Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Data Storage Businesses

Fired NY Credit Union Employee Nukes 21GB of Data In Revenge (bleepingcomputer.com) 123

Juliana Barile, the former employee of a New York credit union, pleaded guilty to accessing the financial institution's computer systems without authorization and destroying over 21 gigabytes of data in revenge after being fired. BleepingComputer reports: According to court documents, the defendant worked remotely as a part-time employee for the credit union until May 19, 2021, when she was fired. Even though a credit union employee asked the bank's information technology support firm to disable Barile's remote access credentials, that access was not removed. Two days later, on May 21, Barile logged on for roughly 40 minutes. The defendant deleted over 20,000 files and around 3,500 directories during that time, totaling roughly 21.3 gigabytes of data stored on the bank's share drive. The wiped included files related to customers' mortgage loan applications and the financial institution's anti-ransomware protection software.

Besides deleting documents with customer and company data, Barile also opened various confidential Word documents, including files containing board minutes for the credit union. Five days later, on May 26, she also told a friend via text messages how she was able to destroy thousands of documents on her former employer's servers, saying, "They didn't revoke my access so I deleted p drift lol. [..] I deleted their shared network documents." Although the New York credit union had backups of some of the data deleted by the defendant, it still had to spend more than $10,000 to restore the destroyed data following Barile's unauthorized intrusion.

This discussion has been archived. No new comments can be posted.

Fired NY Credit Union Employee Nukes 21GB of Data In Revenge

Comments Filter:
  • Just here to see all the comments supporting the employee. :)
    • by saloomy ( 2817221 ) on Wednesday September 01, 2021 @09:18PM (#61754753)
      It is a failure on so many levels. Why do companies not have volume shadow copies turned on for shared drives? Why do companies not use snapshot-able completely out-of-band managed storage systems for ransomware mitigation? All this baffles me. We host a lot of company data for clients, and several of them have stupidly unleashed ransomware attacks. We just snap back the filesystems and remedy the infection if possible before payload, or we move to new systems and copy data across. It really is'nt that difficult. The storage server runs ZFS so snapshots by the minute go back a day, and by the hour go back a month. By the day go back a year. Storage is dirt cheap, and we replicate it across the country.
      • Re: (Score:1, Insightful)

        by Anonymous Coward

        Since it's a bank, it's probably a Windows lock-in thing. Not having access to a modern COW filesystem like those available on *nix, these enterprises are most likely stuck using 1990's technology like NTFS.

        • Large companies that I have worked at usually use large appliances that have COW (like Netapp or EMC). They also usually run enterprise apps on things like HPUX or AIX. AIX happens to be really popular in banking as well.
          • Large companies that I have worked at usually use large appliances that have COW (like Netapp or EMC). They also usually run enterprise apps on things like HPUX or AIX. AIX happens to be really popular in banking as well.

            It's quite likely they did the restore with that. If you assume a large coroporation employee costs around $1000 per day (not just pay - buildings, managers, canteen, safety training etc. etc.) and you have hundreds of employees with deleted data then ten days of work is probably just the time to ask each of them to check they got their data back or a small part of the lost time with employees locked out of their work whilst you check that the data hasn't been damaged or manipulated before they are allowe

        • I was wondering the same thing. At the minimum, something like a Synology NAS with btrfs, which offers snapshots, 2FA for the web console, backend encryption (for PCI-DSS audits), and the ability to back itself up with Hyper Backup to a cloud provider, would have mitigated this. Of course, something like a Pure Flashblade, EMC Isilon, or a decent NetApp file server is what should be used for a bank, so there is enterprise support, at least two controllers, and the ability to have file/object locking to en

          • The problem with some of those tools and large IT departments is the incessant push for single sign on. Connecting administrative access to things like AD is just dumb. A lot of organizations did it for SOX compliance and documentation of password management, but that left one ring to rule them all, one ring to bring them all, and in the darkness bind them!
          • Even a Windows file server would have them covered. It is built in, you just have to enable it.

            https://docs.microsoft.com/en-... [microsoft.com]

            Not having shadow copies enabled shows a serious lack of IT knowledge in the company, it is hard to not have access to it.

