Are you a sysadmin who left your last job under a cloud?
My advice is don’t try and seek revenge by hacking into the company that fired you. You might end up with a lengthy prison sentence.
That’s the fate that has befallen Brian Johnson, who used to work as an IT specialist and system administrator at Georgia-Pacific, one of the world’s largest manufacturers of paper, pulp, tissue, packaging, building materials, and related chemicals.
Johnson of Baton Rouge, Louisiana, has been sentenced to 34 months in a federal prison after being convicted into hacking into Georgia-Pacific’s paper mill at Port Hudson, Louisiana to disrupt and damage the industrial facility’s operations.
The sorry story begins with Johnson’s employment being terminated on February 14 2014, and his being escorted off the premises. That should have been the last time that Johnson had any access to Georgia-Pacific’s network, but despite being fired from his job he remotely accessed the plant’s computer system and sent commands that resulted in “significant damage to Georgia-Pacific and its operations.”
Within two weeks, the FBI were executing a search warrant at Johnson’s home, and noticed a VPN connection to Georgia-Pacific on his computer. Subsequent forensic analysis of Johnson’s computer revealed that it had been used to access the industrial facility’s system on a number of occasions after his dismissal.
For his part, Johnson admitted that he had accessed the plant’s computer system and deliberately transmitted “harmful code and commands”.
Johnson may have been fuming at losing his job, but that rage should never have been allowed to turn into an attack which now means he will be spending almost three years in prison.
In addition, a court has ordered Johnson to pay $1,134,828 in restitution to his former employer, $100 to the US government, and forfeit a variety of computer devices.
US Attorney Walt Green commented on the attack on Georgia-Pacific:
“This case is a powerful reminder of the very real threat and danger that businesses and individuals face from cyberattacks and other cyber-related criminal activity. Thanks to the victim’s quick response and cooperation with our office and the FBI—as well as the excellent work by the prosecutors and law enforcement agents assigned to this matter – we were able to stop Mr. Johnson’s malicious attacks and bring him to justice.”
I’ve warned before of the dangers posed by disgruntled IT staff bent on hacking the computer systems of their former employers.
The attack on Georgia-Pacific should remind all firms of the importance of regularly reviewing who has access to your network, resetting access rights and passwords when a member of staff leaves the company.
It should be impossible for disgruntled former staff to have any window of opportunity to cause damage or steal sensitive corporate information.
It’s not enough to take escort someone off the company premises. You also need to consider whether they have access to log into your network remotely, and if they might have company hardware and data in their possession at home.
Ensure that you have a solid defence in place, and that only employees with the correct authorisation can access confidential or sensitive information and systems. And when those authorised users are no longer authorised, their access rights should be revoked immediately.