Feature Image via Elisa Ventur (unsplash.com/@elisa_ventur) via bleepingcomputer.com.
Juliana Barile, a former part-time remote employee at an undisclosed New York credit union, pleaded guilty to unauthorized access to the bank’s computer network and destroying more 21 gigabytes of data for retribution after having been fired.
Barile was fired on 19 May 2021, at which time a staff member asked the credit union’s IT support firm to terminate Barile’s credentials. However, the IT support firm failed to do so, and two days later, Barile logged in and deleted 20,000 files and 3,500 directories from the shared drive. Deleted files included mortgage loan applications and anti-ransomware software.
- According to the indictment, Barile also opened confidential documents such as the bank’s board minutes.
- On 26 May, Barile texted a friend what she had done: “They didn’t revoke my access so I deleted p drift lol. […] I deleted their shared network documents.“
- This is yet another case where IT administrators failed to cut off or limit access to a terminated or disciplined employee
Our Insider Signal Plus newsletter contains a deeper analysis section for each of our four feature stories each month. Want to help ensure iThreat and Mike Gips are able to keep bringing you news and analysis of important insider threat incidents? If so, we would appreciate you becoming a paid subscriber to the Insider Signal Plus version of the newsletter! This was our feature article for the issue, so deeper analysis points are provided in the Plus and Free versions of the newsletter for this article.
- Fortunately, the bank had backups of much of the deleted data.
- The bank had to spend more than $10,000 to restore the deleted information.
- Barile was working remotely due to Covid-19; she may have felt a sense of impunity due to her lack of in-person or other regular interactions with staff.
- Managers should regularly check in with remote staff; remote staff may be feeling depressed, alienated, or bitter and it is important to create opportunities to assess their state of mind.
- Some companies designate staff to study group video calls for signs that staff are struggling and may pose a risk.
- The bank may wish to pursue criminal charges and a civil claim for restitution.
- In many cases, victimized companies opt to limit the negative publicity by not pursuing charges or civil action.
Sources & Additional Information
This is a feature story from the September issue of our Insider Signal Plus Newsletter in which iThreat and Michael Gips share our insights on important stories about insider threat incidents and how organizations can prevent, reduce, and respond to similar insider threat incidents. Would you like to make sure you are aware of insider and other threats facing your organization? Need to figure out who is behind the aliases, groups, websites, and communities targeting your executives, key staff, intellectual property, sensitive information, facilities, business reputation, brands, and business continuity? SignalAlert Monitoring and Investigations Programs help our clients address these problems and more.