14 DAY TRIAL // David Ernest Everett Jr., from Blaine, Minnesota, has pleaded guilty to computer hacking charges in a federal court. He faces 10 years in prison for installing malware on 1,000 computer servers administered by his former employer and crashing several of them.
Mr. Everett, 21, used to work as a tech support staffer for Wand Corporation, a firm that provides and administers computer systems for other companies, including fast-food chains such as Pizza Hut, KFC, and Burger King. Everett admitted to launching "malicious software attacks" against computers belonging to Wand's business customers, three-weeks after being fired for reasons that were not disclosed to the press.
In order to instrument his attacks, Everett developed three malicious files, which he then distributed to over 1,000 servers located in various restaurants, with the intention of crashing them. The servers are connected to the cash registries and store financial data, payroll information, inventory, and work schedules.
Fortunately, the hacker was only able to crash 25 servers until Wand Corp. was notified by its customers about the technical difficulties. Upon investigating the situation, the company's staff identified the virus implanted by Everett and were able to clean it from the rest of the servers. "We were able to minimize the damage, once we knew what was going on," Dave Perrill, vice president at Wand Corp., notes.
The investigation concluded that Everett exploited a security hole, which he became aware of while working for the company. "I think the message we should all learn from this sorry case is the importance of changing passwords and resetting access rights when a member of your staff leaves your employment," Graham Cluley, senior technology consultant for anti-virus vendor Sophos, writes.
Even though their servers crashed, the fast-food restaurants did not suffer major losses, as they were still able to serve customers. However, fixing the problem did cost Wand Corp. $49,000 and the company estimates that, if all servers had been seriously affected, the losses would have amounted to $4.25 million.
Other similar incidents that we have previously reported involve a former network admin who hacked the computers of his ex-employer and destroyed data, hoping that he would be hired back in order to fix them. Another upset employee turned the e-mail server of the company he used to work for into a spam relay, claiming that he was threatened and forced to resign by another employee of a higher rank. And then, there is, of course, the infamous case of Terry Childs, the upset network administrator, who locked the municipality of San Francisco out of its own multi-million dollar FiberWAN network.