crash in April 2008.

Just as the housing bubble burst, Rene Rebollo last summer used his position as a senior financial analyst at the country's largest mortgage lender to steal information about borrowers' identities and sell them to identity thieves.

In August 2008, federal agents arrested Rebollo, a former senior financial analyst at Countrywide.

Rebollo is accused of stealing 2 million customer records, saving them to an easily portable flash drive.

According to court documents, most of the computers at Countrywide would not allow documents to be saved to a thumb drive, but Robello found one unprotected computer. For two years he downloaded some 20,000 records a week, which he sold for $400 to $500 a batch, or about $0.025 each -- a fraction of their cost.

Companies are not the only institutions with information to be stolen and large digital networks to be compromised.

In July 2008, Terry Childs, 43, a network administrator for the city of San Francisco, held the city hostage for five days while he sat in jail, charged with hacking the city's computer system and creating a secret password that gave him virtually exclusive access to most of the city's municipal data.

Described as a "rogue employee" by Mayor Gavin Newsome, Childs refused to explain his motive for creating a password that would block other administrators from accessing the network, but it is believed he hacked the network after an argument with a supervisor.

Company Password Protection and Best Practices

Newsome visited Childs in jail to get him to turn over the password, five days after he was arrested.

Childs is still awaiting trial.

"Companies have to be worried about theft and destruction," said Lisbi Abraham, a senior advisor at Zecurion, an information security company that specializes in protecting against insider threats.

Abraham said both former employees as well as current employees, who know or believe they are going to be fired, present a threat to company.

An important first step for companies reviewing their security protocols, he said, was to review the lists of which employees have access to which parts of the network.

Abraham recommended double checking backed-up material to ensure what you thought was saved is really there and consolidating access to sensitive material to fewer people as the company makes layoffs.

In addition to making sure the company has up-to-date anti-virus software, Abraham suggested the simple steps of making sure computers were equipped with programs that required difficult to crack passwords and password-protected screensavers.

ABC News Live

ABC News Live

24/7 coverage of breaking news and live events