Lone wolves: It’s the attack every enterprise fears even more than hackers or a data breach: an insider with skills and knowledge who decides to go rogue.While such attacks remain exceptions, the ones that come to public attention in court cases always make for stressful reading. The challenge is that developers and admins must have a degree of privileges to do their jobs. This makes it inherently difficult to distinguish legitimate access with a lone wolf on the rampage before damage is done.The case underlines the need to limit admin privileges and use logging oversight to monitor access for suspicious trends. If something odd is detected, someone needs to be on hand to step in as quickly as possible. The simple presence of these controls can also act as a deterrent.Things have changed hugely in the last decade, however. Take the case of Terry Childs, the San Francisco network admin who refused to hand over admin passwords to the City’s FiberWAN system, denying the organization admin control for 12 days in 2008. His justification? He was the only one who knew how to administer the system correctly.While some in the sysadmin world expressed sympathy for Childs, the idea that one employee should be given sole access to any system would be kicked out of court very quickly today. Found guilty in 2010, Childs was sentenced to four years in prison and ordered to pay $1.5 million restitution.Nevertheless, examples of abuse still crop up. A brazen recent example is the case of Nickolas Sharp, a well-paid admin for Ubiquiti Networks, who in 2020 stole data from his company, tried to implicate other employees for the theft, and then went on to extort the company for $2 million to return the data, all while supposedly conducting attack remediation.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4044730/disgruntled-developer-gets-four-year-sentence-for-revenge-attack-on-employers-network.html
