back to article Fired Gucci IT worker accused of tearing up network

A fired network engineer has been charged with mounting a revenge hack attack against the American branch of Gucci. Sam Chihlung Yin, 34, of Jersey City, New Jersey, allegedly wreaked havoc on the network of the US branch of the Italian luxury good retailer around six months after he was dismissed by Gucci in May 2010. The …

COMMENTS

This topic is closed for new posts.
  1. Gareth

    lost productivity costs estimated at $200,000

    ..."lost productivity costs estimated at $200,000" so they missed out on selling half a dozen handbags and a pair of shoes, then?

  2. TeeCee Gold badge
    Coat

    "...damage and lost productivity costs estimated at $200,000..."

    Actual cost is a tenner, but that network's got the Gucci name on it so there's the usual markup.

    1. John Riddoch

      markup...

      Flippancy aside, the damages in these cases are generally over-stated as it makes the crime seem worse than it actually is and can push it up the sliding scale of punishments. That can be used as a lever to get an early guilty plea and/or help strike deal with prosecutors to save them time & effort.

  3. CoolKoon
    FAIL

    He's not a (or THE) REAL BOFH.

    Real BOFHs never get caught. Never EVER. Bwahahahah

    Besides, doing such large-scale damage without covering up tracks that lead back to the perpetrator (using a proxy when connecting to a VPN to connect to another VPN to connect to another VPN, deleting the account that's been used for the break-in, deleting logs etc.) seem to point to the fact that he was actually a loser, not a BOFH :P

  4. Anonymous Coward
    WTF?

    This is just stupidity on Guccis part...

    One month and ENTRIE FUCKING MONTH after he left he managed to get staff to re-enable a VPN account. Probably by asking nicely*. Then 5months later used it to apparantly take down the network...That's some pretty hefty hacking going on there.

    *I don't believe for a second that they had anything more secure than username/password and a pre shared key given the level of security surrounding their users.

    1. Anonymous Coward
      Anonymous Coward

      Probably by asking nicely?

      On the other hand, it is not unusual for ex system managers to get called up for information after their job ends. Maybe this might happen even when sacked? And while giving instructions about one thing, he might have included something else of his own choosing.

      I admit that this is all from the wildly speculative department. Yes, that is my coat.

  5. Anonymous Coward
    FAIL

    What about the others?

    We (as IT professionals) should have some sort of professional standards body. The numpties that allowed this to happen should be getting struck off.

    You don't let a surgeon who hacks up people keep operating, why should negligent administrators get away with it.

    One of our sysadmins left a couple of months ago, and a few weeks ago I got a commit email with his name on it. - it wasn't malicious, his credentials were cached on disk, another admin did it, but he was still enabled in the directory.

    Turned out so much was keyed against his credentials, that when they disabled it, Bad Things happened, and so they re-enabled it...

    AC, obviously..

  6. Anonymous Coward
    FAIL

    I would bet...

    ...that taking the network down stopped him more effectively than the IT security folks.

    With 5 months of access he could have kept email and the network down for weeks if done right. Yet, the best he could do after that time is delete some files.

    This guy is a boob noob.

  7. Anonymous Coward
    Anonymous Coward

    Funny...

    ... how nobody hears mr. Sam Chihlung Yin side of the story. So the mega-rich Guci luxury products corporations goes out freely?

    Why did they fire mr. Yin in the first place?

    Why does the mega-rich luxury products corporation handles it's IT-Human Resources follow up so carelessly (and gets away with it)?

    Sorry but after the shit from multi-mega-bank-corps from last year (and all the shit that followed after it) ruining my own professional live, I'm really paranoid about who's the good or bad guy here.

    Need more info before casting judgement.

    1. FozzyBear
      FAIL

      Don't need to

      If you were wrongfully dismissed you have many legal avenues to peruse them and admittedly much more profitable in the end too. If they dismissed you for the right reasons then you’re a friggin’ idiot and angry at the wrong person(s).

      Getting canned from your job rightly or wrongly does not give you the right to go back into the network and maliciously disrupt their business. Regardless as to whether you have correctly labeled them a bunch of bottom feeders who a best, resemble the filth stuck to the rim of a heavily used public toilet.

      1. Manu T

        Don't need to →

        You need deep pockets to walk those "many legal avenues to peruse them" in the first place.

        So justice is only for the rich and wealthy then?

        Gee, and then they wonder why (less fortunate) ppl suddenly become crazy and start shooting in schools, shopping malls, parking lots...

  8. Anonymous Coward
    Anonymous Coward

    Yes again...

    This just goes to show that you should never allow any single person root access to anything. Not router, switch, server, backup systems, etc. etc.

    No-one's day-to-day ID should have elevated access, any elevated access should be obtained via permissions added to a second ID. If anyone _really_ needs to have root, the password should be checked out of a secure database in two fragments delivered by separate people and then reset upon completion.

    This way, even if you do forget to disable someone's account, they can't do anything with it.

  9. Anonymous Coward
    Anonymous Coward

    so..................................

    We had a fired employee, a system engineer try to get back in via VPN.

    His attempts failed because our IT people are educated and they reported the social engineering attempt immediately.

This topic is closed for new posts.