      • Re: (Score:3, Insightful)

        by Anonymous Coward

        Why do companies not have volume shadow copies turned on for shared drives? Why do companies not use snapshot-able completely out-of-band managed storage systems for ransomware mitigation? All this baffles me.

        This company has no IT department. There's no one whose job is "make computers do things"
        It is like asking why the person sweeping the floor didn't do this list of proper actions while building a jet engine. It's not their job, they aren't there for that, and it is unreasonable to have such expectations of them.

        Even though a credit union employee asked the bank's information technology support firm to disable Barile's remote access credentials,

        The credit unit places no value on hiring people who understa

      • by Canberra1 ( 3475749 ) on Wednesday September 01, 2021 @10:21PM (#61754907)
        Correct. And just a pissy 20gig, not even a thumbdrive. Two days to revoke probably means the dedicated security person is not dedicated, and past audits failed to pick this up. I wonder if the OH&S and Fire Safety people are not similarly compromised.As for 10K - impossible, there should be a greased and tested restore plan that works. Embarrassment - because clearly no-one had a clue. It also means the person who has the ITSEC role, needs to be fired as well.
        • Emergency power comes to mind, too.

          I once worked in an IT department, which had 2 big data centers. One the main center, and 150km away the failover center.

          As there were construction sites around the main center they wanted to test a "power failure", with switch over to the failover center.

          Both centers had 2 independent power supplies. So when they cut the connection to power, it was supposed that, the main center keeps running from the second supply, but signals the fail over to take over.

          Well, the failover took over. And the main center was suddenly dark. Turned out, the secondary power supply was never connected to the data center. And they never realized that over a course of 15 or 20 years.

          • by Dareth ( 47614 )

            So this was a necessary if not successful test?

            • Necessary yes.
              Successful somehow also, as the fail over center did what it was supposed to do.

              The strange thing is, that they obviously never tested before, if both power lines are connected.

          • Generator testing. Seen that before. Nobody backed up complex VM settings, Seen that before. Seen high security, but the aircond man could shut down aircond, and did so when legionnaire disease readings were higher than usual. Move the datacentre to the basement. Whats that, a fire hydrant at the top of the underground entrance Remote site testing when it was a public holiday in that state. Broomsticks knocking the Halon Gas switch. I remind persons that the secondary site software is probably missing man
      • by Anonymous Coward

        Why is Windows being used to share files in the first place? If one is doing the job "right", files will be on a dedicated appliance that has multiple controllers. What this gives over Windows is a number of things:

        * The file server's admin console is not on the domain. This means that if the domain is compromised an attacker can't just go to the file server and purge everything like they can do with volume shadow copies.

        * The file server has snapshots. NetApp, Isilon, and other file servers create .s

      • by leereyno ( 32197 ) on Thursday September 02, 2021 @12:38AM (#61755345) Homepage Journal

        Because competent people are rare, and organizations where competent people are in charge and allowed to solve problems are rarer still.

        People who can't do the work will always try to get in the way of the people who can.

      • Competent companies do that. I accidentally deleted 8GB worth of company data on a shared drive (the company's main failing is that I had the ability to do that). When I noticed the mistake after a quick call to IT it was restored before I logged off for the day. Heck protection mechanisms against this is also a default part of any corporate cloud storage solution. These days even OneDrive for Business will dynamically change it's deletion policy, if you delete a large amount of data from your PC it doesn't

    • by NFN_NLN ( 633283 ) on Wednesday September 01, 2021 @09:20PM (#61754761)

      > Just here to see all the comments supporting the employee. :)

      Sorry but he crossed the line. I can see 16, 18, maybe 19GiB but once you pass 20GiB that's where I draw the line.

      • by _merlin ( 160982 )

        Sorry but he crossed the line.

        She crossed the line. Juliana is pretty obviously a feminine name.

