A 40-year-old man could face up to 10 years in prison, after admitting in a US District Court to sabotaging his former employer’s computer systems.

Casey K Umetsu, of Honolulu, Hawaii, has pleaded guilty to charges that he deliberately misdirected a financial company’s email traffic and prevented customers from reaching its website in a failed attempt to convince the firm to rehire him at a greater salary.

Umetsu, who had been employed in the IT division of the prominent Hawaii-based company between 2017 and 2019, admitted to the court that he had used his former employer’s credentials to access its domain registrar, and deliberately changed the firm’s DNS records to misdirect the business’s web and email traffic.

As the Department of Justice describes, Umetsu additionally locked the company out of its domain name registrar account, preventing them from undoing the damage, for several days.

Of course, Umetsu could have easily undone the damage at any time – but from the sound of things he was waiting for his former employer to beg him to help him, and offer him a larger salary than he had previously enjoyed.

Instead, the company chose to contact the FBI.

“Umetsu criminally abused the special access privileges given to him by his employer to disrupt its network operations for personal gain,” said US Attorney Clare E. Connors. “Those who compromise the security of a computer network – whether government, business, or personal – will be investigated and prosecuted, including technology personnel whose access was granted by the victim.”

From the sound of things, the problem here is simple to understand – but all-too-common in many work environments: when someone leaves your employment you should ensure that any passwords they have previously had access to no longer work.

Even if someone quits the firm (Read more...)