An IT worker caused his former employer $90,000 (£58,000)-worth of damaging by sabotaging its system after resigning from the company, according to charges by the FBI.
Michael Meneses had worked for the unnamed company, which manufactures high-voltage power equipment, until January 2012. According to a criminal complaint filed by the FBI, he resigned after complaining that he had been passed over for promotion.
After leaving the company, the complaint alleges, he "launched a three-week campaign to inflict damage on the company by gaining unauthorised access to its network and sabotaging the company’s business'.
Meneses' network access rights were revoked when he left the company, but he successfully stole former colleagues' login credentials, it says. He used those credential to access the company's virtual private network (VPN) and set about sabotaging various business operations.
"Meneses’ efforts ranged from using a former colleague’s e-mail account to discourage new applicants from taking Meneses’s position, to sending commands to alter the business calendar by one month, disrupting the company’s production and finance operations," the complaint claims.
"The victim company suffered over $90,000 in damages as a result of Meneses’s intrusions."
“The defendant engaged in a 21st Century campaign of cyber-vandalism and high-tech revenge, hacking into the computer network of his former employer to disrupt its operations, thereby causing tens of thousands of dollars in damage,” stated United States Attorney Lynch. “We will hold accountable any individual who victimizes others by exploiting computer network vulnerabilities.”
Meneses faces imprisonment and a $250,000 fine if found guilty.
If the FBI's allegations are true, they reveal how access management – while essential – is not sufficient in thwarting the insider threat to information security.