      • by leonbev ( 111395 )

        Yeah, 20GB of data is nothing in 2021. I just decommissioned two SAN's that had about 200TB of total data on them, and even that's small my modern corporate storage standards.

        • The right 20GB sure is important. Imagine deleting all of your corporation's PKI data, certs, keys, etc. Maybe only 120MB. Maybe only devastating.

          ps - this is vandalism if nothing else. Criminal.

    • by Brain-Fu ( 1274756 ) on Wednesday September 01, 2021 @09:23PM (#61754769) Homepage Journal

      Blaming the credit union is NOT the same thing as excusing the employee.

      It is the credit union's fault for not following up on the account access change. It's also the fault of the "information technology support firm" that failed to disable her account when requested. They both failed to do their due diligence, so the hack is 100% their faults.

      But that doesn't excuse Juliana at all. It being their fault doesn't make her any less guilty. It is also her fault, for deliberately breaking the law, and she should be fully punished.

      Guilt is not a zero-sum game, where the more one person has the less someone else has. Guilt is abundant. It multiplies as needed to be spread around.

      • Hmmm. 100% I'm reading an interesting book and the whole percentage estimation would fall under the "availability heuristic" plus a bit of "anchoring" a form of bias. There could even be extenuating circumstances not covered in the story about why or why not something was or wasn't done rendering any numerical percentage lessor or void. Isn't critical thinking fun?

      • by aergern ( 127031 )

        She had access that was not revoked and mirrored what she had when employed there. THERE was no "hack". Negligence on the part of that IT firm and the credit union but no "hack" happened.

    • by dogsbreath ( 730413 ) on Wednesday September 01, 2021 @09:29PM (#61754789)

      Sigh.

      Vengeful and stupid, with a compulsion for social media.

      The idiocracy is upon us.
      They didn't give her enough Brawndo [wikipedia.org].

    • by sjames ( 1099 ) on Wednesday September 01, 2021 @09:58PM (#61754847) Homepage Journal

      I'm not exactly supporting the employee, but $10,000 to load a tape? That's utterly absurd. It probably took about an hour counting the effort to remember where they mis-placed that tape and they would have paid for that hour even if the employee was flicking fuzz at his desk rather than restoring a tape.

      • by Cederic ( 9623 ) on Thursday September 02, 2021 @01:56AM (#61755477) Journal

        They'll have spent $2k just in staff time in meetings to work out what happened, why it happened, how it happened and how to fix it.

        Then there's the server rebuild, detailed analysis of which data can and can't be recovered, the recovery itself, validating the recovery, reacquiring the data that couldn't be recovered, communications and customer management activities around that and, well, $10k feels quite cheap.

      • by thegarbz ( 1787294 ) on Thursday September 02, 2021 @07:02AM (#61756001)

        I'm not exactly supporting the employee, but $10,000 to load a tape?

        If you think that datamanagement at a large firm involves nothing more than some IT guy loading a tape then you've never worked at a large firm. Investigation, identifying what happened, when, where, and how, then meetings to recommend resolution, getting approval to roll back data, they cost $9750. The last $250 was some IT dude loading a tape and supervising the restore process.

        • by sjames ( 1099 )

          If they need a committee to decide if it's OK to roll back from important file no longer exists, I'd call that part of the damage self inflicted.

          If you step on my toe. causing a bit of bruising under the nail and in response I shoot it off, you really shouldn't be considered liable for treating the gunshot wound.

          • Comment removed based on user account deletion
            • by sjames ( 1099 )

              A sane system will allow a file level install without overwriting files that are newer than the one on the backup. In other words, just put the deleted files back.

          • by bws111 ( 1216812 )

            What kind of restore is it? Point-in-time or individual file backups?
            If point-in-time, what about work that has been done in the meantime?
            How long will it take to restore? Can we be using the system during the restore?
            Should we defer the restore until after business hours and use what we have until then?
            What order should the restore be done in? What takes priority?

            There are loads of questions that need to be asked and answered. The simplistic perspective of an IT guy ('just restore it') may not line up

            • by sjames ( 1099 )

              If point-in-time, what about work that has been done in the meantime?

