Angry revenge hacker case a cautionary tale

Steve Roush, Vice President, Publisher & Editor

Ladies and gentlemen, we live in a digital world, a world that offers many obvious advantages, but also comes with inherent dangers and risks -- for individuals and companies alike.

We've all read or heard about online hackers accessing personal information to commit theft or demand a ransom. It's less common for a hacker to be "one of your own" out to get revenge -- but it happens, and a case involving a hacker and Georgia-Pacific just concluded this month.

We've reported on this story since it broke back in February of 2014, when a former IT specialist and systems administrator who had worked with G-P in Port Hudson, Louisiana for almost 15 years was fired on Valentine's Day of that year and was immediately escorted from the facility.

Apparently holding a grudge for the abrupt termination, investigators said that during the next couple of weeks, the former employee used his previous accounts to access the mill's network and altered various transmitting codes and commands to the system in an act federal prosecutors say resulted in significant damage, affecting the distributed control system and quality control system for the machinery and crippled production.

After that, the FBI got involved and searched the home of the former employee, who helped write the computer code for some of the mill's paper machines, and discovered a remote connection to the Georgia-Pacific computer system running on his personal computer. It was reported that computer logs discovered on the computer documented the unauthorized entry to the mill's system, and matched with logs from Georgia-Pacific's network.

The former employee pleaded guilty last year to a count of intentionally damaging a protected computer. Last week, he was sentenced to nearly three years in federal prison and ordered to pay more than $1.1 million in damages.

There have been other cases of disgruntled former employees causing severe damage to their former employers, which should serve as a cautionary tale of the very real threat and danger that businesses and individuals face.

In this day and age, more diligence than ever is needed to see that instances like this are avoided. Know exactly who has access to such control systems and make sure all access is shut off when employees become ex-employees.

Steve Roush is Vice President and Publisher and Editor of Paperitalo Publications.

****
Advertisement--listen to Pulp and Paper Radio International