We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
2,851 Tutorials

How to protect yourself against rogue IT staff

One rogue employee can do immense damage

One rogue IT employee can do more damage than an army of hackers. Here's how three companies could have better protected themselves.

Pirating software - and worse

The US retailer's tale of woe began in early 2008, when the BSA notified it that Microsoft had uncovered licensing discrepancies, according to John Linkous. Today, Linkous is chief security and compliance officer at eIQ Networks, a security consultancy. His experience with the incident involving the retailer is from his previous job, when he was vice-president of operations at Sabera, a now-defunct security consultancy.

Microsoft had traced the sale of the suspect software to a client company's system admin. For purposes of this story, we'll call that admin 'Ed'. When Linkous and other members of the Sabera team were secretly called in to investigate, they found that Ed had sold more than half a million dollars in pirated Microsoft, Adobe and SAP software to his employer.

The investigators also noticed that network bandwidth use was abnormally high. "We thought there was some kind of network-based attack going on," says Linkous. They traced the activity to a server with more than 50,000 pornographic still images and more than 2,500 videos, according to Linkous.

In addition, a forensic search of Ed's workstation uncovered a spreadsheet containing hundreds of valid credit card numbers from the company's e-commerce site. While there was no indication that the numbers had been used, the fact that this information was contained in a spreadsheet implied that Ed was contemplating either using the card data himself or selling it to a third party, according to Linkous.

The CFO, who had originally received the call from the BSA, and others on the senior management team feared what Ed might do when confronted. He was the only one who had certain administrative passwords - including passwords for the core network router/firewall, network switches, the corporate VPN, the HR system, the email server administration, Windows Active Directory administration and Windows desktop administration.

That meant that Ed could have held hostage nearly all the company's major business processes, including the corporate website, email, financial reporting system and payroll. "This guy had keys to the kingdom," says Linkous.

Extreme measures

So the company and Linkous' firm launched an operation right out of Mission: Impossible. They invented a ruse that required Ed to fly overnight to California. The long flight gave Linkous' team a window of about five and a half hours during which Ed couldn't possibly access the system. Working as fast as they could, the team mapped out the network and reset all the passwords. When Ed landed in California, "the COO was there to meet him. He was fired on the spot".

NEXT PAGE: The cost to the company

  1. One rogue employee
  2. Pirating software and worse
  3. The cost to the company
  4. Outsourcing incenses employees
  5. Preventative measures
  6. A firing gone very wrong
  7. The best defence is multipronged

IDG UK Sites

Samsung Gear S (Solo) curved-screen smartwatch confirmed: release date, price and specs UK

IDG UK Sites

Nostalgia time: Top 10 best selling mobile phones in history

IDG UK Sites

How Ford designs next-generation cars at its Melbourne Design Centre

IDG UK Sites

Apple 15-inch MacBook Pro with Retina review and the mystery of the processor benchmarks