              Already gone, the files were deleted.

              How long will it take to restore? Can we be using the system during the restore?

              Use it for what? It's empty because the files were deleted.

              Should we defer the restore until after business hours and use what we have until then?

              Files are gone...

              What order should the restore be done in? What takes priority?

              It's 21 gig. It'll take longer to discuss it in committee than it will to complete the restore.

          • Are you kidding or do you not work with databases and files? You can always just roll back to 6 hours ago without losing everything that happened in the last 6 hours.

            Plus, this is a finical institution. I am sure there are a ton of regulations and rules that must be followed first

            • by sjames ( 1099 )

              The thing is, the state before the rollback was no files present at all. Literally, file from 6 hours ago or nothing.

              If they had databases in a shared file storage area, they have larger problems.

          • What you're saying is that people should only ever be responsible for direct first degree damage. That's absolutely stupid. Your analogy would be better served with a car analogy: I t-bone you at an intersection and shouldn't be liable for your medical bills because I only damaged your car and your injuries were the result of how you were sitting inside it and the strength of the car you bought.

            It's absurdly stupid way to look at something. Now I'm sure you're going to argue that all people sit in a car lik

            • by sjames ( 1099 )

              No, what I'm saying is that people should be responsible for reasonable damages.

              If you t-bone my car, you are responsible for my reasonable damages including medical bills. That means if I sprain my pinkie, you pay for the ER visit and x-ray to make sure it's not broken. You do not pay to fly me to the exclusive clinic in Zurich where I get a CAT scan, MRI, pinkie massage therapy, blessings from the Pope and the Dali Lama, and a year's supply of healing plant extracts to restore my pinkie to it's full yout

      • Comment removed based on user account deletion
    • Just here to see all the comments supporting the employee. :)

      I suspect there was a really good reason they fired her though. But you're right. So many Slashdotters have these weird revenge fantasies.

      • Almost like we all work for shitty, souless corporate amalgams that want nothing more than to exploit us to death to make their stock rise five points.

        • Almost like we all work for shitty, souless corporate amalgams that want nothing more than to exploit us to death to make their stock rise five points.

          Many people play a very important role in their victimhood. Looks like you might be the main character in yours.

          But what is the gestalt of your victim status? Is it that you don't want to work? Can't stand inter-employee competition?Jealousy of anyone that makes more money than you? The ever popular "Ain't nobody gonna tell me what to do" complex?

          Or just the good old human need to really hate some group and blame them for your problems.

          Not all jobs are good, not all are bad. Most are somewhere in betwee

    • Why did it take her 40 minutes? A delete command can run in the background.
    • by eepok ( 545733 )

      Fault lay with the offender regardless of the failures of the organization.

  • We've all heard the usual best practices spiel. This is the argument for:

    a) Having well oiled exit procedures
    b) Having finer granularity with respect to access
    c) Backups

    Backups don't help with the unauthorized access, and well oiled exit procedures only helps when someone is fired or rage quits very suddenly. Really the finer granularity is what you want. I'm guessing random part time employee in submission didn't need access to the board minutes or random customer mortgage applications, but managing need t

    • Re:The usual (Score:4, Insightful)

      by whoever57 ( 658626 ) on Wednesday September 01, 2021 @11:09PM (#61755085) Journal

      They dd this in the wrong order. Should have revoked her network access first, then fired her.

      • by talexb ( 223672 )

        This. Call her in to a meeting at 2pm (say), and as the meeting starts, have IT revoke her access at that time. By 230pm she's been terminated, and all of her credentials (badge, VPN, E-Mail) should be deactivated.

        A Credit Union should be big enough that this kind of procedure is a no-brainer.

    • When you have an IT person quit or fired then a lot of that becomes a challenge especially for smaller organizations like a credit union. You don’t have IT procedures split across 5-10 different people/roles to limit access. I would guess it takes about 2-300 employees before you can actually compartmentalize IT roles. When you use a MSP, that is out the window.

      There is only so much you can do. Beyond that, the best policy is insurance.

