The suspicion that a vengeful insider launched a virus attack on Dow Jones' corporate networks demonstrates how easily a disgruntled current or former employee can hold a network hostage.
Dow Jones was hit by a sophisticated computer virus days
after approximately two dozen IT staff members were laid off, prompting speculation
that the malware was a form of vengeful insider sabotage. Even if a malicious
insider was not to blame for the Dow Jones virus infection, a recent survey
found that organizations are very vulnerable to such attacks.
The computer virus hit Dow Jones' corporate networks on May
12, two days after 34 employees represented by the Independent Association of
Publishers' Employees were laid off, Adweek
reported May 20. Most of the laid-off staff were part of the IT department.
"Everybody's saying that somebody left it as a going-away
present," a Dow Jones employee told Adweek.
However, IAPE President Steve Yount told Adweek that was not
likely as the virus was "complicated and intricate enough" that there wasn't
enough time between when the layoffs occurred and when the infection began for
the virus to be loaded.
Dow Jones has not informed the union whether it suspects any
"current or former employee" of having any involvement in the malware incident,
Tim Martell, an IAPE spokesperson, told eWEEK. "We have no way of knowing
whether the 'pink slip virus' was simply coincidence or not," Martell
Dow Jones did not respond to requests for comment.
Organizations shouldn't dismiss the possibility of sabotage
by malicious insiders, according to Venafi
a network security provider. About 36 percent of IT professionals said they
could hold their employer's network "hostage" even after they've left the
company, Venafi found in a survey of 500 IT security specialists attending
the InfoSecurity Europe conference in April. Approximately 43 percent claimed that
if they left the company, they could still "cause havoc" with their knowledge
of the environment, and 31 percent said they could take the security keys with
them when they left the company and still access sensitive information
In most organizations, 65 percent of IT personnel are able
to access sensitive data far more easily than the company's CEO, who generally
has access to just 30 percent of the company's data. Nearly 43 percent of respondents claimed
that they've been locked out from systems or been unable to open a document
because the staffer who knew the encryption keys had either left the company or
withheld the information.
"It's astonishing how this survey demonstrates that IT
departments have easier access to sensitive information than CEOs," said Jeff
Hudson, CEO of Venafi.
There have been recent cases of malicious insiders, such as
a former network engineer at Gucci
who was indicted for going on an IT rampage where he deleted
documents and email accounts shortly after he was fired. On May 17, a superior court judge ordered a former
city network engineer, Terry Childs, to pay $1.5 million in restitution to San
Francisco for withholding passwords to the city's main computer network in July
As for Dow Jones,
employees were informed via a companywide email that its servers, network and
data weren't compromised by the virus, but that it had slowed down infected
computers, Adweek said. Employees also received numerous voicemail and email
messages to power down the computers until they could be cleaned. The virus had
"morphed," making antivirus software ineffective in detecting the infection.
There were reports that employees were unable to do any work for the better
part of the week, but eWEEK was unable to confirm those reports.
By May 18, the company had determined the virus was designed
to steal credentials from banking sites and directed employees not to use any
banking sites for the time being.