Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fired Gucci Employee Accused of Attacking Network

Posted by CmdrTaco on from the well-that's-just-swell dept.

WrongSizeGlass writes "Computer World, Information Week, The Register are all reporting on the story of a former Gucci IT employee who is accused of a November 2010 assault on Gucci's network deleting files and virtual servers, taking a storage area network offline, and deleting mailboxes from the corporate email server. The lost productivity is estimated at $200,000. Sam Chihlung Yin, 34, of Jersey City, NJ, allegedly created a fake VPN token in the name of a non-existent employee which he tricked Gucci IT staff into activating in June 2010, a month after his employment contract was terminated by Gucci for unrelated reasons."

13 of 62 comments (clear)

  1. Hacking by SJHillman · · Score: 3, Interesting

    It's funny how the closer something is to hacking, the less the word is actually used in an article. While this seems to me to be more of a result of bad policies (admin passwords were never changes) and social engineering (which is a form of hacking) actual hacking, I find it funny that the term is hardly used at all whereas when Anonymous tries a DDoS, it's ZOMG HACK0RZ!!!! every other line.

    1. Re:Hacking by staticneuron · · Score: 2

      Social Engineering is not a form of hacking. Hacking is not always a negative connotation but in every case it involves modifying hardware and software in ways it wasn't intended. Social Engineering existed as a term way before the term hacking and has more in common with fraud because it deals with people and not with devices and software.

    2. Re:Hacking by gnud · · Score: 2

      It's not modifying society, it's leveraging how a society behaves to achieve your goal.

  2. Conjugal Visits? by chill · · Score: 2

    Conjugal visits? Not that I know of. Minimum security prison is no picnic. The trick is, kick someone's ass on the first day or become someone's bitch.

    http://www.killerclips.com/clip.php?id=74&qid=669&PHPSESSID=6ea47a84f4b8b325495d3b4b2a7ed7cd

    --
    Learning HOW to think is more important than learning WHAT to think.
  3. Re:How long.... by sandytaru · · Score: 2

    Depending on the programs used, they might just add blanket "domain users" to the admin group on their systems. We do it at our smaller sites (that have no native IT staff) because it's either that or answer emails every 15 minutes about why they can't add in Google toolbar.

    --
    Occasionally living proof of the Ballmer peak.
  4. Re:Moral of the story by The+MAZZTer · · Score: 3, Insightful

    Being fired is likely to piss off someone whether they deserve to be fired or not.

  5. Re:Moral of the story by Ogive17 · · Score: 4, Insightful

    What he got fired for is irrelevant. Sounds like a nerd's way of "going postal" is to delete as many files as possible on their way out.

    Revenge is not a smart move. You are most likely going to get caught and it will ruin your chances at future employment as soon as a prospective employer does a background check.

    --
    "Action without philosophy is a lethal weapon; philosophy without action is worthless."
  6. Re:Moral of the story by sandytaru · · Score: 4, Insightful

    I can't say I didn't fantasize about throwing a supermagnet into the data center of an ex-employer I was downsized from, but I knew better and the majority of adults I hope would know better too.

    --
    Occasionally living proof of the Ballmer peak.
  7. Unrelated reasons? by JDHannan · · Score: 3, Funny

    Thanks Gucci for not breaching time continuity for not firing him for something he would do in the future!

  8. Re:Moral of the story by hubie · · Score: 2

    I'm curious, even if he was fired without any justified reason, and let's assume for the moment that it was for some petty reason, would you think what he did was in any way justified or correct? If you are withholding judgment to hear what the cause of his termination was, I'm trying to imagine any scenario that would justify his actions. Simply being pissed off doesn't work (for me, at least). If it wasn't virtual damage, but instead if on his way out of the building he did $200k damage by smashing computer monitors, slashing the furniture, and breaking the fancy piece of art in the lobby, would it be any different in your mind?

  9. Re:Incompetent managers by deKernel · · Score: 2

    I would think this is a legal issue in the fact that the person destroyed company property without consent. Imagine if you stopped getting the newspaper delivered, and as a result, the paper boy took your car and had it stripped.

  10. Re:They owe him by Hatta · · Score: 2

    Am I desensitized by hyperbolic damage claims in other cases, or does $200,000 seem pretty low for this kind of attack?

    --
    Give me Classic Slashdot or give me death!
  11. Wait he used old passwords? by tecker · · Score: 2

    Why wasn't this guys password deactivated? Did Gucci actually have common all-powerful known to all the engineers? We did that at our little IT shop because we didn't have full control of the network (we were a first response team to the main IT guys). It seems like you would give the guys some logins to use to things, use LDAP or ActiveDirectory groups to put them in the admin user level, and then when they leave/fired/downsized/outsourced/etc revoke them from the admin group(s).

    How many times do we need to read "Fired techguy used his/known admin passwords to cause hell" before someone catches on?

    --
    Procrastinating life a way at a rapid rate of speed.