The authors of the book ‘Learn ethical hacking‘ narrate an unlikely story. A company fired one of its IT employees after only one month of hiring him and, in retaliation, the employee stole the login details of one of his former co-workers, entered one of the company’s Amazon Web Services accounts and disabled 23 servers. The former employee now faces a legal process.
The Thames Valley Police, United
Kingdom, recently announced that Steffan Needham, from Bury, Greater
Manchester, aged 36 years, has been sentenced to two years imprisonment after a
one-week trial.
According to the authors of ‘Learn ethical
hacking’, Needham was charged with two charges against the Computer Misuse Act,
an unauthorized access charge to digital material and an unauthorized
modification fee for computer equipment. As specialists from the International
Institute of Cyber Security (IICS) reported, Needham was fired after a month
doing a lousy job at Voova, a digital marketing company.
After his dismissal, Needham subtracted the
login credentials of a former co-worker to enter the company’s Amazon
Web Services (AWS) account and finally remove the AWS servers of Voova.
Due to this incident, Voova lost contracts with
some important companies of various branches, such as transport, for example.
According to the British authorities, the company lost about $700k USD, plus
the lost information may never be recovered.
Voova, like many other companies, presented
some inefficient security measures to protect their implementations in the cloud,
consider the writers of ‘Learn ethical hacking’. A Voova spokesman admitted in
front of the court that the company had omitted some essential security
measures, such as multi-factor authentication. In addition, the company forgot
to disable the accounts of Needham after fire him, which helped him to deploy
his malicious campaign against his former employers.
