The former technical support engineer of Lucchese Bootmaker, a well-known footwear manufacturer in the United States, admitted that he deliberately had thwarted work of the factory in September 2016.
The attack on the company’s server occurred an hour after the IT engineer had been informed of his dismissal. He acted aggressively at the time of dismissal, and his colleagues had to make an effort to get him out of the building. Therefore, the company’s security department and the police immediately linked the incident with the dismissal.
Information security experts found out that the fired engineer had used the previously created account, disguised as a printer, to gain remote access to the system. He disabled the mail server and server that was responsible for processing orders and production activities. He also deleted the system files, because of which the regular IT employees could not restart and restore the server. In addition, he blocked access to employees’ accounts by specifying new passwords.
As a result of the incident, the production of cowboy boots stopped. Half a day employees could not make out and send out orders. The management was forced to send home 300 workers. It took several hours for contractors to restore the servers, and a few weeks to return to the normal production cycle. The losses of Lucchese Bootmaker reached 100 thousand dollars only because of problems in the shipping center, not counting the downtime and payment for the contractors’ services.
The engineer who was furious because of his dismissal spent 45 minutes on the operation, but he forgot to carefully erase the traces of his presence on the corporate network. As a result of the investigation, it was possible to reconstruct the course of the incident, and more...
It was also discovered that the suspect had had the database with the employees' records and just before the dismissal had sent a file from the corporate to the personal mailbox. The order of logins and passwords in the document corresponded to the order in which the employees accounts were blocked on the attack day. It also became clear that the fake account, with which the suspect remotely had administered the server, had been already used from his service computer, password-protected. The account that looked like a standard printer was blocked.
The court will decide on the punishment in early June. The former IT engineer faces up to 10 years in a federal prison and a 250-thousand-dollar fine.