Dec 10, 2010 18:45 GMT  ·  By
IT technician sentenced to 18 months in prison for hacking into former employer's network
   IT technician sentenced to 18 months in prison for hacking into former employer's network

A Florida IT technician was sentenced Tuesday to 18 months in prison for repeatedly hacking into the computer network of her former employer to destroy data and lock out executives from critical systems.

Patricia Marie Fowler, 30, of Palmetto, FL, was found guilty in September of several computer intrusions resulting in damages of at least $17,000.

Fowler worked as an IT technician at Suncoast Community Health Centers (SCHC), in Ruskin, Florida, until March 13, 2009, when she was fired for insubordination.

Apparently she didn’t take this decision easily and kept a grudge against SCHC, which according to prosecutors, is a “a non-profit federally qualified community health center providing medical services to patients without access to primary healthcare and without regard to their ability to pay.”

Between the date when she was fired and April 1, 2009, the IT technician hacked into the SCHC network with the purpose to damage systems and data on multiple occasions.

According to court records, during the intrusions, she deleted and moved files from the computers of SCHC executives, changed the login credentials on administrative accounts, blocked access to network resources and modified information in the payroll system.

She even went as far as to mess with the settings of the network firewall and lock out SCHC from correcting them, which prompted the organization to call the authorities.

The FBI interviewed the former SCHC IT technician on July 15, 2009, and after initially denying involvement, she admitted being responsible and released the firewall password.

Aside from the 18-month prison sentence, Fowler was ordered by U.S. District Judge Susan C. Bucklew to serve three years of supervised release and the pay $17,243 in restitution.

The cases of disgruntled workers resorting to hacking in order to exert revenge on former employers are relatively common.

Security experts urge organizations to immediately revoke the credentials of people who are dismissed and to enforce strong access control policies across their networks.