The standard procedure when someone leaves a job is to immediately deactivate their accounts and revoke their credentials. This ensures they can't get back in and cause harm if the termination goes sour. What happens though if the person being fired is an IT system administrator in charge of managing those accounts? A near total meltdown in the case of Joe Venzor and boot manufacturer Lucchese.
Venzor was let go from his position at the company's help desk and immediately turned volatile. He left the building at 10:30AM and by 11:30, the company's email and application servers had been shut down. Because of this, all activities ground to a halt at the factory and employees had to be sent home.
When the remaining IT staff tried to restart them, they discovered the core system files had been deleted and their account permissions had been demoted. Eventually the company was forced to hire a contractor to clean up all of the damage, but this resulted in weeks of backlog and lost orders.
While recovering from the attack was difficult, finding out who did it was simple. Venzor was clearly the prime suspect given the timing of the incident, so they checked his account history. They discovered he had collected usernames and passwords of his IT colleagues, created a backdoor account disguised as an office printer, and used that account from his official work computer. He was arrested last year and pleaded guilty yesterday. He is scheduled for sentencing in June and is looking at up to 10 years in prison and a $250,000 fine.