Raging Sysadmin Shuts Down Company Servers, Deletes System Files

Share this…

A former sysadmin is facing up to ten years in prison and a fine of up to $250,000 after he used a  backdoor account and sabotaged his former employer on the day he was fired.

The incident in question took place on September 1, 2016, the day Joe Vito Venzor, 41, was let go from his job as IT engineer at the help desk of Lucchese Bootmaker, a boot-making company headquartered in El Paso, Texas.

Court documents say Venzor was “volatile” and it took company employees around an hour to get him out of the building after bosses notified him of his firing around 10:30 AM.

Venzor uses backdoor account to enact revenge

At 11:30 AM, authorities say that Venzor used a hidden account he created with the name of “elplaser” and shut down the company’s email and application servers.

The latter was responsible for managing the company’s customer orders system, along with other critical systems in Lucchese’s production line, warehouse, and distribution center.

As a result of shutting down this server, activity stopped inside Lucchese’s factory, and after three hours during which time the company’s IT staff couldn’t get systems back up and running, management was forced to send 300 employees home.

Venzor also changed passwords for staff accounts

IT staffers said they couldn’t restore the email and application servers because the intruder also deleted core system files critical to both applications, and blocked existing staff accounts by changing their passwords.

Lucchese told authorities they had to hire an outside contractor to help fix the damage, and it took them weeks to catch up with lost orders and production.

Venzor’s entire hacking escapade lasted for around 45 minutes, but he failed miserably when it came to hiding his tracks.

Venzor did poor job at hiding his tracks

Suspecting Venzor was behind the attack, which occurred on the day he was fired, company and law enforcement took a look at the former employee’s account history.

Here they found that Venzor had collected the usernames and passwords of his colleagues and stored this information in a file. He later sent this file using his work email to his personal email. The order in which these employee accounts were saved in the file is the same order in which the intruder had changed passwords.

Furthermore, the “elplaser” backdoor account, which was made to look like an office laser printer, had been used before the attack. Logs showed the account was used from Venzor’s password-protected work computer.

Police arrested Venzor on October 7, 2016. The suspect was later released on a $10,000 bond and has pleaded guilty yesterday, on March 30, 2017. His sentencing hearing is scheduled for June 6, 2017.

 Source:https://www.bleepingcomputer.com/