Dow Jones was hit by a sophisticated computer virus days after approximately two dozen IT staff were laid off, prompting speculation that the malware was a form of vengeful insider sabotage. Even if a malicious insider was not to blame for the Dow Jones virus infection, a recent survey found that organisations are very vulnerable to such attacks.

The computer virus hit Dow Jones’ corporate networks on May 12, two days after 34 employees, represented by the Independent Association of Publishers’ Employees, were laid off, Adweek reported May 20. Most of the laid off staff were part of the IT department.

“Everybody’s saying that somebody left it as a going-away present,” a Dow Jones employee told Adweek.

No Time For Complex Virus Infection

IAPE president Steve Yount told Adweek that was not likely as the virus was “complicated and intricate enough” that there was not enough time between when the layoffs occurred and when the infection began for the virus to be loaded.

Dow Jones has not informed the union whether it suspects any “current or former employee” of having any involvement in the malware incident, Tim Martell, an IAPE spokesperson, told eWEEK. “We have no way of knowing whether the ‘pink slip virus’ was simply coincidence or not,” Martell said.

Dow Jones did not respond to requests for comment.

Organisations should not dismiss the possibility of sabotage by malicious insiders, according to Venafi, a network security provider. About 36 percent of IT professionals said they could hold the employer’s network “hostage” even after they have left the company, Venafi found in a survey of 500 IT security specialists attending InfoSecurity Europe conference in April. Approximately 43 percent claimed that if they left the company, they could still “cause havoc” with their knowledge of the environment and 31 percent said they could take the security keys with them when they left the company and still access sensitive information remotely.

In most organisations, 65 percent of IT personnel are able to access sensitive data far more easily than the company’s CEO, who generally has access to just 30 percent of data. Nearly 43 percent of respondents claimed that they have been locked out from systems or been unable to open a document because the staffer who knew the encryption keys had either left the company or withheld the information.

“It’s astonishing how this survey demonstrates that IT departments have easier access to sensitive information than CEOs,” said Jeff Hudson, CEO of Venafi.

There have been recent cases of malicious insiders, such as a former network engineer at Gucci America who was indicted for going on an IT rampage where he deleted documents and email accounts shortly after he was fired. On May 17, a superior court judge ordered former city network engineer, Terry Childs, to pay $1.5 million (£930,694) in restitution to San Francisco for withholding passwords to the city’s main computer network in July of 2008.

As for Dow Jones, employees were informed via a company-wide email that its servers, network and data were not compromised by the virus, but that it had slowed down infected computers, Adweek said. Employees also received numerous voicemail and email messages to power down the computers until they could be cleaned. The virus had “morphed”, making antivirus software ineffective in detecting the infection. There were reports that employees were unable to do any work for the better part of the week, but eWEEK was unable to confirm them.

By May 18, the company had determined the virus was designed to steal credentials from banking sites and directed employees not to use any banking sites for the time being.

Fahmida Y Rashid eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved.

Published by
Fahmida Y Rashid eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved.

Recent Posts

Google Must Face Trial In Ad Tech Monopoly Case

Google loses bid for summary judgement as judge says 'too many facts in dispute' as…

5 hours ago

Silicon In Focus Podcast: Feeding the Machine

Learn how your business can meet the challenges associated with managing data across multiple platforms…

5 hours ago

Apple, Meta Likely To Face EU Antitrust Charges

Apple, Facebook parent Meta reportedly likely to face EU antitrust charges before August under new…

5 hours ago

Adobe Shares Jump On AI Success

Adobe shares post biggest gains in more than four years after it reports user take-up…

6 hours ago

Winklevoss’ Gemini To Pay $50m In Crypto Fraud Settlement

Winklevoss twins' Gemini Trust to pay $50m to settle cypto fraud claims over failed Gemini…

6 hours ago

Meta Delays EU AI Launch After Privacy Complaints

Meta delays Europe launch of AI in Europe after user, privacy group complaints over plans…

7 hours ago