Feeds

Disgruntled admin gets 63 months for massive data deletion

Brought down by computer named 'kuku'

High performance access to file storage

An IT manager who sought revenge for an unfavorable job evaluation was sentenced to more than five years in federal prison after being convicted of intentionally triggering a massive data collapse on his former employer's computer network.

Jon Paul Oson, 38, of Chula Vista, California, was sentenced to 63 months behind bars and ordered to pay more than $409,000 in restitution, according to federal prosecutors in San Diego. He was immediately taken into custody after the sentence was handed down on Monday. It is one of the stiffest penalties ever for a computer hacking offense.

Oson was hired in May 2004 as a network engineer at the Council of Community Clinics in San Diego, a nonprofit that provides various services to 17 regional health clinics in Southern California. He performed well in that role and five months later was promoted to technical services manager. He ended up bitterly resigning a year later after a performance evaluation cited interpersonal difficulties, according to court documents.

On December 23, Oson logged onto servers belonging to his former employer and disabled the program that automatically backed up medical records for thousands of low-income patients. Six days later, he logged on again, and in the span of 43 minutes, methodically deleted the files containing patients' appointment data, medical charts and other information.

The dollar cost of Oson's rampage was pegged at $409,337.83 and accounted for expenses for technical investigations and moving to a paper-based system in the weeks following the attack. But the real toll came when doctors at North County Health Services no longer had medical records for thousands of low-income patients who sought medical care. North County Health Services contracted with Oson's employer to store the records.

Health threat

By destroying the records, Oson threatened the health of patients who visited the clinic immediately after the attack, prosecutors argued. They cited two examples, including a nine-year-old who had been diagnosed with an ear infection several days before Oson's rampage. When he returned a few weeks later, doctors had no record of the previous diagnosis, and they also had no idea he was due for a routine physical exam.

"Patients who visited the clinic in the weeks following the network disruption were kept waiting hours and sometimes futilely while their charts were located and delivered to the appropriate clinic and doctor," prosecutors said in court documents. "With the shutdown of its Practice Management system, NCHS had to shift to a paper-based system."

After ransacking his former employer's network, Oson took pains to cover his tracks. When FBI agents raided his home in May 2006, they found all but one of his PCs had been wiped clean, irretrievably destroying data that might have shown he was behind the attacks.

But Oson slipped up and left other clues. One was an HP 2100 LaserJet printer he kept at his home and another was an HP LaserJet 4M printer physically located near the workstation Oson used at his new job.

It just so happened that in the weeks leading up to the data meltdown, an intruder had cased the network by logging in from at least three different machines. One was a computer named "TEMP3" that was equipped to work with an HP 2100 LaserJet printer. A second PC happened to contain drivers for the HP 2100 and a LaserJet 4M.

Even more incriminating, the nickname of this second PC was "kuku" and one of the printers it was configured to work with was named "mike2003 HP Laserjet 4M". That just happened to match the name of Oson's son and the network name of the printer sitting by his workstation.

"At the sentencing hearing, the court talked about the impact of Oson's actions and his arrogance," Assistant US Attorney Mitchell Dembin, who prosecuted the case, wrote in an email to The Reg. "The court said that Oson seemed to think that he was the smartest guy around but, as often happens, he ran into someone smarter (the FBI)." ®

High performance access to file storage

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Big Content goes after Kim Dotcom
Six studios sling sueballs at dead download destination
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.