A former IT administrator in New York was indicted this week for reportedly meddling with his former employer’s company network.
Before resigning, the employee stole company data & created a “superuser” account that let him access the network after he left.
Aa related by the office of Manhattan District Attorney Cy Vance, which announced the charges – 7 in all – on Wed., the employee, Hector Navarro, used to work at the New York department store chain, Century 21.
Bankruptcy
While Century 21 filed for bankruptcy and liquidated its stores in Sept., the events of this case happened in Oct. 2019, shortly after Navarro resigned from the company.
Says the DA’s office, Navarro worked a systems administrator & manager for Century 21’s Human Resources Systems & Administration Department, rising up from various other roles involving human resources, staffing, timekeeping, & scheduling at the company, per his LinkedIn profile.
Shortly before resigning from the company, however, Navarro reportedly stole employee data from the company & created a “superuser” account on its network, something that allowed him to access the network from anywhere after cutting ties with Century 21.
Payroll
It is not clear what kind of employee data Navarro stole, & it is assumed it was related to the company’s payroll but according to Vance, his tampering could have cost the company more than $50,000 if left unnoticed.
“If left undetected, this former employee’s alleged tampering could have cost Century 21 more than $50,000,”
Vance said in a press release Wed. “Unauthorised access to computer networks & the theft of valuable proprietary data are serious threats to the Manhattan business community.”
Mechanisms
Navarro went on to use the superuser account from his Brooklyn apartment to mess with other accounts, delete data on consultants hired to replace him, & make changes to the company’s holiday payroll policy “which, if undiscovered, would have paid certain employees for holidays whether they worked on those dates or not.”
It is unclear if the company had mechanisms in place to prevent the theft of employee data in the 1st place.
According to the DA’s office, Century 21 did not discover the breach until consultants hired to replace Navarro discovered they were unable to use the network, after he had deleted data belonging to them, presumably login credentials.
Crimes
Navarro is being charged with the following crimes:
- Criminal Mischief in the 2nd Degree, a class D felony, 3 counts,
- Attempted Grand Larceny in the 2nd Degree, a class D felony, 1 count
- Computer Tampering in the 3rd Degree, a class E felony, 3 counts
- Computer Trespass, a class E felony, 1 count
- Unauthorised Use of a Computer, a class A misdemeanour, 1 count
- Petit Larceny, a class A misdemeanour, 1 count
- Criminal Possession of Stolen Property in the 5th Degree, a class A misdemeanour, 1 count
Hybrid
The case has all the signs of a hybrid insider threat/privileged access abuse incident. Because he had access to sensitive data & infrastructure, Navarro had the ability to open, move, & steal employee data. It also allowed him to create a superuser account, essentially granting him “God Mode” access across the entire network.
While it is not possible to say whether having a solution in place to prevent Navarro’s misdeeds would have worked, there is a chance it could have given the company notice sooner that something bad was afoot.
https://www.cybernewsgroup.co.uk/virtual-conference-november-2020/