[ISN] FBI looks into possible hacking
isn at c4i.org
Wed Jun 29 01:05:15 EDT 2005
Forwarded from: William Knowles <wk at c4i.org>
By RICK BARRETT
rbarrett [at] journalsentinel.com
June 28, 2005
The FBI is investigating whether a former P&H Mining Equipment
employee hacked into the company's computer system from his home and
copied files of projects he had worked on.
The FBI has seized about a dozen computers from the suspect's
Milwaukee home and is analyzing them for evidence that could result in
criminal charges. The former employee, a computer systems
administrator, has not been charged with a crime and is not being
named for this article.
"It takes us a while to work these cases to fruition," said Mike
Johnson, cyber crimes supervisor for the Milwaukee office of the FBI.
"They are time consuming, depending on how much data we find in the
computers," he said. "Computer hard drives keep getting bigger, and
the bigger they are, the longer it takes for us to get through them."
P&H Mining Equipment, a division of Joy Global Inc., makes some of the
world's largest mining shovels and draglines. One shovel alone can
move about 360 tons of coal in 90 seconds. The company has operations
in 46 countries.
In a search warrant affidavit, FBI investigators said the former P&H
employee was a systems administrator with the company before he was
fired on April 1.
Systems administrators have "root level" access to the computer
systems they manage, which effectively gives them master keys to open
any account and to read any file on their systems, according to the
About six weeks after the P&H employee was fired, someone accessed the
company's computer system from a remote location and turned off the
monitoring programs on a company server, according to the FBI. The
former employee was intimately familiar with the server because he
built the system, FBI officials noted.
The same day, about 3 gigabytes of data were copied from a computer
folder with the former employee's name on it, to a computer with his
home Internet address, according to the FBI.
The files were then deleted and purged from the company system. Only a
systems administrator would have the privileges to purge the files,
which permanently removes them from the system, the FBI said. P&H had
a backup tape of the former employee's folder, which indicated it
contained about 3 gigabytes worth of data.
The FBI subpoenaed the former employee's Internet service provider, in
an effort to track the copied information. It also sought a search
warrant to seize his personal computers, along with other computer
equipment, disks, magazines and papers.
Joy Global officials did not return Journal Sentinel calls asking
about the alleged computer break-in and whether any damage was done to
P&H computer systems.
The former employee might have had help accessing the system,
according to the FBI. The computer intrusion cost the company more
than $5,000 in manpower, the agency noted in the search warrant
Randall Kaiser is a Milwaukee attorney representing the former
"This is definitely not a situation where he was trying to do any
damage," Kaiser said of his client. "It's an unfortunate situation
that we are trying to resolve."
As many as half of all businesses experience break-ins from computer
hackers, also called crackers, but most don't report it to law
enforcement, according to a government report. As many as 70% of
businesses included in a Computer Security Institute survey said they
didn't report computer intrusions to the FBI because they didn't want
About 85% of all computer break-ins are done by company insiders, said
Michael Higgins, managing director of TekSecure Labs, a Woodbridge,
Va., technologies firm that helps large companies protect their data.
Higgins was not familiar with this particular FBI investigation. But
he said it's not unusual for people to try and steal something from
their former employers' computers, either for personal gain or as
revenge for being fired.
A fired computer administrator can cause a great deal of harm.
"If you fire the guy with the keys to the kingdom, you had better do
it very carefully," Higgins said. "There have been numerous cases
where fired employees knew the back doors to get inside the company,
and destroying data is one of the ways they use to get revenge."
Companies should have a plan that spells out what steps to take when a
computer systems manager leaves his employment, according to Higgins.
Some plans can be thwarted if the former employee has personal
contacts in the company willing to assist in a computer break-in. But
any employee who offers help puts himself at tremendous risk, Higgins
"Communications without intelligence is noise; Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
More information about the ISN