      For my company we have 3-4 systems that are end-of-life, and w

    • by PPH ( 736903 ) on Thursday September 02, 2021 @10:37AM (#61756857)

      b) Having finer granularity with respect to access

      It was a Windows system. Everyone has to be an administrator in order to print.

  • by grumpy-cowboy ( 4342983 ) on Wednesday September 01, 2021 @09:24PM (#61754773)

    "Barile also opened various confidential Word documents, including files containing board minutes for the credit union."

    She was able to open "confidential" documents... Why she (and probably many others) had access to it if it's so confidential ?

    • Barile also opened various confidential Word documents, including files containing board minutes for the credit union.

      She was able to open "confidential" documents... Why she (and probably many others) had access to it if it's so confidential?

      In business settings, "confidential" often means confidential within the company -- ie: for employees only -- rather than what you'd think in a government security level/access situation.

      • Barile also opened various confidential Word documents, including files containing board minutes for the credit union.

        She was able to open "confidential" documents... Why she (and probably many others) had access to it if it's so confidential?

        In business settings, "confidential" often means confidential within the company -- ie: for employees only -- rather than what you'd think in a government security level/access situation.

        In most businesses, "confidential" almost always means "for the bosses only".

        • This is a Credit Union. Member account information is confidential, yet pretty much every employee has to have access to it. Most of the info on their network is the same way, and it's pretty standard at finance companies. At my tax office I have access to the tax office version of everything she nuked, except the board minutes.

          My suspicion is that this is a Credit Union with a handful of employees. Credit unions are small, this one does not have an IT department at all, they have part-time people work remo

          • by Cederic ( 9623 )

            Member account information is confidential, yet pretty much every employee has to have access to it.

            That surprises me. I've worked for multiple financial services organisations and I've never had access to customer data, even when I'm writing the software used to manage it.

            Account information should be heavily protected, for multiple reasons.

            • This is a Credit Union where they don't even have an IT guy, they have to contract with an outside firm. The outside IT firm does not seem to have a FTE on their issues or the fired employee's access would have been revoked much quicker. That doesn't sound like the sort of organization where there are dozens of different employees with significantly different roles in the building at any one time. Pretty much everybody is going to have to answer the phone when the octogenarian with dementia is trying to fig

            • by bws111 ( 1216812 )

              Again, it is a credit union. "Pretty much every employee" means the tellers, loan officers, customer service people, etc. Pretty much everyone you would see at a branch or reach by phone. They all have access to customer account data, or they can't do their jobs. Pretty much the only people who DON'T need access to customer data is IT.

          • by Idgarad ( 530269 )

            Incorrect. In banking you have:

            Public
            Internal
            Confidential
            PCI (Sometimes called Client Confidential)

            Which is pretty universal across the banking world.

            Customer information is a completely separate status compared to Confidential. In addition there is a 5th status, rarely used, Trade Secret classification.

            PCI data is 'need to know' access, usually through a tool called RACF. Very few people have full access to PCI data in banking. Even branch staff are looking at the data via an interface and only see a porti

        • by bws111 ( 1216812 )

          Say what? In most businesses "confidential" means "need to know", which certainly does not imply "bosses only". Customer data is confidential almost everyone. So is sales data. Certainly trade secrets are confidential. Financial data is confidential.

      • Plus the story is rather unclear her level in the hierarchy? That would determine what one could and couldn't access.

        • by sconeu ( 64226 )

          TFS says "part time employee". That doesn't scream "high ranking" to me.

          On the other hand CUs are -- in theory -- owned and run by their members.

          • They don't have an IT department. Or even an IT guy.

            They don't have enough people to have a complex hierarchy.

          • Sounds like they used a MSP for most of their operations, so she could potentially have been the only direct IT employee.

          • TFS says "part time employee". That doesn't scream "high ranking" to me.

            She had the power to delete stuff. So, she probably had the power to read stuff.

