Strategien


Sicherheit

Dr. Crime's Terminal of Doom and Other Tales of Betrayal, Sabotage and Skullduggery

Sarah Scalet ist Senior Editor unserer US-Schwesterpublikation CSO Online.
Zunehmend muss die Firmen-IT auch gegen Angriffe von innen geschützt werden. Wie lässt sich das erreichen, ohne die eigene Belegschaft zu verprellen?

Quelle: CIO, USA

When John Michael Sullivan moved to Charlotte, N.C., to help develop amobile computer program for Lance Inc., he hung up an old plaque. Inscribed "Dr. Crime's Terminal of Doom," the memento celebrated Sullivan's youthful love of the movie Indiana Jones and the Temple of Doom - and his reputation as a computer hacker who went by the handle Dr. Crime.

"I was a hacker long before being a hacker was cool," Sullivan wrote on a webpage the FBI later found on his hard drive, describing his affection for the plaque. "More than once I was accused (falsely?) of perpetrating acts of computer crime against various systems and agencies. But regardless if I did or didn't, I never got caught....And although I have 'settled in' to a real job, Dr. Crime still lives...quietly, anonymously and discreet."

Or not. After Sullivan was demoted at snack-food maker Lance in May 1998, he planted a logic bomb. This malicious code, set to execute onSept. 23, 1998, the anniversary of his hire date, would destroy part of the program being written for the handheld computers for Lance's sales force. When the bomb went off --months after Sullivan had resigned --more than 700 salespeople who rove the Southeastern United States with truckloads of Captain's Wafers, Cape Cod Potato Chips and Toastchee crackers couldn't communicate electronically with headquarters for days, and Lance feared the attack might cost $1million.

The evidence Dr. Crime left is unique, but the scenario? Hardly. Whether it's sabotage or the theft of trade secrets, a growing number of companies are learning the hard way that their biggest security risks are on the inside. Employees, contractors, temps and other insiders are trusted users. They know how a company works, and they understand its weaknesses--and that gives the occasional bad apple a chance to really make things rotten.

Rather than handling the situation internally as something to coverup, as do many companies faced with insider crime, Lance decided to act. "We wanted to send the message that these types of actions were not accepted by senior management," said Rudy Gragnani, vice president of IS at the $583 million company, in an interview that his edgy legal department allowed him to conduct only via e-mail. "The livelihood of our sales representatives was being impacted, and we took this situation very seriously."

Zur Startseite