Matt Coyne reports that a former employee of Segmark Solutions was able to hack into their computer systems, causing $7,000 damage to the system and misusing corporate credit card numbers.
My question is how was he able to do that? Did he really hack into the system or was his access not terminated when he left their employ in May 2011?
There wasn’t much information about how he did it. It could be done several ways:
1. He may have enabled remote desktop on a server or servers.
2. He may have had knowledge of a username/password combo that had admin rights (other than his own).
3. Prior to his departure in May, he may have installed a backdoor/trojan or other 3rd party software to access the servers, or compromised a workstation at the work place. If he compromised a workstation, and knew another account’s username and password, that works too.
By the way it sounds in the article, it almost seems as if he was using a compromised account or a generic admin account. The article didn’t mention he was logging in with his own account which should have been terminated. If he did use his old accounts, he may be mentally challenged, because he more than likely would be the only one to know the username and password, which would further prove he did the crime. It would be like branding his forhead guilty.
It appears they have been monitoring his activity to ensure there was only one IP using the account remotely. The probably have alot of log data on what he was doing, and attempted to do, so all that is left is being able to present that information to the courts in a manner that they can easily comprehend.
Any admin can go into an account after an employee leaves and change the password and gain access to that account if they have rights to modify accounts in active directory. So the cops probably needed the time to ensure they could say over the next xx months, the only IP that used that account potentially came from his own home.
Damages seem kind of light, I guess it depends on what they consider “damages”. if they are adding in the replacement costs of Credit Cards, administration work to assist in the investigation, additional time spent for admins to work overtime with the police to make a solid case or to have an admin working off-peak hours to restore anything that may have been deleted.
Hopefully more information will come to light on this story.