A recently fired IT system admin compromised the operation of their previous employer to get revenge against his old employers. The laid-off employee was a 40-year-old network administrator for a big-time company in Hawaii for nearly three years.
The Department of Justice in the US stated that the individual pled guilty to accessing his former employer’s website and making changes to redirect web and email traffic to external devices.
Based on reports, the defendant used its credentials to access the company’s configuration setting on the website. Subsequently, the former employee intentionally misdirected web users and email traffic to computers that were not connected to the company. Hence, the attacker stripped the company of the ability to have a web presence or email transactions.
The fired IT admin was identified as Casey K. Umetsu.
According to researchers, former IT admin Umetsu ran additional actions that locked out the firm’s IT team from the website administration panel. The operation prolonged the business disruption for several days.
Additionally, the accused claimed that his objective for causing damage to the company was to convince his former company to rehire him with more benefits and a higher salary.
However, the compromised company eventually identified who was responsible for the attack after seeking the help of the FBI. Casey K. Umetsu is awaiting a sentence for his actions in January next year, where he might face a verdict of a maximum of 10 years of prison time and a fine that could go up to a quarter of a million.
On the other hand, researchers pointed out the company’s mistake since the defendant still accessed its credentials despite being laid off. They emphasised that the company should have already invalidated Umetsu’s credentials as soon as he was out of the company.
Fired employees tend to have a strong will to take revenge against their former employers. Their credentials during their company stay are usually utilised as tools for vengeance. Some employees also sell their company information to dark web marketplaces if they cannot disrupt their former workplace.