IT contractor indicted for sabotaging offshore rig management system

Computerworld - An IT contract employee who formerly worked at an oil and gas production company in Long Beach, Calif., was indicted yesterday on charges of sabotaging a computer system he helped set up because the company did not offer him a permanent job.

The case is the latest to highlight the challenge that businesses face in trying to protect corporate systems and networks from rogue insiders and those with privileged access to systems, such as contractors and business partners. Security analysts have warned about the heightened threats such users pose to corporations because of the broader disgruntlement resulting from layoffs and other belt-tightening steps companies have taken during the recession.

Mario Azar, 28 of Upland, Calif., was charged with illegally accessing and compromising a computer system used by Pacific Energy Resources Ltd. (PER) to monitor offshore platforms in California and Anchorage and to detect oil leaks. The indictment papers allege that Azar's actions affected the "integrity and availability" of the system and resulted in it becoming temporarily unavailable. Though no oil spill or environmental hazard occurred while the system was compromised, Azar's actions caused thousands of dollars in damage, the indictment said.

Azar had set up multiple user accounts on the system while working for PER as a contract employee, the complaint said. Azar allegedly used those accounts to illegally gain access to the system after he stopped working for the company in May 2008. The indictment said Azar planted malicious programs on the system, but it provided no other details on the kind of software used, the nature of the damage or how his actions were discovered. Azar's actions appear to have been triggered by PER's refusal to grant him permanent employment at the company, the complaint said.

Wesley Hsu, the assistant U.S. attorney prosecuting the case in federal court for the Central District of California, said he could not provide further details on the sabotage, except to say that it caused thousands of dollars in damage. If convicted on the charge, Azar faces a maximum of 10 years in prison, he said.

The incident is similar to others involving sabotage and data compromises by privileged insiders. In some of the cases, the acts stemmed from disgruntlement tied to a work situation. In September 2007 for instance, a former Unix system administrator at Medco Health Solutions Inc. pleaded guilty in federal court to attempting to sabotage critical data, including medical histories and individual prescription drug data, on more than 70 servers. His actions stemmed from fears of being laid off, federal law enforcement officials said.

Last year, a disgruntled network administrator for the city of San Francisco locked up a crucial network for days by resetting administrative passwords.

In other cases, compromises have occurred when those with privileged access to corporate data and systems try to illegally profit from the fact that they have that access. In July 2007, a senior database administrator at Certegy Check Services Inc. was found to have stolen personal records on more than 8.5 million customers. And in November 2006, a scientist who had worked for 10 years at DuPont admitted to stealing trade secrets worth $400 million from the company just before joining a rival.

Security analysts concede that dealing with such threats can pose a huge challenge for companies and typically requires the implementation of controls for monitoring and filtering network traffic and the adoption of strict role-based access controls. Perhaps most important, the analysts said, is the need for a separation of duties among professionals who have wide-ranging control and access to critical IT assets, such as database, system and network administrators.

Read more about Security in Computerworld's Security Topic Center.