The Citibank employee admitted to intentionally taking down 90 percent of the company’s network across North America
A Dallas, Texas man has been sentenced to 21 months in a US federal prison and ordered to pay $77,200 (£58,500) in restitution after he intentionally disabled the internal networks of Citibank across North America while working as an employee for the company.
Lennon Ray Brown, 38, admitted to one count of intentional damage to a protected computer in an incident that IT security experts say highlights the threat posed by insiders.
Brown worked as a contract and then a full-time employee for Citibank in Irving, Texas, in 2012 and 2013 before carrying out the attack two days before Christmas on 23 December 2013, according to a statement by US government prosecutors.
Following a discussion about his work performance earlier in the day, Brown at 6:03 that evening issued a command that erased the running configuration files in nine out of 10 of Citibank’s Global Control Centre routers, resulting in a loss of loss of connectivity to about 90 percent of all Citibank networks across North America, prosecutors said.
Two minutes later he scanned his employee badge to exit the premises, they said.
The evidence presented by prosecutors included a text message sent by Brown to a colleague shortly after the attack, in which he said the company had planned to fire him and he “beat them to it”.
“Nothing personal, the upper management need to see what they guys on the floor is capable of doing when they keep getting mistreated,” he wrote.
The court referred to the incident, which was investigated by the US Secret Service, as “criminal vandalism”.
Industry observers said the case is a reminder that even as attacks by criminal gangs grow more sophisticated and dangerous, IT infrastructure is also at risk to those on the payroll.
“Don’t ignore the risks posed by the insider threat,” wrote IT security researcher Graham Cluley in a statement. “If you turn a blind eye to them and solely focus on threats coming from outside your network then you are making a big mistake.”
He said organisations can’t stop all insider threats but can attempt to limit their impact and reduce the opportunities for damage to be caused by staff.
Are you a security pro? Try our quiz!