Virus Attack on Dow Jones Network Raises Suspicion of Insider Malice
Dow Jones was hit by a sophisticated computer virus days after approximately two dozen IT staff members were laid off, prompting speculation that the malware was a form of vengeful insider sabotage. Even if a malicious insider was not to blame for the Dow Jones virus infection, a recent survey found that organizations are very vulnerable to such attacks.
The computer virus hit Dow Jones' corporate networks on May 12, two days after 34 employees represented by the Independent Association of Publishers' Employees were laid off, Adweek reported May 20. Most of the laid-off staff were part of the IT department.
"Everybody's saying that somebody left it as a going-away present," a Dow Jones employee told Adweek.
However, IAPE President Steve Yount told Adweek that was not likely as the virus was "complicated and intricate enough" that there wasn't enough time between when the layoffs occurred and when the infection began for the virus to be loaded.
Dow Jones has not informed the union whether it suspects any "current or former employee" of having any involvement in the malware incident, Tim Martell, an IAPE spokesperson, told eWEEK. "We have no way of knowing whether the 'pink slip virus' was simply coincidence or not," Martell said.
Dow Jones did not respond to requests for comment.
Organizations shouldn't dismiss the possibility of sabotage by malicious insiders, according to Venafi, a network security provider. About 36 percent of IT professionals said they could hold their employer's network "hostage" even after they've left the company, Venafi found in a survey of 500 IT security specialists attending the InfoSecurity Europe conference in April. Approximately 43 percent claimed that if they left the company, they could still "cause havoc" with their knowledge of the environment, and 31 percent said they could take the security keys with them when they left the company and still access sensitive information remotely.
In most organizations, 65 percent of IT personnel are able to access sensitive data far more easily than the company's CEO, who generally has access to just 30 percent of the company's data. Nearly 43 percent of respondents claimed that they've been locked out from systems or been unable to open a document because the staffer who knew the encryption keys had either left the company or withheld the information.
"It's astonishing how this survey demonstrates that IT departments have easier access to sensitive information than CEOs," said Jeff Hudson, CEO of Venafi.
There have been recent cases of malicious insiders, such as a former network engineer at Gucci America who was indicted for going on an IT rampage where he deleted documents and email accounts shortly after he was fired. On May 17, a superior court judge ordered a former city network engineer, Terry Childs, to pay $1.5 million in restitution to San Francisco for withholding passwords to the city's main computer network in July of 2008.
As for Dow Jones, employees were informed via a companywide email that its servers, network and data weren't compromised by the virus, but that it had slowed down infected computers, Adweek said. Employees also received numerous voicemail and email messages to power down the computers until they could be cleaned. The virus had "morphed," making antivirus software ineffective in detecting the infection. There were reports that employees were unable to do any work for the better part of the week, but eWEEK was unable to confirm those reports.
By May 18, the company had determined the virus was designed to steal credentials from banking sites and directed employees not to use any banking sites for the time being.