Disgruntled ex-employee hacks CEO’s PowerPoint presentation to display porn

Posted on by Dissent

As if we needed yet another reminder of why you need to ensure ex-employees can no longer access the network, the Baltimore Sun reports:

It happened one day last year, as more than a dozen board members of a Baltimore substance abuse center had gathered around a conference room. The CEO was giving a PowerPoint presentation on his accomplishments.

Suddenly, his computer shut down, then restarted, replacing the latest slide with an image of a naked woman onto a 64-inch screen. …..  Today, Baltimore’s State’s Attorney’s Office announced a grand jury had indicted Walter Powell, 51, with hacking into the computer system. They described him as a disgruntled worker who allegedly used his home computer to access the system, distribute confidential emails from his boss and break into the presentation.

A press release issued by the Baltimore’s State’s Attorney’s Office, reproduced on the Baltimore Sun’s site, says that Powell has been charged with one count of gaining unauthorized access to a computer network, four counts of gaining unauthorized access to a computer network with the intent to interrupt the operation of the network, and five counts of unauthorized possession of a computer pass code.

Keeping in mind that an indictment is not proof of anything, the press release also states:

Powell is a former employee of Baltimore Substance Abuse Systems, Inc. (BSAS), where he was director of Management Information Systems until September 2009. Prosecutors allege that within weeks of his departure, Powell began accessing the BSAS computer network from his home computer. It’s further alleged that he remotely installed keystroke logging software on various computer workstations. That software could record every single key pressed by any user and then e-mail a record of those keystrokes to Powell. In this manner he was able to obtain the network passwords of at least five employees of BSAS. Over the course of 32 days, Powell accessed – or attempted to access – the BSAS network more than 100 times using the passwords of those employees.

Read more in the Baltimore Sun.

Category: Breach IncidentsMalwareMiscellaneousU.S.Unauthorized Access