An IT contract employee who formerly worked at an oil and gas production company in the US, was indicted Tuesday on charges of sabotaging a computer system he helped set up because the company did not offer him a permanent job.
The case is the latest to highlight the challenge that businesses face in trying to protect corporate systems and networks from rogue insiders and those with privileged access to systems, such as contractors and business partners. Security analysts have warned about the heightened risk posed to corporations from such users because of the broader disgruntlement resulting from layoffs and other belt-tightening steps companies have taken during the recession. .
Mario Azar, 28 of Upland, Calif., was charged with illegally accessing and compromising a computer system used by Pacific Energy Resources Ltd. (PER) to monitor offshore platforms in California and Anchorage to detect oil leaks. His indictment papers allege that Azar's actions affected the "integrity and availability" of the system and resulted in it becoming temporarily unavailable. Though no oil spill or environmental hazard resulted from the compromised system, Azar's actions caused thousands of dollars in damage, the indictment said.
Azar had set up multiple user accounts on the system while working for PER as a contract employee, the complaint said. Azar allegedly used those accounts to illegally gain access to the system after he stopped working for the company in May 2008. The indictment said Azar planted malicious programs on the system, but it provided no other details on the kind of software used, the nature of the damage or how his actions were discovered. Azar's actions appear to have been triggered by PER's refusal to grant him permanent employment at the company, the complaint said.
Wesley Hsu, the assistant U.S. attorney prosecuting the case in federal court for the Central District of California, said he could not provide further details on the sabotage, except to say that it caused thousands of dollars in damage. If convicted on the charge, Azar faces a maximum of 10 years in prison, he said.
The incident is similar to others involving sabotage and data compromises by privileged insiders. In some of the cases, the acts stemmed from disgruntlement tied to a work situation. In September 2007 for instance, a former Unix system administrator at Medco Health Solutions Inc. pleaded guilty in federal court to attempting to sabotage critical data, including medical histories and individual prescription drug data, on more than 70 servers. His actions stemmed from fears of being laid off, federal law enforcement officials said.