Former IT Administrator Sentenced in Insider Threat CaseCharles E. Taylor Caused $800,000 in Damages to His Former Company
A former IT administrator for an Atlanta-based building products distribution company has been sentenced to 18 months in federal prison after he sabotaged the firm by changing router passwords and shutting down a critical command server, according to the U.S. Justice Department.
See Also: Threat Briefing: Ransomware
After resigning from his job in July 2018, Charles E. Taylor of Jacksonville, Arkansas, caused more than $800,000 in damage to his former firm, which had to replace several routers and rebuild and restore its internal computer network, according to the U.S. Attorney’s Office for the Northern District of Georgia, which oversaw the case.
In February, Taylor pleaded guilty to federal charges of computer fraud after the FBI investigated the damage at his former firm. In addition to his 18-month prison sentence, Taylor must undergo three years of supervised release and pay restitution of $834,510, according to the Justice Department.
"Corporate insiders like Taylor cause significant losses through hacking activity each year, and companies must remain vigilant against insider threats to their network security," U.S. Attorney Byung J. "BJay" Pak noted after the sentencing was announced on Thursday.
The U.S. Attorney’s Office for the Northern District of Georgia has previously dealt with other insider cases involving IT managers and administrators. In June 2019, a former Equifax CIO was sentenced to four months in federal prison after being convicted of insider trading after selling his stock in the company after learning about the infamous 2017 data breach (see: Ex-Equifax CIO Gets 4-Month Prison Term for Insider Trading).
The case against Taylor stems from 2013, when he was first hired as a system administrator for an unnamed lumber and building materials wholesaler, according to the Justice Department.
Then early 2018, an Atlanta-based building products distributor - again unnamed - acquired Taylor's company. Taylor kept his job as a senior systems engineer after the merger, but he became unhappy with the owners of the now combined company and resigned in July 2018, according to the Justice Department.
One month later, Taylor initiated what the FBI called a "multi-stage sabotage campaign" against his former company. This began when he used his insider knowledge to remotely log into his former company's network and then used encryption to hide his actions from various security tools, according to federal prosecutors.
At one point, Taylor changed the passwords for the routers used at dozens of the company's warehouses, rendering them useless since employees could not log into the devices. Eventually, the routers were replaced at a total cost of $100,000, according to the Justice Department.
A few days later, Taylor shutdown the company's central command server, which crippled the firm's internal communications systems and delayed its ability to take orders from customers. It took two days for the company's IT team to rebuild and restore the server and network, which cost the firm more than $700,000 in damages and lost revenue, according to the Justice Department.
In the 2020 Verizon Data Breach Investigations Report released earlier this month, analysts found that insider threats now account for about 30% of the breaches and security incidents that they track (see: Verizon: Breaches Targeting Cloud-Based Data Doubled in 2019).
"Admittedly, there is a distinct rise in internal actors in the data set these past few years, but that is more likely to be an artifact of increased reporting of internal errors rather than evidence of actual malice from internal actors," according to the Verizon report.
The Verizon report also noted that the majority of insider threats are motivated by financial gain and not espionage or causing damaging.