Users may underestimate the importance of enforcing permissions on your network. In fact, very few users in your network may take it seriously until the occurrence of an incident that has adverse consequences for the business. This time, the victim of the misfortune was PA Online, an Internet service provider (ISP) situated in Pennsylvania.
Dariusz J. Prugar, a former system administrator for the ISP, was recently sentenced to two years in prison and a fine of $26,000 for his malicious activities on his former employer’s company network. His actions led to a system crash that plunged thousands of PA clients (home and business) into an internet blackout. The incident occurred in 2010 and was proved to be Prugar’s act of revenge after being fired from PA Online a few days earlier.
His system admin credentials were still valid a few days after being fired from the job, and using these permissions, he planted a backdoor route into his former employer’s network and attempted to steal software he felt belonged to him.
To hide his malicious activities, Prugar further tried to cover his tracks by enabling scripts that would delete the network’s access log files.
The consequences of Prugar’s actions were extremely damaging to PA Online service provision and reputation as it plunged thousands of users into Internet darkness after the entire network crashed.
Unsuspectingly, PA Online reached out to Prugar for his assistance during this crisis. His actions aroused suspicions that prompted PA Online to call in the FBI. Prugar was demanding a rights negotiation to the software he had just stolen.
It took a whole week before services were restored to PA Online’s customers. PA Online had to suffer the brunt of the crisis later on as it shut its doors after spending a fortune rebuilding the entire network and the low customer confidence. All this was a result of the network’s permissions being retained by a disgruntled former employee.
The lesson to be learned from the PA Online crisis is quite clear: permissions to your systems and network infrastructure should never fall/remain in the hands of those without rights and responsibilities. Enforcing this simple principle in your business could be the deciding factor in your success or downfall as a business.
Our Managed IT Services can help you implement this policy by making sure that rights and permissions to your network are regularly updated upon your notification.
For more information on your network’s security, give us a call at 1-888-245-9926 or read more here Security & Compliance.