Sophos Cloud Optix
Toyota has accused an IT contractor that the car manufacturer fired just last week of breaking into its computer systems, and stealing sensitive information including trade secrets.
In a complaint filed at the US District Court in Lexington, Kentucky, the North American branch of the Toyota Motor company claimed that Ibrahimshah Shahulhameed illegally accessed one of its websites, after being dismissed from his contracting job on August 23rd.
Within hours of his dismissal, Shahulhameed is said to have logged into the toyotasupplier.com website without authorisation, and spent hours downloading proprietary plans for parts, designs and pricing information.
The website is used by Toyota’s suppliers to exchange highly sensitive information with the company about current and future products.
Toyota claims that if the information were shared with competitors, or made public, “it would be highly damaging to Toyota, and its suppliers, causing immediate and irreparable damage.”
Claims have also been made that Shahulhameed sabotaged software running on Toyota’s computer systems, and caused computers to crash, reports Automotive News.
A restraining order has been placed on Shahulhameed, who is an Indian citizen, preventing him from leaving the United States, or disseminating the trade secrets.
What isn’t clear, at this time, is whether Toyota are claiming that Shahulhameed accessed their computer systems by exploiting a vulnerability or whether they had simply not reset staff passwords that he may have had access to in his position as an IT contractor with the firm.
In the past, we’ve reported how disgruntled former employees have attempted to wreak revenge on their former companies by opening up systems to spammers, planting malware, replacing the CEO’s presentation with porn, or even making axe-wielding threats.
The details in the Toyota case are currently unclear. But regardless of that, it’s a timely reminder to all businesses to remember the importance of reviewing who has access to your systems, and to underline that changing passwords and resetting access rights is essential when a member of staff leaves the company.
People do, of course, leave jobs all the time and most of them would never dream of logging back in to their old place of work. But it only takes one bad apple to wreak havoc – so make sure your defences are in place, and that only authorised users can access your sensitive systems.
Raises many a "IT professional moral ethics" question! Whenever I've finished work for a company, I tell them they should change the passwords that I used to access their network. Not because i'll suddenly turn evil, but my computer could be compromised, and then they could be in turn.
Little good it does, though.
SNAP – in fact I make a colleague delete my accounts in front of me so I can't be blamed for anything. I had an ex-boss who blamed everything he did wrong on whomever left last. C.Y.A lol.
Really?
How odd!
Surely some sort pf process needs to be followed for account deletions.
“good practice” is something that simply isn’t practiced enough these days! *ALL* companies should read this.
We still need to hear Ibrahimshah Shahulhameed's side of the story
I don't think that's the point of the article, which is focused on the security risk inherent in opening one's system to access by outsiders, especially those who leave under circumstances that might impel them to abuse the access that was entrusted to them.
The article is careful to report that the complaint against Mr. Shahulhameed CLAIMS he abused that trust in various ways. In no case does the article assert that those claims are true. Of course, you're free to follow up on your own and determine what Mr. Shahulhameed has to say for himself.
Meanwhile, the article stands as a timely reminder that sensible security management should include terminating the access privileges of those who no longer need them for legitimate purposes.
"or made public, "it would be highly damaging to Toyota, and its suppliers, causing immediate and irreparable damage."
Maybe inside information on run-away accelerators or other safety defects? I think I'll put off buying a Toyota for a while. "Made public" and " irreparable damage" are two huge red flags.
Not the runnaway acceleration. More likely the price-fixing on the instrument clusters.
“Made public” and “irreparable damage” are legal weasel terms meaning “we don’t want our competitors to know what we’re doing next, as we want to have the marketing advantage”.
This shouldn’t have any effect (positive or negative) on the actual safety of the products they make; it just affects the ROI of their shareholders, who can sue the management team/board if they’re suspected of acting negligently – such as not restraining the contractor when they find out about a data leak and system manipulation.
Outside of the assumed lack of controls in place here, if the contractor did indeed access areas of the site using credentials he should not have had, I’m actually impressed with how fast Toyota isolated the issues and went public with the breach. Most companies don’t gather that sort of telemetry for weeks, and it can be months before they go public (if they ever do).
This is not only a reminder about access management, it is also a reminder about how having processes in place to deal with breach situations works well when they are implemented well.
This makes me angry. Where I’m from the IT industry suffered in the 90s due to IT workers claiming expertise but were unable to deliver and thus caused damage to the businesses they worked for and in turn the general attitude towards IT workers that followed.
Now with this kind of malarkey employers and clients are going to hesitate, view with suspicion and even decline to use our services.
Trust is everything in our game.