• Vengeful geek allegedly hacked Gucci

    A FORMER EMPLOYEE at the fashion house Gucci faces possible prison time for allegedly tampering with its computer network after being fired from the company.
    Prosecutors allege that Sam Chihlung Yin, 34, committed an array of computer crimes against the fashion label after having been fired as an network engineer for its US branch. They say he secretly created a ficticious user account while he was employed, then used it to access Gucci's computer systems after he was fired, shutting down some of its servers and networks, and deleted data.

    The intrusions cost Gucci more than $200,000. Yin has been hit with a 50-count indictment, which includes offences like computer tampering and identity theft. If found guilty Yin potentially faces years in prison, although his motivation seems to have been revenge rather than financial gain.
    It's alleged that Yin created a virtual private network (VPN) token in the name of a fake employee and took it with him when he was fired. He then allegedly emailed the Gucci IT department, which activated the VPN token giving Yin access to its network and computer systems.

    Prosecutors claim that Yin used the VPN access and his familiarity with the Gucci network to wreak havoc. He's accused of doing things like deleting virtual servers, shutting down the storage area network, and deleting a disk containing corporate email accounts.

    Businesses fear this kind of insider attack, as it is very difficult to defend against somebody who has such a deep knowledge of their systems. But it sounds as though this particular attack might have been avoidable if Gucci's IT department had their brains in gear.

    Source: The Inquirer