San Francisco Held Cyber-Hostage? Disgruntled Techies Have Wreaked Worse Havoc - Via Threat Level:

The purported takeover of the San Francisco government's new fiber optic network by an employee who locked out all the other administrators sounds extreme, but disgruntled or fired employees have always used computers to get a dose of revenge.

The city is still scrambling to regain control of the municipal network that handles everything from the mayor's e-mail to San Francisco's electronic court records, according to Ron Vinson, the deputy director of San Francisco's telecommunications and information services department.

Terry Childs, a city tech employee, allegedly modified the system so that only he had top level permissions. Childs was arrested Sunday and is being held on $5 million bail, after allegedly refusing to hand over the passwords.

"This is a great example of how powerful insiders can be," assuming the allegations are true, says security expert Adam Shostack, the author of the New School of Information Security. "Insiders do have a tremendous amount of power."

At the same time, such shenanigans are still rare, at least compared to how many network administrators are fired, or quit, without burning the system behind them, says Shostack. One thing's for certain: with no actual damage reported, the San Francisco incident pales next to other reported cyber-sabotage efforts.

• In 2008, Danielle Duann, a former employee of the Life Gift Organ Donation Center in Houston, Texas, was indicted for computer hacking. Duann allegedly deleted database records used to match organs to needy patients after she was fired in November, 2005. The feds say the deletions caused more than $70,000 in damages, and had the potential to affect medical treatment.




• In 2007, Lonnie Denison pleaded guilty to intentionally sabotaging a data control center in the California Independent System Operator Corporation, which the Feds described as an effort to bring down the Golden State's power grid. Denison, a contractor working at the CAL ISO, broke into a high security computer room and pushed an emergency electrical shut-off button for the computer room crashed computers that communicate with California's deregulated power market.




• In October 2003, Andrew Garcia, a former employee of monitor maker Viewsonic, was sentenced to a year in prison for deleting critical server files that were necessary for Viewsonic's Taiwan office to do work.




• In 2002, a former American Eagle Outfitters employee posted passwords and logins for the company's network on a hacker mailing list on Yahoo. He also included instructions on how to get into American Eagle's wide-area network. He put those instructions into use himself after Thanksgiving 2002, hoping to disrupt the company during the busy holiday season. For his trouble, Kenneth Patterson was sentenced to 18 months in prison.




• A former network administrator for the Inglewood, California-based Airline Coach Service and Sky Limo Company attacked his former employee's network, deleting files and changing passwords. The hack crashed the company's dispatch system, causing thousands in losses. When his house was raided by the feds, they discovered a file folder labeled "retaliation." In 2003, Alan Giang Tran plead guilty to one count of hacking.




• A disgruntled Australian engineer used a laptop and radio control equipment to dump hundreds of thousands of gallons of sewage into rivers and parks in Australia in 2000. The engineer was angry at being rejected for a job from the Maroochy Shire in Queensland, which contracted the company he worked for to make the sewage system.




• Roger Duronio, a disgruntled former UBS PaineWebber employee was sentenced to 97 months in jail for planting a time-bomb program that destroyed files on thousands of computers inside the financial giant's computer network. Duronio planted the code before his February 22, 2002 resignation, which followed repeated complaints by Duronio about his salary and bonuses. The timer for the code went off on March 4, and Duronio shorted UBS's stock on the day of the time bomb, hoping to make a profit by having the rogue code drive down the company's stock price.




• In 1996, a network administrator planted computer code that deleted the sophisticated production software of a high-tech measurement and control instruments company called Omega Engineering, causing $10 million in damages. Timothy Allen Lloyd designed the company's network, but was fired after 11 years on July 10, 1996. The time bomb went off 20 days later. After being convicted in 2000, Lloyd was eventually sentenced to 41 months imprisonment.

Despite the horror stories, at least one can be thankful that when someone in the IT department goes postal, they tend to take down the mail server, not pick up an assault rifle.

(Read Original Article - Via Threat Level.)