A sacked school IT Technician who took revenge by deleting data and sabotaging his old school’s network (and by wiping the computers of everyone who was logged in) has been jailed.
Revenge Hack
As reported on Leicestershire Live, a court was told that Adam Georgeson, 29, who was dismissed from his job as an IT Technician last January at Welland Park Academy in Leicestershire, took revenge by hacking back into the school system and deleting data.
School Network Sabotaged
In the attack, Mr Georgeson sabotaged his old school’s network, thereby taking it offline for 10 days. This meant that staff were forced to work long overtime hours without payment to try and rectify the problems. Also, the attack meant that 4 staff members were unable to resume working remotely for nearly four months!
Personal Devices of Pupils Wiped
The other particularly distressing aspect of the attack was the wiping of any devices that were connected to the school’s network at the time. This meant that at least 125 devices, including those belonging to 39 families and computers at the school, had their files completely wiped. This meant the loss of personal family photographs for example, as well as important work and study files. It was reported that the school had to spend £15,600 to restore the system. This spending also meant that cutbacks had to be made on school spending elsewhere, thereby magnifying the impact of the attack.
Losses
Some of the losses reported in the attack, highlighted in personal impact statements, included:
– A full-time student, in the second year of university studies losing most of her work from the preceding 18 months, leading to her failing an exam.
– A father-of-three losing 1,000 family photographs.
– An assistant headteacher losing learning-related materials and all of his son’s GCSE coursework.
Not The Only Attack
Mr Georgeson is also reported to have carried out another cyber-attack a few months earlier on a former employer’s business. The attack on Rutland-based Millennium Computer Services, from where Mr Georgeson had been dismissed for misusing the company’s credit card to buy personal computing equipment (without permission) caused chaos to the company’s computer system, putting it out of action for 8 days.
Why?
The court was told that Mr Georgeson’s actions were the result of a crisis of depression and anxiety. The Judge, however, ruled that the motivation for the attacks were spite and revenge. After pleading guilty to two counts of unauthorised modification of computer material under the Computer Misuse Act, Mr Georgeson was jailed for 21 months.
What Does This Mean For Your Business?
This case highlights the need for businesses and organisations to have procedures and systems in place for dealing with and minimising some of the risks associated with employee exit. Although this case sounds exceptional and the former employee was found to be responsible due to malicious hacking, it should also be noted that businesses and organisations have a legal responsibility to ensure that security levels are maintained with regards to data security, and this also applies to employee exit (i.e. ‘insider threat’). In order to reduce this kind of threat, areas that businesses and organisations need to address as soon as a staff member leaves could, for example, include:
– Revoking login details and rights/permissions for company computer systems and networks.
– Revoking access to the CRM, thereby protecting data relating to the company, its customers, its other stakeholders, sales, communications and more.
– Stopping access to collaborative working apps/platforms and shared, cloud-based, remote working platforms e.g., Teams or Slack.
– Changing the person’s personal voicemail message on the company phone.
– Ensuring that the departing staff member returns all company devices. This means having procedures in place to keep a record of which company devices have been allocated to each employee.
– Retrieval of any backup/storage media e.g., USBs may also help to prevent some security threats.
– Making sure that any stored items in separate folders on the departing person’s computer are transferred back to the company/organisation or deleted.
– Having a policy in place for the regular changing of passwords and changing any passwords shared with multiple members of staff when one person leaves.
– Changing PINs for any credit/debit cards that the person was authorised to use.
– Immediately letting the team/person responsible for IT security know that a person has left, particularly if the person left ‘under a cloud.’
– Making sure that all company-related keys, pass cards, ID cards, parking passes, and any other similar items are retrieved.
– Retrieving any physical documents that the employee was issued e.g., a handbook that contains information and data that could threaten company security.
– If the departing employee’s email address and extension feature on the website and/or if that employee is featured as being in the role that they are departing from, this needs to be removed from the website. Also, check that company social media doesn’t indicate that the departed employee is still in their role e.g., on LinkedIn and Facebook. Checks should also be made to ensure that the departing employee doesn’t feature in the business/organisation’s online estate e.g., at the top of the website home page or other prominent pages.