The Register® — Biting the hand that feeds IT

Feeds

Men allegedly broke into computers of former employer

Poor password hygiene indictment

Cloud based data management

Federal authorities on Wednesday filed intrusion charges against two men accused of accessing the computer systems of their former employer.

Scott R. Burgess, 45, of Jasper, Indiana, and Walter D. Puckett, 39, of Williamstown, Kentucky, both worked as managers for Indiana-based Stens Corporation until taking jobs with a competing company in Ohio, according to an indictment filed in federal court. On at least 12 occasions, they used old passwords to access their former employer's computer and access proprietary information, prosecutors allege.

Although the men left their jobs in 2004 and early 2005, they were able to use the outdated passwords successfully as late as September of 2006. On at least two occasions, administrators at Stens grew suspicious and terminated old passwords. The men simply tried different login credentials - and succeeded several times.

If convicted, they face five years in prison each and a $250,000 fine. Attorneys for the men weren't available to comment. ®

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

Latest Comments

Totally Irresponsible IT Dept.

Good grief! There are two quite simple policies that take care of this sort of thing.

1) Passwords expire. (Imagine that)

2) Accounts are terminated before a person is told they are let go, or it's the first thing done after being notified of an employee resigning.

These are THE most important security factors, not some hacker in Russia et al breaking into your server, not a viral outbreak, not which Windows patches were applied and when. Even surveys of the general population find an alarming % who admit they might trying to leave their present or former employer with company owned data.

I just can't feel any sympathy for the former employer, odds are they tired to save a dime on IT personnel and it came back to bite them in the arse.

0
0

Why is this news?

The article doesn't mention damage to former employer, so on the surface I read this as two miscreants taking advantage of an incompetent organization and prosecuted rather zealously. Why is this newsworthy again?

0
0

@Crazy Operations Guy

I second that. A certain bank I know (just think orange), did that to several staff. It got so bad that at one point, people were crossing their fingers when they entered their username and password - if you got in, it meant your job was safe - for now...

It got particularly commonplace around this time last year, when IT staff were being voided like leaves from the trees in Autumn. The worst thing was, communication was often so poor that it took up to 2-3 weeks for people to actually get official notification that their contracts had been terminated - and when that did eventually happen, the bank would shrug and say "We cancelled your contract last month. Didn't you know?"

0
0

More from The Register

 breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
 breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
Internet fraud still stings suckers
Australians twice as gullible as Americans
 breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
 breaking news
Yahoo! joins! rivals! in! PRISM! data! request! admission!
Keep calm and carry on using American tech firms, folks
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
 breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?