eDiscovery Daily Blog

Fired IT Guy Deleted 23 of His Ex-Employer’s AWS Servers: Cybersecurity Trends

When it comes to data breaches and other cybersecurity threats, many people discuss the threats from outside hackers.  But, it’s the internal employees who can do as much, if not a lot more, damage to an organization’s IT infrastructure.  Especially if the internal employee has been canned and is bent on getting revenge.

An article in Naked Security (Sacked IT guy annihilates 23 of his ex-employer’s AWS servers, written by Lisa Vaas) reports that the UK’s Thames Valley Police announced on Monday that 36-year-old Steffan Needham, of Bury, Greater Manchester, was jailed for two years at Reading Crown Court following a nine-day trial.  Needham pleaded not guilty to two charges of the Computer Misuse Act – one count of unauthorized access to computer material and one count of unauthorized modification of computer material – but was convicted in January 2019.

As the Mirror reported during Needham’s January trial, the IT worker was sacked after a month of lousy performance working at a digital marketing and software company called Voova in 2016.

In the days after he got fired, Needham got busy: he used the stolen login credentials to get into the computer account of a former colleague – Andy “Speedy” Gonzalez – and then began fiddling with the account settings. Next, he began deleting Voova’s AWS servers – 23 servers of data in all, which related to clients of the company.

The company lost big contracts with transport companies as a result. Police say that the wreckage caused an estimated loss of £500,000 (about $700,000 at the time). The company reportedly was never able to claw back the deleted data.  And, it took months to track down the culprit. Needham was finally arrested in March 2017, when he was working for a devops company in Manchester.

Prosecutor Richard Moss noted during the trial that security experts agreed that Voova could have done a better job at security.  Most notable was their failure to implement two-factor authentication.

According to the 2017 Verizon Data Breach Investigations Report (DBIR) (covered by us here), 81 percent of hacking-related breaches used stolen passwords and/or weak passwords.  But, according to this infographic from Symantec, 80 percent of data breaches could have been eliminated with the use of two-factor authentication.  With two-factor authentication, a stolen password is useless if the thief doesn’t also have the device where the authorization code is being sent.  So, you should implement two-factor authentication wherever possible – Voova sure wishes they did.

So, what do you think?  Do you use two-factor authentication to secure your technology solutions?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.