Sysadmin

Allegro MicroSystems LLC is suing a former IT employee for sabotaging its database using a "time bomb" that deleted crucial financial data in the first week of the new fiscal year.

The lawsuit was filed in August 2016 and is currently ongoing. The defendant is a man named Nimesh Patel from Shrewsbury, Massachusetts, who worked for Allegro between August 26, 2002, and January 8, 2016.

Patel was one of Allegro's many IT workers, in charge of the company's database, and more precisely of an Oracle finance module, which the company used to manage the financial side of its business.

Patel resigned from his job in 2016

During his 14-year employment at Allegro, Patel received three laptops from his employer, a well-known high-performance semiconductors manufacturer.

Two of these were for business use, while a third, an older model, was provided for personal use. When he resigned from Allegro, Patel returned only one of the two business laptops he was supposed to give back, and kept the third, as he was not obliged to return the laptop he received for personal use.

When Allegro discovered Patel's actions, they summoned their former IT worker to return the second laptop because the device was capable of accessing Allegro's IT network.

Instead of complying with the company's request, Patel returned the older laptop, meant for personal use, after he wiped the hard drive without reinstalling a fully-functional OS.

Patel used colleague's credentials to access Allegro's network

On January 31, Patel entered the grounds of the Allegro headquarters in Worcester, Massachusetts, just enough to be in range of the factory's WiFi network.

According to court documents, Allegro says that Patel used the second business-use laptop to connect to the company's network using the credentials of another employee.

Patel had access to employee credentials because he was one of the company's senior system administrators, and kept a copy of a file with usernames and passwords on his laptop.

Allegro: Patel planted a "time bomb"

While connected to factory's network on January 31, Allegro claims Patel, who was one of the two people in charge of Oracle programming, uploaded a "time bomb" to the company's Oracle finance module.

The code was designed to execute a few months later, on April 1, 2016, the first week of the new fiscal year, and was meant to "copy certain headers or pointers to data into a separate database table and then to purge those headers from the finance module, thereby rendering the data in the module worthless."

In a complaint filed by Allegro, the company says that "defendant Patel knew that his sabotage of the finance module on the first week of the new fiscal year had the maximum potential to cause Allegro to suffer damages because it would prevent Allegro from completing the prior year's fiscal year-end accounting reconciliation and financial reports."

Because Patel used valid credentials to access Allegro's network, his intrusion went unnoticed and ended up in the execution of the "time bomb."

Laptop electronic fingerprint gave Patel away

Allegro's IT staff discovered the sabotaged Oracle finance module on April 14, 2016. Ten days later, on April 24, the IT staffers found Patel's malicious code after comparing the current database with a copy from older backups.

Eventually, they traced the unauthorized access to Patel's second business laptop based on the device's "electronic fingerprint."

The company is now suing Patel asking for damages. Allegro said it paid in excess of $100,000 to fix its systems after Patel's sabotage. Allegro is also seeking punishment for Patel's trespassing and accessing its network without authorization. Unless the two parties come to an agreement, a trial is set for later this year.

Related Articles:

Ransomware gang targets Windows admins via PuTTy, WinSCP malvertising