Fired IT manager hacks into CEO's presentation, replaces it with porn

Filed Under: Data loss, Law & order, Malware

Unexpectedly rude presentationImagine you're giving a presentation to the board of directors at your company. You have your PowerPoint slides all ready, you're projecting onto a 64 inch screen... what could possibly go wrong?

Well, what would you do if your carefully composed presentation was replaced on the big screen by images of a naked woman? My guess is that you wouldn't know where to put your laser pointer..

52-year-old Walter Powell used to be an IT manager at Baltimore Substance Abuse System Inc, until he was fired in 2009. Clearly someone who believed that revenge should be served red hot, Powell used his computer knowledge to hack into his former employer's systems from his home and install keylogging software to steal passwords.

On one occasion, Powell took remote control of his former CEO's PowerPoint presentation to the board of directors, and projected pornographic images on the 64 inch TV.

Press release about Walter Powell's sentencing

According to media reports, Judge M. Brooke Murdock gave Powell a two year suspended sentence, and ordered him to 100 hours of community service and three years' probation.

Cases like this underline the importance of having a proper process in place when staff leave your company. That means changing passwords, and removing access rights when an employee's time at your firm comes to an end.

People do, of course, leave jobs all the time and most of them would never dream of logging back in to their old place of work to cause trouble. But it only takes one disaffected former worker to wreak havoc - so make sure your defences are in place, and that only authorised users can access your sensitive systems.

, ,

You might like

46 Responses to Fired IT manager hacks into CEO's presentation, replaces it with porn

  1. Having said that the IT Manager should know the system very well including any potential weak spots, if he knew he was for the chop he could have created a few to allow himself access even after company procedures.

  2. Ted · 1167 days ago

    So no one fell asleep during this presentation? :)

  3. nonny · 1167 days ago

    Exactly Richard. As I just found out on Sunday :(

  4. mako · 1167 days ago

    Naked Security ;)

  5. WippyM · 1167 days ago

    Anti-conventional hijack. =O

  6. spookie · 1167 days ago

    How would changing passwords have helped in this case? Unless I read it wrong, he used a software keylogger to get the passwords. Change them and he can just steal the new ones, right? It doesn't even matter how "good" a password you use.

    Every time I read one of these I wonder at how in the world it occurred to someone to break in and do something like this. I guess what I'm saying is that I'm more than technically capable of doing what this guy did, but I lack the ability to think up something like this. Now that you've put the idea in my head I can see very clearly how it might be accomplished, but I could never think up the idea. I guess I'm saying I am really proficient at the HOW of these things, but the what and why--not so much.

    • He presumably needed some way to authenticate himself when he first planted the keyloggers remotely (to steal further password information)

      • n0manarmy · 1166 days ago

        Unless he emailed the file to the CEO, believing that they would be dumb enough to launch the file themselves. He could have easily of taken advantage of the social engineering aspect.

  7. agsbr · 1167 days ago

    good work. managers need to be shot!

  8. Danny G · 1167 days ago

    Hahah! Love it! Just goes to show ya not to shit in your own back yard.

  9. Grick · 1167 days ago

    Worth it :)

  10. Dennis E. Pillow · 1167 days ago

    Is any computer safe? Is any employee trustworthy?

    • Boop · 1166 days ago

      I think just not mistreating your employees is good enough. At my old work place, for someone they laid off just before her lifetime insurance benefits were about to kick in, when she asked how they could do their job with conscience, they coldly replied: well someone has to do it. At another place, I was tempted to SQL inject the database because the manager was a d-bag.

  11. JKT · 1166 days ago

    He obviously had skillz and his former employer rankled him but good when they let him go. Not a good combination.

  12. Anonymous · 1166 days ago

    Personally, I applaud the ex-manager for doing it. I am 51-years old, and I was "fired" from a job similar to this for having a mild heart attack. Their insurance rates were going to shoot up, so they fired me about 2 months after my return, making all kinds of groundless excuses as to why I was being let go. I actually thought about wrecking havoc on their systems, but I've never knowingly broken the law, and I didn't want to start. I do give that manager a big high-five, though :D.

    • Dave · 1166 days ago

      I feel for you man, and I'm sure I'd be awfully pissed too, but that's not the way to go about it.

      If they fired you with groundless accusations, no documentation, and it was clear it was because of your health problems... that sounds like serious lawsuit territory.

      • tuv · 1166 days ago

        you are an idiot. there is something called at will employment where an employer can fire you for any reason or no reason at all. maybe you are lucky enough to work in a union for a city job and are fortunate enough to get paid overtime for sitting on your ass and feel secure. but for the majority of us don't have that privelage especially in the tech industry.

        • Gordo · 1166 days ago

          except that if it's demonstrably health related ... then "at will" or not ... it's grounds for a lawsuit ... it's health based discrimination and it's against the law in most states.

