Poor IT Security Highlighted in Recent Hack into CEO’s PowerPoint

Jay Decenella, IT audit expert
June 22, 2011 /

An angry IT manager in Baltimore has penetrated his former boss’s computer to replace the PowerPoint with pornographic images of a woman, which highlighted the organization’s poor IT security system in place.

Walter Powell, 52, used to be the director of management information systems at Baltimore Substance Abuse Systems (BSAS) Inc., but was fired days before the hack occurred.

The IT security breach was Baltimore’s first case of hacking according to the city’s state attorney’s office.

Sophos technology consultant Graham Cluley said: “Cases like this underline the importance of having a proper process in place when staff leave your company. That means changing passwords, and removing access rights when an employee’s time at your firm comes to an end.

“People do, of course, leave jobs all the time and most of them would never dream of logging back in to their old place of work to cause trouble. But it only takes one disaffected former worker to wreak havoc – so make sure your defences are in place, and that only authorised users can access your sensitive systems.”

Powell allegedly used his access to BSAS’s IT system to plant a keylogger that helped him to steal the passwords of at least five other employees, according to a press release.

The statement added that the former IT manager broke into BSAS’s IT system more than a hundred times over 32 days.

On one occasion, Powell hijacked Greg Warren’s (BSAS CEO) PowerPoint presentation during a board meeting and remotely replaced the content with images of a nude woman.

According to Warren, the IT security breach had cost $80,000 on the organization’s audit systems.

Behavioral Conditions Circuit Court Judge Brooke Murdock sentenced Powell to two years imprisonment, 100 hours of community service and three years of probation.

Powell was also banned from going near the organization or the home of the chief executive.

The court further barred him from possessing software that enables remote access and monitoring of other computers.

Powell pleaded guilty to two counts of unlawful access to a computer causing a malfunction.

The former IT manager also pleaded guilty to one count of possessing a pass code without authorization.

 

Share your opinion