A former systems engineer has wound up in prison after being found guilty of destroying critical US Army network resources in retaliation for termination.
Last week, the US Department of Justice (DoJ) said that Barrence Anthony worked for Federated IT, a federal contractor tasked with looking after US Army Chaplain Corps networks, including financial applications and training systems.
The 40-year-old, hired back in 2016, was apparently tipped off that his employment with the contractor was going to be terminated — and so chose to leave his mark on these resources before his exit.
As a systems engineer, Anthony knew his target well, which was hosted on Amazon Web Services (AWS). According to the affidavit, Anthony’s probing of the network began on around December 7, 2016, and continued after he was terminated.
US prosecutors said that not only did the Maryland-based engineer sabotage US Army Chaplain Corps servers by deleting all administrator and user accounts with the exception of his own, but also changed domain name WHOIS information to seize control.
The engineer did not have the authority to do so but was still able to contact GoDaddy and switch registrant data for the chaplaincorps.net domain to “Anthony Enterprises.”
In addition, 19 students of a Chaplaincy Resource Management course taking place in Jackson, South Carolina were unable to access the network or their accounts, which disrupted their training.
After making sure he had sole access to the army network, Anthony then “unlawfully shared proprietary information” belonging to Federated IT and went on a file-deletion spree.
Downloaded data included AWS service account information and network diagrams. Backup system images, known as Amazon Machine Images (AMIs), were also downloaded and shared.
This information has been given an estimated value of over $1 million by the engineer’s former company.
After termination, Anthony was linked to the full wipe of a test server belonging to the US Army Web Application system, and as there were no backups, this system had to be rebuilt from scratch. Prosecutors say there is “probable cause” that the engineer sent the data-deleting command, given he was the one with sole access at the time.
A total of 37,439 brute-force attacks later launched against the same system have also been attributed to Anthony.
The engineer has been sentenced in the US and will spend the next two years in prison.
Insider threats remain a constant worry and fear for the enterprise. Even if the concept of least-privilege is maintained to make sure that employees only have the access controls required for their roles, some — such as IT admins and engineers — require more than your average member of staff. The Ponemon 2018 Cost of Insider Threats report estimates that the average enterprise may suffer losses of up to $8.76 million a year due to insider threats.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0