Disgruntled IT employee sentenced to 7 months for changing passwords and MFA in revenge attack

[midian182]

What just happened? There's been another example of why disgruntled IT workers should think twice before sabotaging their current or former company's networks. A man in the UK has just been sentenced to seven months in prison for such an act, which included changing employee login credentials and multifactor authentication settings.

Police in West Yorkshire say (via The Reg) that Mohammed Umar Taj, 31, was suspended from his job in July 2022. But the company made the mistake of failing to block his network credentials straight away.

In what is said to be an act of revenge, Taj changed employee login credentials within hours of his suspension in an effort to disrupt the company's day-to-day activities. A day later, Taj changed more access credentials and altered the firm's MFA system, impacting clients in the UK, Germany, and Bahrain.

In what sounds like another poor decision on his part, Taj logged his daily activities and discussed the attack on phone recordings that were recovered by the local police's cyber team.

When your login and MFA don't work

It's estimated that Taj's actions caused the company £200,000 ($274,494) in lost business and reputational harm. At Leeds Crown Court last week, he pleaded guilty to one count of committing unauthorized acts with intent to impair the operation of or to hinder access to a computer. He was sentenced to seven months and 14 days in prison.

"Protecting your network prevents data loss and costly cyberattacks. It also maintains trust with clients and stakeholders," said Detective Sergeant Lindsey Brants of West Yorkshire Police's Cyber Crime Team. "We urge all businesses to look at their network security."

This is just the latest of many instances in which disgruntled IT workers have taken revenge on a company. One of the most recent was reported in March. It involved a developer who installed malware onto his employer's systems that would activate if he were ever fired. Upon being terminated in 2019, his code created infinite loops, deleted coworker profile files, and locked out all users. He faces up to 10 years in prison for his actions.

There was also the case of the former National Computer Systems (NCS) employee who was sentenced to nearly three years in prison in 2024 for deleting 180 test servers after being fired, costing the company almost $680,000.

Permalink to story:

Disgruntled IT employee sentenced to 7 months for changing passwords and MFA in revenge attack

 

[toooooot]

Every time one of these f*** does something like this, the rest are treated as potential felons. It sucks for all people. Instead of liking people you work with and enjoying the work, everyone must be treated as a potential criminal. Some people ruin it for everyone.

 

[Theinsanegamer]

Dumb dumb dumb. Everyone in IT knows you don’t go and change things after losing your job.

Now, if the structure of your organization requires your input to function and they lay you off, THAT is on them. Just make sure you document your requests to fix the problem.

 

[wiyosaya]

Moral of the story: If an IT employee needs to be fired, take away the employee's access after they leave for the day and before notifying the employee that their services are no longer wanted or needed.

IMO, it was pure stupidity on the part of the company who fired this employee not to have done that.

 

[WaphleStomp]

Nowadays, any company eliminating a worker should, while the news is being reported to the worker, remove his/her permissions. This type of behaviour is not new, it has happened countless times in the past and been reported numerous times. Companies should have a policy in place to immediately remove permissions the instant an employee is removed from employment.