Revenge attack on pharmaceutical network was done via McDonalds WiFi

Opinion by Dan Raywood

A former IT administrator at a Japanese pharmaceutical company has pleaded guilty to hacking the company network and deleting 15 VMware hosts.

A former IT administrator at a Japanese pharmaceutical company has pleaded guilty to hacking the company network and deleting 15 VMware hosts.

According to a report by nj.com, Jason Cornish said that he was avenging the dismissal of his friend who was a former IT supervisor when he used a public internet connection at a McDonald's to access the Shionogi network.

Court documents said that Cornish used a company user account to gain unauthorised access to a computer server and to take control of the vSphere that he had secretly installed on the server weeks earlier from his home internet connection.

He then used this to delete the contents of each of the 15 virtual hosts on Shionogi's computer network, each of which contained the equivalent of 88 servers that represented most of Shionogi's US computer infrastructure to support email, Blackberrys, its order tracking system and its financial management software.

The attack left Shionogi without the ability to ship products or communicate via email for several days, and it estimated that it cost the company almost £500,000 in losses.

Cornish pleaded guilty and is scheduled to be sentenced on 10th November. He faces a maximum penalty of ten years in prison and a fine of up to $250,000 (£150,000).

Mark Fullbrook, UK and Ireland director at Cyber-Ark, said that this was the latest case of an IT administrator gone bad and highlights the dangers that can ensue from unmanaged privileged access. 

He said: “We've seen the San Francisco city network come crashing to a halt through Terry Childs and Sam Chihlung Yin threaten Gucci's global brand in similar incidents, all at a cost of hundreds of thousands of dollars. When will lessons be learnt?

“Whilst the punishment that Jason Cornish looks set to face sends a powerful message to the rest of the world on the repercussions of such actions, it's time that organisations start to take a proactive approach to security.

“Ultimately, organisations looking to avoid a similar fate need to ensure that networks are fully locked down and privileged access to systems is managed, controlled and recorded. This is the only way to prevent such incidents occurring in the future.”

Eric Chiu, founder and president of HyTrust, said: “The breach at Shionogi is a great example of how vulnerable virtualisation infrastructure and the cloud can be. Critical systems like email, order tracking, financial and other services were impacted, having been virtualised without the proper controls in place.

“The $800,000 in damages and multiple days of downtime at Shionogi could have been easily and very cost-effectively prevented with the right automated controls in place. Most significant is that a compromise at the virtualisation infrastructure layer is a potential compromise of everything else above it in the stack.”

Topics:

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events