Fired sysadmin at paper mill jailed after revenge ‘hack’

A system administrator who lost his job at a paper mill has been sentenced to 34 months in prison after tampering with the control systems of his former employer and causing over a million dollars in damage.

This wasn’t the work of a hacker, though. Brian Johnson, who had recently been let go by paper manufacturer Georgia-Pacific after 15 years’ service, was able to use login credentials that remained valid even after he was fired. He accessed servers via a VPN in his home, installing his own software and altering the industrial control systems.

In a two-week-long attack on the firm’s factory in Port Hudson, Louisiana, Johnson created a series of delays and caused more than $1.1 million in damage.

Paper tiger

Johnson’s reign of terror quickly came to a crashing and ignominious end. The attacks began soon after Johnson was fired, which immediately aroused the suspicion of his former employer. Georgia-Pacific swiftly sought the assistance of the FBI, who raided Johnson’s home and found the VPN connection into the company’s servers on his laptop.

After investigating Johnson’s remote sessions connected to the Port Hudson mill, FBI agents concluded that he had intentionally sabotaged his former employer in a revenge attack.

Johnson pleaded guilty to all charges in February 2016. As well as his prison sentence, a local source reports that he will be forced to pay the $1.1 million back in restitution, and must also surrender the computer devices and items used in the ‘hack.’

Mitigate revenge attacks with access management policies

Instances of employees taking revenge on their bosses are disappointingly common. Those who cause damage are sometimes opportunistic and almost always described as ‘disgruntled,’ but there is no sure-fire way to spot a potential hacker.

One thing employers can do is make sure no one has access to information that they shouldn’t. Access management policies help prevent breaches, be it by revoking access rights for employees once they leave, assessing access privileges of users who get promoted or change positions, or simply making sure that administrators provide only the minimum access necessary for everyone at the company to do their jobs.

For a more comprehensive approach to cybersecurity, organizations might consider IT Governance’s ISO 27001 Packaged Solutions.

ISO 27001 is the international standard that describes best practice for an information security management system (ISMS), and our packaged solutions provide a blend of expert-developed ISO 27001 tools and resources that are available 24/7, including books, toolkits, and online training.

Click here for more information >>