Grudge Attacks
A San Diego man, Bradley John Dierking, was indicted in October, 2008 for intentionally damaging computers of his former employer and one of their clients. Geary Interactive, a digital and online ad agency, Mr. Dierking’s former employer, and Miraval resort both experienced monetary loss due to the actions taken by Mr. Dierking. He also belittled two of Geary Interactive executives on the reservation page of Miraval resort. This was done by illegally accessing and altering the reservation page of the resort between May and June of 2007. He also changed the administrative passwords of Geary Interactive employees so that they could not undo the changes that Mr. Dierking made. Other than the financial damage, the relationship between the two entities has ended. Bradley John Dierking was employed by Geary Interactive from May 2005 to April 2007.
Perhaps the employee had known he was in a tight spot and was planning the change before he was reprimanded for it. In either case a strong policy on changing passwords when employees leave the company is a good idea when creating a BCP for the IT department.
However, have you ever heard of the saying “A day late and a dollar short…”?
When employees are terminated or leave on their own, the security administrators MUST ensure that access is disabled. You don’t delete the account in case the user had encrypted any files that are tied to their specific user account.
