Gucci admin accused of $200,000 IT rampage
Nixed servers, wiped data, disrupted sale of expensive shoes
A network engineer fired by fashion house Gucci has been charged with going on an IT rampage against his former employer in which he deleted data, shut down servers and left the company nursing an estimated $200,000 cleanup bill.
According to the New York District Attorney's office indictment, 34-year old Sam Chihlung Yin created a fake VPN token in the name of a non-existent employee which he tricked Gucci IT staff into activating after he was fired in May 2010.
The VPN gave him direct access into the heart of Gucci’s IT network for a period of months, which when combined with his inside knowledge and admin passwords gave him the power to cause mayhem.
Related Articles on Techworld
What allegedly followed was no subtle incursion but the tech equivalent of a full-scale frontal attack.
At its worst, Gucci US is said to have lost access to email and stored documents for 24 hours, an incident in which he also permanently destroyed some files. On 12 November 2010, he also shut down virtual servers, a Storage Area Network (SAN), and deleted a number of corporate email inboxes.
Store managers and other staff across the US were unable to access email resulting, the company claims, in thousands of dollars of lost sales.
"Computer hacking is not a game. It is a serious threat to corporate security that can have a devastating effect on personal privacy, jobs, and the ability of a business to function at all," said New York District Attorney, Cyrus R. Vance, Jr. "This Office's Cybercrime and Identity Theft Bureau is committed to preventing and prosecuting crimes such as the one charged in today's indictment."
Cases of rogue IT staff accused of wrongdoing are far from unknown although it is only recently that they have started coming to court with any regularity. Previously, police lacked the specialists to investigate crimes, legislation was sometimes lacking and companies preferred to duck negative publicity and the embarrassing implication that staff might be motivated to go bad.
That has now changed. IT staff who attack their employers or former employers are seen as being white collar criminals like any other.
As the Attorney Office’s indictment sheet makes clear, the consequences of the actions Sam Chihlung Yin is accused of could be severe. If found guilty, the Class C felony alone could land him with a prison sentence of up to 15 years.