Russian-speaking hackers aren’t the only ones doing damage. And sometimes the threat is closer than you think.
Two men were sentenced last Friday for computer hacking to eight months in prison, including four firm for the main respondent, as reported by AFP. They will also have to pay more than 20,000 euros in damages to the Regional Health Agency (ARS) Ile-de-France, victim of computer intrusions between April 11 and May 9, 2016.
Far from being a computer hack to be charged to mysterious foreign hackers, the investigation had updated the surprising profile of the attackers. He was a former computer scientist from the public administrative establishment and an executive from another regional health agency. A case that reminds us that the internal threat is not an aspect to be neglected in computer security.
“My box sank”
The investigator of the computer attack actually wanted revenge on his former client. As noted by ZDNet.fr at the hearing on October 20, the former ARS IT service provider did not digest his eviction. “I worked on Sundays and at night, but I had to lay off and my box sank,” he regretted at the hearing. “There were disagreements over the award of the contract and the services provided”, on the contrary, representatives of ARS Ile-de-France had told the magistrates, stressing that the contract had come out of the nails.
In the spring of 2016, surprisingly, the investigations carried out following the attack directed the investigators to a virtual machine of the emergency computer site of the ARS Centre-Val-de-Loire. More specifically, the police officers of the General Directorate of Internal Security discover that the attack was carried out from the administrator account of the IT manager of the regional agency, hidden behind a virtual private network. The latter then explained that he had transmitted his identifiers to the fallen IT service provider.
“The only one who can troubleshoot the infrastructure”
“It was my baby,” explained the former computer scientist in police custody. “I attacked a machine and stopped synchronization between two servers. The server took three days to go down. It was to prove to them that I was the only one who could troubleshoot the infrastructure. »
Suspected for a time of having also wanted to destroy storage servers, the computer scientist defended himself during his trial from any malicious intent. “I was not in the nuisance, otherwise I would also have deleted the virtual machine,” he told the hearing.
At the time, the computer intrusion will force the ARS to disconnect its information system, cutting off its electronic messaging for a day and putting some of its agents on technical unemployment. The public administrative establishment estimated its damage at around 50,000 euros.