Feeds

Disgruntled admin gets 63 months for massive data deletion

Brought down by computer named 'kuku'

Boost IT visibility and business value

An IT manager who sought revenge for an unfavorable job evaluation was sentenced to more than five years in federal prison after being convicted of intentionally triggering a massive data collapse on his former employer's computer network.

Jon Paul Oson, 38, of Chula Vista, California, was sentenced to 63 months behind bars and ordered to pay more than $409,000 in restitution, according to federal prosecutors in San Diego. He was immediately taken into custody after the sentence was handed down on Monday. It is one of the stiffest penalties ever for a computer hacking offense.

Oson was hired in May 2004 as a network engineer at the Council of Community Clinics in San Diego, a nonprofit that provides various services to 17 regional health clinics in Southern California. He performed well in that role and five months later was promoted to technical services manager. He ended up bitterly resigning a year later after a performance evaluation cited interpersonal difficulties, according to court documents.

On December 23, Oson logged onto servers belonging to his former employer and disabled the program that automatically backed up medical records for thousands of low-income patients. Six days later, he logged on again, and in the span of 43 minutes, methodically deleted the files containing patients' appointment data, medical charts and other information.

The dollar cost of Oson's rampage was pegged at $409,337.83 and accounted for expenses for technical investigations and moving to a paper-based system in the weeks following the attack. But the real toll came when doctors at North County Health Services no longer had medical records for thousands of low-income patients who sought medical care. North County Health Services contracted with Oson's employer to store the records.

Health threat

By destroying the records, Oson threatened the health of patients who visited the clinic immediately after the attack, prosecutors argued. They cited two examples, including a nine-year-old who had been diagnosed with an ear infection several days before Oson's rampage. When he returned a few weeks later, doctors had no record of the previous diagnosis, and they also had no idea he was due for a routine physical exam.

"Patients who visited the clinic in the weeks following the network disruption were kept waiting hours and sometimes futilely while their charts were located and delivered to the appropriate clinic and doctor," prosecutors said in court documents. "With the shutdown of its Practice Management system, NCHS had to shift to a paper-based system."

After ransacking his former employer's network, Oson took pains to cover his tracks. When FBI agents raided his home in May 2006, they found all but one of his PCs had been wiped clean, irretrievably destroying data that might have shown he was behind the attacks.

But Oson slipped up and left other clues. One was an HP 2100 LaserJet printer he kept at his home and another was an HP LaserJet 4M printer physically located near the workstation Oson used at his new job.

It just so happened that in the weeks leading up to the data meltdown, an intruder had cased the network by logging in from at least three different machines. One was a computer named "TEMP3" that was equipped to work with an HP 2100 LaserJet printer. A second PC happened to contain drivers for the HP 2100 and a LaserJet 4M.

Even more incriminating, the nickname of this second PC was "kuku" and one of the printers it was configured to work with was named "mike2003 HP Laserjet 4M". That just happened to match the name of Oson's son and the network name of the printer sitting by his workstation.

"At the sentencing hearing, the court talked about the impact of Oson's actions and his arrogance," Assistant US Attorney Mitchell Dembin, who prosecuted the case, wrote in an email to The Reg. "The court said that Oson seemed to think that he was the smartest guy around but, as often happens, he ran into someone smarter (the FBI)." ®

Build a business case: developing custom apps

More from The Register

next story
Hello, police, El Reg here. Are we a bunch of terrorists now?
Do Brits risk arrest for watching beheading video nasty? We asked the fuzz
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
EU justice chief blasts Google on 'right to be forgotten'
Don't pretend it's a freedom of speech issue – interim commish
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
This'll end well: US govt says car-to-car jibber-jabber will SAVE lives
Department of Transportation starts cogs turning for another wireless comms standard
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.