IT admin sued by ex-employer for alleged malicious insider data theft

News by Max Metzger

One IT administrator is being sued by a former employer for allegedly accessing the company's networks in his new job to gain some kind of competitive advantage.

An IT administrator is being sued by his former employers for stealing information from them and handing it over to his new bosses.

Michael Leeper was employed by Oregon based sportswear company, Columbia Sportswear for four years, eventually reaching the role of senior director of technology infrastructure. In 2014, he left the position to work for Denali Advanced Integration, a purveyor of IT products and services.

According to Columbia, Denali didn't just benefit from Leeper's infosecurity expertise. Leeper is alleged to have installed two backdoors on Columbia's network and in his new position, accessed his former employer's networks over 700 times and steal data that might be relevant to Denali, whose services had previously been purchased by the company.  Denali has denied any involvement.

The claim examines one particular case in which Leeper is meant to have accessed the email accounts of one particular Columbia employee in order to gain inside information about transactions between Columbia and other IT services.

His activities reportedly spanned two years and Columbia only discovered his intrusions in summer 2016. A lawsuit was brought against Leeper shortly after.

Denali fired Leeper earlier this month. Denali's CEO Majdi Daher released a statement saying that the company noticed that Leeper “violated Denali policy through his use of a personal laptop that he acquired while employed by Columbia."  It was this violation of company policy that caused Daher's termination.

Insider security breaches deal a critical blow to the unfortunate organisations that deal with them. While traditional security tends to rely on protecting the perimeter – stopping threats from coming in – it typically does not account for what is already inside. While software level security solutions have improved dramatically, the security industry has yet to come up with the same weapons to fight off.

Most insiders breach their own companies by accident. Some circumvent cumbersome security policies in order to do their job more efficiently, others fall victim to a well crafted phishing email. Malicious insiders are rarer, but all the deadlier.

Those who know his or her way around a network will, if so inclined, know exactly where to damage it.

Brian Johnson, a former system administrator for a US paper manufacturer was recently sentenced to nearly three years in prison for doing exactly that. After Johnson was fired from his role in 2014, he wreaked millions of dollars of damage on his former employers by sabotaging the company's industrial control systems. Disgruntled former employees are often the cause of such critical breaches.

Steve Armstrong MD of Logically Secure labelled the case as “a classic problem of off-boarding processes failing or not existing in the first place. Sysadmin permissions should be revoked the second they step into the interview where they are being let go, and they should never be allowed to access the network again.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews