Fired Employee Indicted For Hacking Gucci Network

Former network engineer accused of using stolen VPN token to delete corporate data and email boxes.

Mathew Schwartz

April 5, 2011

2 Min Read
Network Computing logo

Strategic Security Survey: Global Threat, Local Pain

Strategic Security Survey: Global Threat, Local Pain

Strategic Security Survey: Global Threat, Local Pain (click image for larger view and for full slideshow)

Authorities on Monday indicted a former IT employee at Gucci for hacking into the company's computer network, deleting files and emails, and causing an estimated $200,000 in damage.

"Computer hacking is not a game. It is a serious threat to corporate security that can have a devastating effect on personal privacy, jobs, and the ability of a business to function at all," said Manhattan district attorney Cyrus R. Vance Jr., in a statement.

In a 50-count indictment, authorities charged the former Gucci network engineer -- named as Sam Chihlung Yin, 34, who had been fired in May 2010 for unrelated reasons -- with accessing the Gucci corporate network via VPN on November 12, 2010, and over a two-hour period deleting virtual servers, taking a storage area network offline, and deleting mailboxes from the corporate email server.

"As a result, Gucci staff [were] unable to access any documents, files, or other materials saved anywhere on its network," said authorities.

According to the district attorney's indictment, "Yin's destruction of data from the email server cut off the email access not only of corporate staff, but also of store managers across the country and the e-commerce sales team -- resulting in thousands of dollars in lost sales." While email access was restored by the end of the day, authorities said that a full clean-up took weeks or months of effort.

How did a former employee gain access to a corporate network and delete data? Authorities accuse Yin of creating "a VPN token in the name of a fictional employee," and then, when he was fired, stealing this USB-based token to gain remote access.

According to authorities, "in the months that followed, using the VPN token, Yin exploited his familiarity with Gucci's network configuration and administrator-level passwords to gain nearly unfettered access to Gucci's network."

What's the takeaway from this insider attack? "The importance of reviewing your user database and removing unknowns, changing passwords, and resetting access rights when a member of your staff leaves your employment," said Graham Cluley, senior technology consultant at Sophos, in a blog post.

"It only takes one disaffected former worker to wreak havoc -- so make sure your defenses are in place, and that only authorized users can access your sensitive systems," he said.

About the Author(s)

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights