Ride the Lightning

Guilty Plea in Pittsburgh Law Firm Breach

May 1, 2013

The Pittsburgh Post-Gazette reported on April 29th that Matthew James West, 21, had pled guilty to helping Alyson Cunningham and her husband Jonathan Cunningham access the computers of a law firm. The firm was identified only as VG, but as I indicated in an earlier version of this story, the firm appears to be Voelker & Gricks, LLP, in Pittsburgh.

Alyson had been fired by the firm in November 2011 and provided her computer password to West. She and her husband directed West, via a Skype conversation, as he entered the firm's network and inserted a program that transmitted to him passwords of anyone who logged into the network.

Mr. West, not a rocket scientist, then sent an e-mail to the firm, saying that he was a part of the hacktivist group Anonymous and was monitoring the firm's activities to confirm that it was behaving in a fair and just manner and that he was "not interested in ruining your business."

West has no prior criminal record and the charges to which he pled are misdemeanors. He will be sentenced on September 4th.

The pressing question for those involved with law firm security is this:  How in the devil did the law firm neglect to terminate Alyson's ability to connect to the network when they fired her? "Cut all means of access to the network" should be a mantra by now. If you don't have an employee termination checklist, make sure to create one.