(click image for larger view and for full slideshow)
Authorities on Monday indicted a former IT employee at Gucci for hacking into the company's computer network, deleting files and emails, and causing an estimated $200,000 in damage.
"Computer hacking is not a game. It is a serious threat to corporate security that can have a devastating effect on personal privacy, jobs, and the ability of a business to function at all," said Manhattan district attorney Cyrus R. Vance Jr., in a statement.
In a 50-count indictment, authorities charged the former Gucci network engineer -- named as Sam Chihlung Yin, 34, who had been fired in May 2010 for unrelated reasons -- with accessing the Gucci corporate network via VPN on November 12, 2010, and over a two-hour period deleting virtual servers, taking a storage area network offline, and deleting mailboxes from the corporate email server.
"As a result, Gucci staff [were] unable to access any documents, files, or other materials saved anywhere on its network," said authorities.
According to the district attorney's indictment, "Yin's destruction of data from the email server cut off the email access not only of corporate staff, but also of store managers across the country and the e-commerce sales team -- resulting in thousands of dollars in lost sales." While email access was restored by the end of the day, authorities said that a full clean-up took weeks or months of effort.
How did a former employee gain access to a corporate network and delete data? Authorities accuse Yin of creating "a VPN token in the name of a fictional employee," and then, when he was fired, stealing this USB-based token to gain remote access.
According to authorities, "in the months that followed, using the VPN token, Yin exploited his familiarity with Gucci's network configuration and administrator-level passwords to gain nearly unfettered access to Gucci's network."
What's the takeaway from this insider attack? "The importance of reviewing your user database and removing unknowns, changing passwords, and resetting access rights when a member of your staff leaves your employment," said Graham Cluley, senior technology consultant at Sophos, in a blog post.
"It only takes one disaffected former worker to wreak havoc -- so make sure your defenses are in place, and that only authorized users can access your sensitive systems," he said.
Subsea cable alternatives can provide a level of comfort for those concerned about disruptions. Realistically, they will continue to play a small, but critical role in the short term.
Maintaining existing network infrastructures often incurs huge technical debt before newer technologies are adopted over time.
Amid ongoing regional uncertainties, telecom infrastructure in the Middle East has expand to include terrestrial low-latency network infrastructure, which offers resilience and agility in navigating political complexities without relying solely on undersea networks.