    • Anonymous · 1166 days ago

      I feel for you man, had similar. Biker dropped a 600kg load on me from a forklift, was then pulled aside with management present and told "If we ever hear of this again we'll beat the shit out of you" 2 months off work and medical bills pilling up i tired to make a claim but between them and the insurance co, im not sure whos the biggest crook. Needless to say they came good on their word but was also stabbed.

      Since then ive been retaining and earned 2 diplomas in engineering, this week went for one of the jobs i've long lusted after but after the legal team done their discovery decided the liability was to high with an existing condition.

      Now im not sure where to go or what to do im under 30. I most certainly have the IT Skills to do this if not worse but my moral integrity precludes me. Worse is i have detailed explosives knowledge, Its a good thing im one of the good guys i guess.

  13. locke · 1166 days ago

    "defenses"

  14. touchDsky · 1166 days ago

    Seriously, its not even worth it. if I'm reading the image correctly he was sentenced to 2years in jail. If he was that good of a "hacker" he wouldn't have come in from his home ip (as stated). He should have piggy backed on other machines that he may have compromised in order to cover his tracks. Even doing it from a library would have been a better option.

    • muniyaz · 1166 days ago

      it was 2yrs suspended sentence for time served

    • Jojo · 1165 days ago

      Where's the fun if they don't know its you? He was trying to make a point

  15. David Juliano · 1166 days ago

    That is freaking awesome. Wish I had been the one to do it. Now I just have to think up something even better to do.

  16. Anonymous Coward · 1166 days ago

    When will we be able to download the "improved" presentation? I want to see it! Maybe that fired IT guy can provide a copy on here (or WikiLeaks)?

  17. PJS · 1166 days ago

    next time, goatse!

  18. evidence review · 1166 days ago

    pics or it didn't happen

  19. Max · 1166 days ago

    Changing passwords?
    What about a "correct procedure" to fire people - one that will leave them without resentment?
    It would also be very interesting WHY he was fired in the first place. That might explain some special hatred for the CEO perhaps ...

    And after all, maybe he thinks it's been worthwile, even doing 2 years community service.

  20. Anonymous coward · 1166 days ago

    in my day we used to say: "Once root, always root"

  21. Guest · 1166 days ago

    He had it coming. I'm glad Powell only received a light sentence.

  22. James · 1166 days ago

    And in the end, everyone ALWAYS gets caught. So, I'd ask him, was it worth it?

  23. WaxNoo · 1166 days ago

    lol, you would think he would have been smart enough to mask his IP address.

  24. dnatech · 1166 days ago

    Terminal services and poor judgment.

  25. Just a little insight into the maturity level of embittered ex-employees.
    I've seen similar things happen, and I can't agree more ... change all that important info!

  26. wsly · 1166 days ago

    Hero. That is all.

  27. Sara Avrams · 1166 days ago

    My guess is he wanted them to know who did it and he didn't care about the consequences. OR like all people who are really, really angry, he didn't think they would successfully prosecute him because his anger blinded him to reality.

  28. Granted, this story makes zero mention of the investigation or how Powell was eventually caught, but what kind of "IT manager" in this day and age doesn't know what a proxy is?

    One that manages to get himself fired from said position, apparently.

  29. Guest · 1166 days ago

    You're giving most IT managers way too much credit. Very few IT managers I've worked with over the last 15 years would have a clue how to do this. Most of them are "MS Office" pros, can work a calendar and a smart phone and that's about it. CIO's and CEO's are even worse...

  30. Willem · 1165 days ago

    "Cases like this underline the importance of having a proper process in place when staff leave your company. That means changing passwords, and removing access rights when an employee's time at your firm comes to an end."

    However, you first must make them bitter, ignore their problems, don't give them a good package when leaving... But hire a security consultant to sell you a technical solution to a human problem.

  31. TheAlembic · 1164 days ago

    This is a good reason to do personality profiles on all new hires, and then also to treat everybody with respect. As a CEO I have to do the hated thing and fire someone occasionally. But this is always a last resort only after trying to fix the problem first. All firings have supportable misbehavior or poor performance well documented before we get to the point of firing. Truth is none of us need anymore enemies out there.

  32. Alwyn · 1161 days ago

    At the end of the day it's all about having a good and secure AV Product in place.

  33. Richard · 1161 days ago

    This guy could have done worse!

  34. GGG · 1160 days ago

    Porn replacement is so fifteen years ago. More fun to use the webcam to view the presentation and presenter, then project overlays like "It's all lies! Oh the humanity!" when their back was turned

  35. j3$u$ · 733 days ago

    Passwords can help but validation should be done after employee has left to ensure logical access are deleted

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.