Slashdot Mirror

← Back to Stories (view on slashdot.org)

Former Sysadmin Accused of Planting 'Time Bomb' In Company's Database (bleepingcomputer.com)

Posted by BeauHD on from the tick-tock dept.

An anonymous reader writes: Allegro MicroSystems LLC is suing a former IT employee for sabotaging its database using a "time bomb" that deleted crucial financial data in the first week of the new fiscal year. According to court documents, after resigning from his job, a former sysadmin kept one of two laptops. On January 31, Patel entered the grounds of the Allegro headquarters in Worcester, Massachusetts, just enough to be in range of the factory's Wi-Fi network. Allegro says that Patel used the second business-use laptop to connect to the company's network using the credentials of another employee. While connected to the factory's network on January 31, Allegro claims Patel, who was one of the two people in charge of Oracle programming, uploaded a "time bomb" to the company's Oracle finance module. The code was designed to execute a few months later, on April 1, 2016, the first week of the new fiscal year, and was meant to "copy certain headers or pointers to data into a separate database table and then to purge those headers from the finance module, thereby rendering the data in the module worthless." The company says that "defendant Patel knew that his sabotage of the finance module on the first week of the new fiscal year had the maximum potential to cause Allegro to suffer damages because it would prevent Allegro from completing the prior year's fiscal year-end accounting reconciliation and financial reports."

3 of 143 comments (clear)

  1. RTFA, anyone? by tomhath · · Score: 5, Informative
    FTFA:

    Allegro's IT staff discovered the sabotaged Oracle finance module on April 14, 2016. Ten days later, on April 24, the IT staffers found Patel's malicious code after comparing the current database with a copy from older backups.

  2. Re:Eletronic fingerprint? by AndroidCat · · Score: 4, Informative
    "return the second laptop because the device was capable of accessing Allegro's IT network"

    It sounds like they depend on the MAC address for access security, and not-a-one-of-them has ever heard of MAC spoofing. (Or a Pingles can for extending WiFi range to off of company property.)

    --
    One line blog. I hear that they're called Twitters now.
  3. Not very good at covering tracks. by nuckfuts · · Score: 3, Informative
    FTA:

    Eventually, they traced the unauthorized access to Patel's second business laptop based on the device's "electronic fingerprint."

    By "electronic fingerprint", I suspect they're referring to the MAC address of the laptop's WiFi adapter, in which case the guy is a bit of a noob for not spoofing it.