Frustrated Ex-Employee Hacks Gucci Corporate Networks
The fashion house Gucci recently became the victim of a hack at the hands of a disgruntled ex-employee.
Sam Chihlung Yin, a former network engineer for the American branch of Gucci, is been accused of illegally accessing the company's servers, shutting some of them down, deleting data, and preventing Gucci employees across the country from receiving or sending emails, resulting in thousands of dollars in lost sales.
Yin's attack on Gucciâ??s computers came six months after he was fired from the luxury clothing company. To exact revenge, Yin, from Jersey City, N.J., used a fake employee account he had created while still at Gucci and tricked his former colleagues into granting him remote access to the company's servers.
After he gained nearly unfettered access to Gucci's computer network for two hours on Nov. 12, 2010, Yin deleted several virtual servers, shut down a storage area network, and deleted a disk containing the corporate mailboxes from an email server, according to court documents.
New York District Attorney Cyrus Vance indicted Yin yesterday (April 4), charging him with computer tampering and identity theft, among other cybercrimes. The computer tampering charge could land Yin behind bars for 15 years, The Register reported. In all, court documents say Yin's actions cost Gucci more than $200,000.
"Computer hacking is not a game, said Vance. It is a serious threat to corporate security that can have a devastating effect on personal privacy, jobs and the ability of a business to function at all.
Graham Cluley, the senior technology consultant at the security firm Sophos, said Yin's actions demonstrate how important it is for companies to safeguard their corporate networks.
It only takes one disaffected former worker to wreak havoc so make sure your defenses are in place, and that only authorized users can access your sensitive systems, he wrote in a Sophos blog.
Gucci's security snafu comes just as reports are surfacing that a criminal swindled Conde Nast the magazine publisher of Vogue, Glamour and GQ out of $8 million by tricking the company into paying a fake printing company.
MSNBC reports that in early November, Conde Nast received an email claiming to be from the company's magazine printer Quad/Graphics, asking for payments to be sent to a different account.
Unaware that the email was from a cybercriminal impersonating the printing company, Conde Nast faxed over the payment request and began sending regular checks to the new account. A month later, the real Quad/Graphics told Conde Nast they hadn't been receiving any payments.