Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

CEO revenge attack serves as warning to block out former employees

Imperva : 04 November, 2009  (Technical Article)
Imperva is warning companies to ensure that former employees' inside knowledge of corporate IT systems don't provide them with a means of taking revenge
Reports are coming in that the former CEO of a Web 2.0 services portal has been indicted for allegedly launching a distributed denial of service (DDOS) attack against his former employers,

According to Imperva, the data security specialist, the case is interesting for several reasons, most notably that the former CEO of the company used a regular application to launch his attacks.

'The fact that the former CEO allegedly used ApacheBench to launch his attack on the YouSendIt servers brings up the issue of what companies can do to stop their former employees - especially staff in a senior position - from attacking their IT resource,' said Brian Contos, Imperva's chief security strategist.

'The answer, of course, is quite a lot, as whenever a member of staff leaves, their ID and passwords should be locked out of the system, and all supervisory passwords to which they had access to should also be changed,' he added.

According to Contos, although well-executed DDOS attacks are difficult to plan ahead for, the use of multiple IP connections can go a long away to reducing their effects.

However, he went on to say, in this case, it's almost certain that the guy used his inside knowledge of the company's IT architecture to allow a relatively simple DDOS attack to cause problems.

And, Contos explained, the fact that it was a technically simple attack is almost certainly the reason why the FBI were able to quickly track down the alleged perpetrator of the ApacheWeb-generated IP sessions.

'Organisations whose staff leave the company under a cloud, as appears to have happened with this man, should always take simple security precautions against that employee causing IT-related problems,' he said.

'These simple precautions can go a long way to preventing a former employee from staging a malicious attack on their previous employer's computer systems. Increasing reliance on IT means that firms should place increased emphasis on their internal security systems,' he added.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo