"he created a directory titled “RENEGAGE RULES.” Renegade is the name of a Gray Wireline competitor."
Is this correct? If so, it reads rather strangely.
A Texas man has been ordered to pay restitution of $16,600 and a $5,000 fine after admitting he breached the server of an engineering firm that fired him and deleted sensitive files. Ismael Alvarez of Andrews, Texas, was also sentenced to five years of probation and one year of home confinement. In December, federal …
"Alvarez through the IP address used to access the Gray Wireline server. It corresponded to the account his used with his ISP." The title says it all, all he had to do was find an open WiFi connection somewhere and he would be untracable, maybe still a suspect, but no evidence to link him.
I think perhaps 'breached' is a little over dramatic, if he was smart enough to break into the company systems without using a known username/password combo, I.E. exploiting a backdoor or other hacking technique then surely he'd have been smart enough to use a public or other unassociated IP address?
Sounds more like he had his fun because, quelle surprise, the company's security procedures are dreadful and their password security is lax.
You have to be able to trust people who have access to systems and the info they contain, so I think he got what he deserved.
Maybe if there are enough of these sorts of cases companies will realise that the biggest threat to their systems is the employee they've just pissed off, and take the appropriate precautions. Don't know if he broke in or just logged in using his old account: either way he shouldn't have been able to do it.
"During the breach, which happened a few weeks after Alvarez was fired, he created a directory titled “RENEGAGE RULES.” Renegade is the name of a Gray Wireline competitor."
If he was supposed to know anything about computers why the hell did he just leave evidence everywhere?
We need a computing version of the Darwin Awards.
Did they have a backup? (The article doesn't say.)
He's clearly not Internet savvy. Should have driven to the other side of town and used a free wifi connection, or gone to an Internet cafe, or used Tor. There are shed-loads of ways of hiding your IP, which is why normally IPs are not valid evidence. But in this case all the circumstantial evidence came together to form one BIG arrow that pointed to him.
Attacking a former employer from home, without even using a proxy. No wonder he got caught.
I'm sure he'll have plenty of time to reflect on what he should have done to avoid that while decorating his house with "Renegage Rules" scribbles.
Meanwhile, his former employer should have been a bit more diligent in changing its passwords.
Biting the hand that feeds IT © 1998–2019