Network Engineer Gets Five Years For Destroying Former Employer's Data

Network Engineer Gets Five Years For Destroying Former Employer's Data
Network Engineer Gets Five Years For Destroying Former Employer's Data;jsessionid?articleID 8403740 

By Thomas Claburn
June 12, 2008

A San Diego network engineer, Jon Paul Oson, was sentenced to more than 
five years in prison this week for intentionally damaging computers at 
his former workplace.

The sentence issued Monday is one of the longest imposed to date in the 
United States for computer hacking, according to the Office of the U.S. 
Attorney in San Diego.

Oson was convicted last summer of accessing the network of his former 
employer, The Council of Community Health Clinics (CCC), without 
authorization. CCC provides various services to 17 regional health 
clinics in San Diego and Imperial counties in California.

According to the government's account of the jury findings, Oson 
resigned from CCC following a negative performance review. He 
subsequently accessed the CCC network, disabled the automatic backup 
process, and later deleted data and software on CCC servers, including 
patient data belonging to North County Health Services Clinic (NCHS), 
one of CCC's member clinics.

The intrusion was made through a server that held medical information 
submitted by CCC member clinics for a federal research program, 
according to the government's trial brief. Access to it was supposed to 
be restricted because it contained personally identifiable medical 
information. But the server was in fact accessible through the Internet 
using the "Remote Desktop" application that's part of Windows Terminal 
Services, with a CCC password.

During the internal CCC investigation into the breach, engineers 
concluded that the damage had to have been done by an insider who had 
knowledge of CCC's systems. Server logs revealed that the intruder had 
used a computer named "TEMP3" that had been equipped to work with anHP 
(NYSE: HPQ) 2100 LaserJet printer.

Those investigating the incident searched CCC's computer logs for other 
logins associated with that model printer. Only one CCC employee was 
found to have logged in remotely using a computer associated with an HP 
2100 printer: Jon Oson, using his CCC-supplied computer named CCC-JOSON.

Another unauthorized access was made using a computer named "KUKU," the 
nickname of Oson's son, the trial brief says. Additional evidence 
pointing to Oson was uncovered and a search warrant was obtained for 
Oson's residence. An HP 2100 LaserJet printer was found at Oson's house.

The computer seized from Oson's residence all had their operating 
systems re-installed after December 29, 2005, the date of the last 
unauthorized access, effectively erasing potential evidence on them. 
However, other evidence gathered from CCC's logs and witness testimony 
proved sufficiently compelling for the jury to convict Oson.

The trial brief says that the deletion of CCC's data hit the 
organization hard. "Patients who visited the clinic in the weeks 
following the network disruption were kept waiting hours and sometimes 
futilely while their charts were located and delivered to the 
appropriate clinic and doctor," the court documents explain. "With the 
shutdown of its Practice Management system, NCHS had to shift to a 
paper-based system. It took dedicated NCHS staff months to collect the 
paper records, input them into Practice Manager and initiate billing for 
those visits. The unavailability of charts and the associated 
computerized records impacted patient care."

Oson was ordered pay restitution of $144,358.83 to CCC and $264,979.00 
to NCHS.

Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. 

Site design & layout copyright © 1986-2014 CodeGods