    • by n3r0.m4dski11z ( 447312 ) on Wednesday September 01, 2021 @10:59PM (#61755059) Homepage Journal

      admin assistants frequently have access to their bosses files. Some admin assistants are the most powerful people in the company if you want to get things done or influence people.

    • I think this already says everything about their IT support firm that needs to be said.

      Of course, it doesn't excuse her actions. But the IT support was clearly lacking: Poor handing of a priority ticket, poor backup/restore procedures, poor security.

      • I guess this depends on the nature of the agreement they have with the IT contractor. The contractor could have set days that they come in to handle the backlog of work.

        Almost certainly, the contractor has other businesses to support.

        I would be willing to bet that the credit union notified the IT contractor AFTER they had fired the person. Possibly, they fired the person on Friday and notified the IT firm on Monday. I could totally see that happening.

    • "Barile also opened various confidential Word documents, including files containing board minutes for the credit union."

      She was able to open "confidential" documents... Why she (and probably many others) had access to it if it's so confidential ?

      Chances are it was a document held on a shared folder that had access granted by domain group permissions. She probably had access to the server where this stuff was held.

      Years ago, I worked for a small-ish manufacturing company that did a major systems upgrade and virtualized their entire server room to three servers and a big SAN (this was back in 2009). Part of this upgrade was a tape library system, and part of it was Tivoli. The software (and I think Tivoli did this, but it's so long ago I can't cle

    • Comment removed based on user account deletion
  • He could have probably shot up his office and done less time in jail then he will for deleting that data. The laws on this sort of thing were written by idiots and are Draconian is hell.
    • He could have probably shot up his office and done less time in jail then he will for deleting that data. The laws on this sort of thing were written by idiots and are Draconian is hell.

      She - and yes, she will probably get house detention if anything.

    • Those who wish to avoid punishment should obey the law.

      Nothing of value is lost when humans who lack self-control are crushed.

  • should of just install the rounding down to your account hack.

  • Those are rookie numbers.

    • by hey! ( 33014 )

      Sure. It's way too much. Too easy to notice quickly and restore from back ups. The proof is it only cost them $10,000 to undo.

      A real pro wouldn't have deleted a single document. Now *altering* documents, that's something you could do real damage with.

    • Those skilled in virus testing, should have uploaded the latest (harmless) virus signature database files, so generating 200K plus false alert virus detection's, but not the dummy inert fake positive virus file. Ever wondered how you test AV products? Now did any board members have interest free unsecured loans to themselves or related entities? You also change directory permissions to stop any restore process. This won't stop anyone competent for more than a minute, but it is surprising how many are useles
    • by dohzer ( 867770 )

      It's got to be the credit records and background check information of at least two or three people.

  • It doesn't matter that they didn't revoke access, a person with morels wouldn't even try and get back in. And the then maliciously destroy data. This person is a a-hole and I hope they are taken to the cleaners by the courts.
  • 1: They HAD to brag/blab.

    2: The concentrated volume of data destroyed.

    Had they just STFU, and nuked it on a more gradual schedule, much of it likely wouldn't have been missed until backups had expired.

  • by Clomer ( 644284 ) on Wednesday September 01, 2021 @11:28PM (#61755149)
    I work for a credit union. I'm part of the team that is responsible for cutting off access of terminated employees. When such a ticket comes in, it usually has a terminate date of some time in the future (for those cases of voluntary separation where the person gave notice). Occasionally, the ticket says IMMEDIATE, which is code for this person was fired, please cut off their access ASAP.

    When I get such a ticket, I drop what I was doing and immediately disable their AD account. This blocks them from logging in to any work computer, and it also cuts off access to the VPN. There's a number of other steps to take to completely clean the user out, but disabling their AD account effectively locks them out and the rest of the stuff can be handled in due time.

    The sort of thing described in this article would not happen under my watch.
    • by aaarrrgggh ( 9205 ) on Thursday September 02, 2021 @12:43AM (#61755363)

      One little gotcha though if they are logged in and have a separate remote desktop app, disabling their account in AD might not have immediate effect.

    • has a new IT support firm now.

    • by endus ( 698588 )

      The sort of thing described in this article would not happen under my watch.

