Two Men Accused of Hacking Their Former Employer's Computers - Failure to suspend credentials at fault again - Softpedia: "Two former employees of an engine parts distributor have been indicted for accessing the company's computer systems repeatedly without authorization after they quit. According to the prosecutors, the men used still active credentials to access sensitive information for almost two years.
Scott R. Burgess, 45 of Jasper, Indiana, and Walter D. Puckett, 39 of Williamstown, Kentucky, were indicted on November 4 for computer intrusion, the United States Attorney's Office for the Southern District of Indiana announces. The pair used to work for Jasper-based Stens Corporation, a distributor of replacement parts for small engine outdoor power equipment.
After quitting their jobs at Stens in late 2004 and early 2005, respectively, Burgess and Puckett went on to work for a rival company. The authorities claim that until September 2006, the two illegally accessed private information stored on computers belonging to Stens Corporation on twelve separate occasions.
The intrusions allegedly had personal and commercial gain motivation and were instrumented through the use of old login credentials. It is also mentioned that Stens' IT staff noticed unusual behavior and disabled several passwords, however the perpetrators switched to using others.
According to Assistant U.S. Attorney Todd S. Shellenbarger, Burgess and Puckett face a maximum sentence of five years in prison and a fine of $250,000 each. The Federal Bureau of Investigation and the Indiana State Police have collaborated in the investigation.
Failure to disable the login credentials of dismissed individuals is a popular attack vector for data breach incidents. Security experts have warned that the risk of disgruntled employees hacking their way back in is even greater now due to the harsh economic environment.
Back in September, we reported that a former IT consultant pleaded guilty to accusations of damaging a critical system used to monitor underwater oil pipelines for leaks, because an oil-extraction company refused to offer him permanent employment. In August, a computer specialist was arrested and indicted for hacking into the network of a charity he used to work for and deleting donor records."