BOFH gets five years for deleting health records
By Davey Winder in Editorial
Posted in Data Protection, Blog, Security on
We can all relate to, and laugh at, the antics of your average Bastard Operator From Hell (BOFH) that rogue system admin who vents his spleen on end users and employers alike. However, sometimes a sysadmin with a grudge is no laughing matter. Such a case would be that of one Jon Paul Oson who has been jailed for five years after deleting data from his former employer’s network in an apparent act of revenge over a poor performance evaluation report.
It seems that the chap was actually pretty good at his job to start with, having been hired to work as a network engineer at a company providing services for 17 regional health clinics in the Southern California area. Within just five months he had got promotion to a technical manager role and all was going well, until the following year when he got that bad performance review and quit. This seems to have been the trigger for his particularly extreme BOFH attack on the former employer during which he first disabled the automatic backup routine for medical records, and then six days later deleted thousands of records containing appointment data and medical charts over the course of an hour.
Although fined $400,000 and sent to jail for a total of 63 months, which might seem harsh for a nerd hitting the delete key, the real human cost of this red mist has to be taken into account. It is all too easy to dismiss such an event as being all about the network: better security should have prevented it so the employer must share the blame. However, let’s remind ourselves about the chain of events here, because this was major league data vandalism with intent. First the guy disables the automatic backup system, then leaves it a week to ensure that there are plenty of files which have not been backed up and only then returns to delete them. These are files which contain the medical records of patients, a fact that as a network engineer and then technical services manager working on the system he must have been all too well aware of.
As far as I am aware nobody died as a direct result of the reckless deletion of data, if they had then I suspect Oson would have been on some kind of murder or manslaughter charge. But that was surely more a matter of luck than judgement.
There was little in the way of luck when it came to how the FBI actually managed to provide the required level of proof that Oson was behind the attack though. Despite his best efforts to conceal his involvement, which included securely wiping the drives of all but one of his home PCs, Oson did not allow for just how clever some detectives can be these days with regard to technology related evidence.
It appears that before the attack itself, ’someone’ had explored the network without permission and had done so from a computer that had drivers installed for an HP 2100 Laserjet printer. A printer which Oson possessed. No great evidence as plenty of people have these, of course. However, the Feds also noted that a second computer used in the intruder incidents was loaded with not only the HP 2100 drivers but also those for a Laserjet 4M. Guess what, Oson used both of these. Still not damning evidence, but when investigators discovered that second PC was called ‘kuku’ which was the same name as Oson’s son, and that a printer had been given the handle of ‘mike2003 HP LaserJet 4M’ and this exact same name was given to one of the printers being used by Oson when the FBI raided his house, it starts to become a little too much to put down to coincidence…
Rated: 100% (1 votes)
Loading ...Make a comment
Tag cloud
Archives
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
Most commented posts
- The 24 year old software that is still going strong
5 comments
- Home workers are sick
- Gatecrashing the WiFi hotspot party
- Big Brother Apple
- Is BT misleading consumers with Option 2 broadband?
- Spear phishing Catch 22 for Salesforce.com
- CAPTCHA, HACKEDCHA, GOTCHA
- Two years of compromised Linux security exposed
- Dumbest phisher in history revealed
- Virgin on the ridiculous
Highest Rated Blog Posts
- Why ecommerce fails (100%)
- Betting on Hubdub technology (100%)
- Chinese whispers as government implicated in UK hack attacks (100%)
- Crimeware toolkit targets 10,000 trusted sites (100%)
- Black Hat risk to migrating VMs (100%)
- Tough on cyber crime, tough on the causes of cyber crime (100%)
- Firefox 3, Beta 4, Enhancements 900, Tested 5 (100%)
- Slowly slowly catchee Government IT monkey (100%)
- Who needs another set of web standards? (100%)
- The 6.5 billion quid hello (100%)