A disgruntled former Canadian Pacific Railway (CPR) employee was sentenced last week to a year in prison for intentionally causing damage to Canadian Pacific Railway computer network. It is unclear whether train services were affected, but the incident is reported to have cost the organisation approximately $30,000.
In December 2015, the employee resigned from Canadian Pacific Railway after being informed that he would be fired for insubordinate behaviour. However, before returning his laptop and remote access authentication token to the organisation, the disgruntled individual accessed CPR’s core computer network switches, through which critical data flows. He strategically deleted files, removed admin accounts or changed their passwords, returning the laptop after wiping its hard drive of any evidence of his actions. This meant IT staff were unable to access the switches, forcing them to reboot the network, causing a system outage. Forensic investigations of systems allowed the damage to be traced back to the individual concerned.
This case is a good example of how disgruntled, former employees can pose a cyber threat to organisations. Such insider threats are not unique to the rail sector. Public and private organisations in every sector need to be vigilant to such threats. It highlights the importance of ensuring IT privileges and account access is suspended when a staff member’s employment is due to be terminated, preventing malicious cyber activity from being conducted.