A network engineer, who was fired by the American branch of Gucci, has been accused of breaking into the computer systems of the Italian luxury good retailer, shutting down servers and deleting data.
According to a press release from the New York County District Attorney’s office, 34-year-old Sam Chihlung Yin of Jersey City, NJ, used an account that he had secretly created while employed by Gucci to access the network after his employment was terminated.
In a 50-count indictment, the IT expert is charged with computer tampering, identity theft, falsifying business records, computer trespass, criminal possession of computer-related material, unlawful duplication of computer-related material, and unauthorized use of a computer.
It is alleged that while Yin was still employed as a network engineer at Gucci, he created a VPN token in the name of a fictional employee, and after being fired for unrelated reasons in May 2010 took the key fob with him. The following month, Yin is said to have contacted Gucci’s IT department posing as the fictional employee and requested that his authentication fob be activated so he could access the corporate network remotely.
Over a number of months, Yin is alleged to have accessed Gucci’s network without authorisation, exploiting his knowledge of the company’s IT infrastructure and administrator passwords. Specifically, on November 12 2010, Yin is said to have deleted various virtual servers, shut down storage areas and wiped corporate mailboxes.
The District Attorney’s office described the impact of the alleged attack as follows:
As a result, Gucci staff was unable to access any documents, files, or other materials saved anywhere on its network. Additionally, Yin's destruction of data from the e-mail server cut off the e-mail access not only of corporate staff, but also of store managers across the country and the e-commerce sales team - resulting in thousands of dollars in lost sales. Gucci's IT staff was unable to restore system operations until the end of the business day, and the lingering effects of the intrusion continued to impose costs on the company in the weeks and months that followed.
The intrusion is said to have cost the company some $200,000.
I think the message we should all learn from this sorry case is the importance of reviewing your user database and removing unknowns, changing passwords and resetting access rights when a member of your staff leaves your employment.
People do, of course, leave jobs all the time and most of them would never dream of logging back in to their old place of work to cause mischief. But it only takes one disaffected former worker to wreak havoc – so make sure your defences are in place, and that only authorised users can access your sensitive systems.