Facebom: This happens more often than expected. An employee was fired. The company forgets to take necessary precautions. A disgruntled worker then retaliates [insert unethical or illegal act]. The ex-employee’s actions are inexcusable, but whose fault is it if the employer could have taken simple precautions to prevent retaliation and damage in the first place?
A former employee of a Hawaii-based financial institution took revenge on his boss by sabotaging the company’s network. Casey Uematsu worked as an IT administrator before being fired in 2019.
The U.S. Department of Justice notes that his role with the company gave him access to the network’s online management team’s Internet domain. After the termination, the company failed to retrieve credentials that allowed Umetsu to access and change configuration settings, redirecting email and Internet traffic to external systems.
This action effectively destroyed the company’s web presence, making internal and external email inaccessible for several days. As Umetsu also changed the system credentials, the current administrators were unable to fix the problem. Administrators couldn’t figure out who compromised their systems until the FBI investigated.
Umetsu pleaded guilty before Honolulu District Court Judge Jill Otake, saying he was trying to convince the company to hire him at a higher salary.
“Umetsu criminally abused special access privileges granted by his employer to disrupt his network operations for personal gain,” said U.S. Attorney Clare E. Connors said. “Anyone who compromises the security of a computer network – government, business or private – will be investigated and prosecuted, including technical personnel accessed by the victim. »
As ridiculous and ridiculous as the man’s excuse is, it’s hard not to laugh hard at his former employer’s lack of security hygiene. Revoking the benefits of terminated employees is very simple and common. For most organizations, standard operating procedure is to re-secure systems before escorting a terminated worker out of the building. This does not excuse Umetsu’s actions, but it does explain how the company could have avoided the incident entirely by practicing basic safety hygiene.
The DoJ did not list the specific charges to which Umetsu pleaded guilty, but Judge Otake faces a maximum sentence of 10 years in prison and a $250,000 fine if he is found guilty during his sentencing hearing. She will decide Umetsu’s fate on January 19, 2023.