      Of course it could.

      Who is sending you those tickets to terminate the account? How do you know they're being sent in a timely manner?

      Failure to terminate employees in a timely manner is an extremely common control failure because it relies on human beings to implement. I'm sure it happens less often with firings than with normal terminations, but it's still dependent on the manager to enter the termination into the system properly and immediately.

    • by sloth jr ( 88200 )
      These processes should be happening in this order for all termination-for-cause events:
      - decision to terminate
      - disabling of account
      - termination of all active logins from all sources
      - announcement to employee of termination
  • Without excusing the employee's guilt, I can't help but note she took out her anger on the employer in a way that would hurt the management that terminated her.

    How many times have we heard of somebody who got fired turning up at the office with a gun and shooting as many people as they can before the cops take them down? You can bet most of the shooting victims will be low-level co-workers who probably had little or nothing to do with the firing. This Pyrrhic Victory at least makes it likely some obvious

  • 21Gb ? That's like 1/3 of an XBoxOne game update.
    Used to work at a school where one of the little darlings logged in as someone with more rights than they should have had.
    They then proceeded to create folders with witty names and delete the file system.
    As I was restoring from backup they proceeded to delete what I was restoring
    Suspended the AD account, removed the offending folders and resumed restoring from backup.
    Then got a phone call from a manager asking why said person couldn't log in.
    Never give
    • Given that it only cost 10k to fix I assume they did have a good backup system, likely just needed to pay a consultant for IT services.

    • One company thought DBA's were technical and expensive, so only hired contractors. New policy, they cannot work more than a year in case they try to claim 'permanent' status later. So at 364 days all access wiped, Contract renewed 1 month later. It took TWO whole weeks for him to start work, as his userid had too many DB permissions and app permissions, security could not do it.Yep, twiddle thumbs 2 weeks. The DBA;s job? DB security administrator for testing teams, dev, DR, automated testing. That HR decisi
  • They seem to have procedures in place to revoke credentials.

    And a good back up system to restore lost files and that part worked well.

    One minor lapse in not revoking credentials immediately. A limited damage. 10K USD is what such institutions spend between toast and coffee during breakfast.

    Some concern about remote employees, with just read only access, even if locked down and copy & paste is disabled, and file download is disabled, they can record their screen sessions or install an external cam

  • It's not hard to get to $10k when you're trying to quantify damages. The time of the incident response team to investigate. The time of the backup team to restore the data. The cost of retrieving the tapes from off site. All of that adds up.

    All the people saying that this would never happen at their company - absolute nonsense. Issues with employee access not being terminated in a timely manner are extremely common. Why? Because it is a control which is entirely dependent on human beings. You can pu

  • The DOJ press release, which TFA just excerpted verbatim: https://www.justice.gov/usao-e... [justice.gov]

    Earlier today, in federal court in Brooklyn, Juliana Barile pleaded guilty to one count of computer intrusion arising from the defendantâ(TM)s unauthorized intrusion into, and destruction of data on, the computer system of a New York credit union (the âoeCredit Unionâ) following her termination as an employee of the Credit Union. The guilty plea took place before United States District Judge Eric N. Vitaliano. When sentenced, Barile faces up to 10 yearsâ(TM) imprisonment and a fine.

  • Because the government appears to be taking it. From the filing: The United States hereby gives notice to the defendant that, upon her conviction of the offense charged herein, the government will seek forfeiture in accordance with Title 18, United States Code, Sections 982(a)(2) and 1030(i)(1), which require any person convicted of such offense to forfeit any property constituting, or derived from, proceeds obtained directly or indirectly as a result of such offense, and such person’s interest in an
  • So I read through quite many comments but didn't see anyone mentioning why a low level part-time employee has access to so much information that she alone can do catastrophic damage? But what fails more miserably is that her access was not revoked after the firing. Allowing her in two days after hiring is just so wrong LOL.

Business is a good game -- lots of competition and minimum of rules. You keep score with money. -- Nolan Bushnell, founder of Atari

Working...