Fired admin cripples former employer’s network using old credentials

Fired admin cripples former employer's network using old credentials

After being laid off, an IT system administrator disrupted the operations of his former employer, a high-profile financial company in Hawaii, hoping to get his job back.

Casey K. Umetsu, aged 40, worked as a network admin for the company between 2017 and 2019, when his employer terminated his contract.

The U.S. Department of Justice says in a press release that the defendant pled guilty yesterday to accessing his former employer’s website and making configuration changes to redirect web and email traffic to external computers.

“After using his former employer’s credentials to access the company’s configuration settings on that website, Umetsu made numerous changes, including purposefully misdirecting web and email traffic to computers unaffiliated with the company, thereby incapacitating the company’s web presence and email” –  the U.S. Department of Justice.

To prolong the business disruption for several more days, Umetsu performed additional actions that essentially locked out the firm’s IT team from the website administration panel.

Umetsu admitted that his motive for causing this damage was to convince his former employee to hire him back at a higher salary.

“Umetsu criminally abused the special access privileges given to him by his employer to disrupt its network operations for personal gain,” said U.S. Attorney Clare E. Connors. 

“Those who compromise the security of a computer network – whether government, business, or personal – will be investigated and prosecuted, including technology personnel whose access was granted by the victim,” Connors added.

In the end, the victimized company learned who was responsible for the sabotage after reporting the cybersecurity incident to the FBI.

Umetsu is awaiting sentence for his wrongdoings on January 19, 2023. He faces a maximum of 10 years of prison time and a fine of up to $250,000.

While Umetsu’s actions are condemnable, the company’s security practices cannot be overlooked since Umetsu used credentials that should have been invalidated the moment he got fired.

Disgruntled employees have a strong incentive to be vengeful. Apart from using access credentials themselves, they could also sell them on the dark web.

In May 2022, a former real estate brokerage firm database administrator wiped four database and application servers after his supervisors had ignored his security-related warnings.

In September 2021, a fired credit union employee hacked into her former employer’s computer systems and deleted 21 GB of important business data.

https://www.bleepingcomputer.com/news/security/fired-admin-cripples-former-employers-network-using-old-credentials/