Ex-employee wiped financial data from bikini bar
After being terminated from his job, he logged into McLane Advanced Technologies and wiped customer data
IDG News Service - At the Bikinis Sports Bar and Grill in Austin, Texas, you can get burgers and beer served to you by cute waitresses wearing denim shorts and bikini tops. And if you're David Palmer, a recently fired IT worker, you can also break into a U.S. military contractor's computer systems and wipe out payroll files, wreaking havoc at its customers.
That's exactly what Palmer did on Jan. 21, 2010. Angry that his former employer, McLane Advanced Technologies, had fired him and then refused to help him with an unemployment benefits claim he'd made to the Texas Workforce Commission, Palmer broke into McLane's systems and deleted payroll files belonging to Lone Star Plastics, a McLane customer that makes polyethylene bags and can-liners. He also broke into a second McLane customer, Capstone Mechanical.
"The only reason for logging into any of these servers was to create general havoc and disorder for McLane Advanced Technologies the following day," Palmer told investigators, according to court records.
The plan worked. When employees at Lone Star Plastics' Prattville, Alabama, facility tried to punch in on the 21st, they discovered that the McLane server that hosted their punch clock software and payroll records had shut down. Two days later, McLane Advanced Technologies contacted the U.S. Secret Service, reporting that it had been hacked.
Palmer, formerly an IT administrator with the company, pleaded guilty to computer intrusion charges Thursday in U.S. District Court for the Western District of Texas. He's set to be sentenced on Nov. 2.
Prosecutors say that Palmer set up a back-door user account entitled "Palmer Lt" before being terminated by McLane at the end of 2009. That account was used to break into the Lone Star Plastics computer and was linked to other intrusions at McLane. Palmer had logged into it from a variety of locations, including his home address in Temple, Texas; Bikinis Sports Bar and Grill; and Buffalo Wild Wings in Waco, Texas.
Disgruntled ex-employees seem to think they can cover their tracks by logging into their former employers from restaurant Wi-Fi networks. Two weeks ago a former IT staffer at the U.S. subsidiary of Japanese drugmaker Shionogi pleaded guilty to similar charges. He had logged in from a McDonalds.
McLane Advanced Technologies sells supply chain management and IT services to the U.S. Department of Defense, state and local governments and large retailers such as Wal-Mart. The company declined to comment.
- Nine charged with distributing Zeus malware
- The new security perimeter: Human Sensors
- Cyberattacks could paralyze U.S., former defense chief warns
- Security Manager's Journal: Thousands of dollars in phone calls? Management hates that.
- Everything You Know About Enterprise Security Is Wrong
- UK man charged with hacking Federal Reserve
- McAfee Offers Global Response to Nationalized Malware
- Tech Industry Praises Cybersecurity Framework From White House
- Ransomware like Cryptolocker uses Bitcoin, other virtual currencies for payment
- Trial for alleged Silk Road creator Ross Ulbricht set for November
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts