After being laid off, an IT system administrator disrupted the operations of his former employer, a high-profile financial company in Hawaii, hoping to get his job back.
Casey K. Umetsu, aged 40, worked as a network admin for the company between 2017 and 2019, when his employer terminated his contract.
The U.S. Department of Justice says in a press release that the defendant pled guilty yesterday to accessing his former employer's website and making configuration changes to redirect web and email traffic to external computers.
"After using his former employer's credentials to access the company's configuration settings on that website, Umetsu made numerous changes, including purposefully misdirecting web and email traffic to computers unaffiliated with the company, thereby incapacitating the company's web presence and email" - the U.S. Department of Justice.
To prolong the business disruption for several more days, Umetsu performed additional actions that essentially locked out the firm's IT team from the website administration panel.
Umetsu admitted that his motive for causing this damage was to convince his former employee to hire him back at a higher salary.
"Umetsu criminally abused the special access privileges given to him by his employer to disrupt its network operations for personal gain," said U.S. Attorney Clare E. Connors.
"Those who compromise the security of a computer network – whether government, business, or personal – will be investigated and prosecuted, including technology personnel whose access was granted by the victim," Connors added.
In the end, the victimized company learned who was responsible for the sabotage after reporting the cybersecurity incident to the FBI.
Umetsu is awaiting sentence for his wrongdoings on January 19, 2023. He faces a maximum of 10 years of prison time and a fine of up to $250,000.
While Umetsu's actions are condemnable, the company's security practices cannot be overlooked since Umetsu used credentials that should have been invalidated the moment he got fired.
Disgruntled employees have a strong incentive to be vengeful. Apart from using access credentials themselves, they could also sell them on the dark web.
In May 2022, a former real estate brokerage firm database administrator wiped four database and application servers after his supervisors had ignored his security-related warnings.
In September 2021, a fired credit union employee hacked into her former employer's computer systems and deleted 21 GB of important business data.
Comments
NoneRain - 1 year ago
Was this dude the “do everything” guy? Cuz I can't imagine an IT team letting his credentials untouched after a laid off, mainly on external access services.
I can only imagine that the IT team is small, maybe inexperienced, and Umetsu centralizing most of the work on him. That would clarify why they took days to change passwords and disable accs....
lonegull - 1 year ago
The logic of his actions fail me, causing the company a loss of business, money and time isn't likely to make them open to re-hire. Fat chance landing an IT job after prison, dummy!
J1ceasar - 1 year ago
While Umetsu's actions are condemnable, the company's security practices cannot be overlooked since Umetsu used credentials that should have been invalidated the moment he got fired.
J1ceasar - 1 year ago
Whenever you're going to fire anybody in it., First you invalidate their credentials, and then you walk them out the door. You never give them a chance to screw anything up