Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Fired IT Employee Destroys 23 of His Former Employer's AWS Servers

April 3, 2019

Naked Security reported on March 22 that a fired UK employee, terminated after only four weeks of poor performance, ripped off a former colleague’s login, steamrolled through his former employer’s Amazon Web Services (AWS) accounts, and torched 23 servers.

UK’s Thames Valley Police announced that 36-year-old Steffan Needham, of Bury, Greater Manchester, was jailed for two years at Reading Crown Court following a nine-day trial.

Needham pleaded not guilty to two charges of the Computer Misuse Act – one count of unauthorized access to computer material and one count of unauthorized modification of computer material – but was convicted in January 2019.

Needham worked at a digital marketing and software company called Voova in 2016. In the days after he got fired, Needham used stolen login credentials to get into the computer account of a former colleague – Andy “Speedy” Gonzalez – and began messing with the account settings. Then he began deleting Voova’s AWS servers.

The company lost big contracts with transport companies as a result. Police say that the damage caused an estimated loss of £500,000 (about $700,000 at the time). The company reportedly was never able to claw back the deleted data.

Voova could have done a better job at security. CEO Mark Bond admitted to the court that the company could have implemented two-factor authentication (2FA) which would have required a user to verify their identification by something they know or possess. 2FA would have made it much harder for Needham to traipse through Voova’s AWS account posing as “Speedy.”

A lesson for all employers! And make sure you have a plan in place for when employees leave that covers everything from physical access to your property and hardware like laptops, phones and access tokens, to email and call forwarding, and logins for all the company software and services they had access to. Amazing how few precautions many employers take.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Fired IT Employee Destroys 23 of His Former Employer's AWS Servers

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer