Digital Forensics Dispatch

Remote Access, Hacking and $300,000 in Damage.

May 16, 2019

A former contracted IT Specialist, has been sentenced to three years in federal prison, for hacking a previous employer according to a FBI press release. Mr. Edward Soybel illegally accessed the servers of W.W. Grainger Inc., based out of Lake Forest, Illinois back in late 2016. Soybel caused damage to the company’s automated inventory management program, which is responsible for secure access to products such as safety equipment. Soybel worked for the company as an IT contractor, until his termination at the start of 2016. He was found guilty and convicted on 12 counts and has been in custody since December of 2018, after he was found to have made threats of violence against law enforcement.

Soybel accessed the previous employer’s system through remote access using credentials from his previous coworkers. Once he gained access to the network, he started deleting information off of the information systems. Ultimately, Soybel was able to delete millions of records from critical databases and reset passwords of user accounts. The deletion of records caused critical outages and loss of data availability. Forensic evidence showed that Soybel carried out the attacks for a period of four months, starting in July of 2016. The damage cost the company close to $300,000 in responding to the cyberattacks.

What’s the lesson learned here? This company is no different than any other business. Users cannot share passwords and must be forced to reset them periodically. Server and network device logs must be retained longer than the default values, and were critical in the forensic investigation.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics/