2 min read

Prison for former sysadmin who hacked industrial facility and caused a million dollars worth of damage.

Graham CLULEY

February 21, 2017

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Prison for former sysadmin who hacked industrial facility and caused a million dollars worth of damage.

Are you a sysadmin who left your last job under a cloud?

My advice is don’t try and seek revenge by hacking into the company that fired you. You might end up with a lengthy prison sentence.

That’s the fate that has befallen Brian Johnson, who used to work as an IT specialist and system administrator at Georgia-Pacific, one of the world’s largest manufacturers of paper, pulp, tissue, packaging, building materials, and related chemicals.

Johnson of Baton Rouge, Louisiana, has been sentenced to 34 months in a federal prison after being convicted into hacking into Georgia-Pacific’s paper mill at Port Hudson, Louisiana to disrupt and damage the industrial facility’s operations.

The sorry story begins with Johnson’s employment being terminated on February 14 2014, and his being escorted off the premises. That should have been the last time that Johnson had any access to Georgia-Pacific’s network, but despite being fired from his job he remotely accessed the plant’s computer system and sent commands that resulted in “significant damage to Georgia-Pacific and its operations.”

Within two weeks, the FBI were executing a search warrant at Johnson’s home, and noticed a VPN connection to Georgia-Pacific on his computer. Subsequent forensic analysis of Johnson’s computer revealed that it had been used to access the industrial facility’s system on a number of occasions after his dismissal.

For his part, Johnson admitted that he had accessed the plant’s computer system and deliberately transmitted “harmful code and commands”.

Johnson may have been fuming at losing his job, but that rage should never have been allowed to turn into an attack which now means he will be spending almost three years in prison.

In addition, a court has ordered Johnson to pay $1,134,828 in restitution to his former employer, $100 to the US government, and forfeit a variety of computer devices.

US Attorney Walt Green commented on the attack on Georgia-Pacific:

“This case is a powerful reminder of the very real threat and danger that businesses and individuals face from cyberattacks and other cyber-related criminal activity. Thanks to the victim”s quick response and cooperation with our office and the FBI—as well as the excellent work by the prosecutors and law enforcement agents assigned to this matter – we were able to stop Mr. Johnson”s malicious attacks and bring him to justice.”

I’ve warned before of the dangers posed by disgruntled IT staff bent on hacking the computer systems of their former employers.

The attack on Georgia-Pacific should remind all firms of the importance of regularly reviewing who has access to your network, resetting access rights and passwords when a member of staff leaves the company.

It should be impossible for disgruntled former staff to have any window of opportunity to cause damage or steal sensitive corporate information.

It’s not enough to take escort someone off the company premises. You also need to consider whether they have access to log into your network remotely, and if they might have company hardware and data in their possession at home.

Ensure that you have a solid defence in place, and that only employees with the correct authorisation can access confidential or sensitive information and systems. And when those authorised users are no longer authorised, their access rights should be revoked immediately.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials
Silviu STAHIE

November 26, 2021

1 min read
Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group
Filip TRUȚĂ

November 26, 2021

1 min read
Couple arrested for secretly installing cryptomining software on department store PCs Couple arrested for secretly installing cryptomining software on department store PCs
Graham CLULEY

November 26, 2021

1 min read