Terminated security officer deletes former employer's data using secret account
Incident Date: September 1985
Incident Location: Fort Worth TX USA
USPA & IRA was a licensed life insurance agency and registered securities dealership based in Fort Worth, Texas. The company relied on approximately 450 independent agents to sell its services around the country. Agents were paid a commission based on their sales, which amounted to around $2 million at the time of this story.
One morning in September of 1985 company officials arrived at work to find that the computer system responsible for calculating commissions had experienced a large loss of data. Around 75% of the commission records had been deleted. The company would be unable to pay agents their commission without those records.
After analyzing system logs, personnel discovered that the deletions had occurred between 3:00 AM and 3:30 AM earlier that morning. During this time someone had executed several programs that deleted the records. But further investigation revealed that these programs had been written around three weeks prior to the incident.
Donald Gene Burleson was formerly a senior systems analyst with the company who had been involuntarily terminated within the previous three days. In his role he had served as the company’s operations manager and security officer, thereby having privileged access to the company computer. Investigators soon named Mr. Burleson as the prime suspect.
On the day that Mr. Burleson was terminated from USPA & IRA, his system account was deleted and a new password was assigned to the security officer account. However, investigators believe that he entered the company’s building three days after being terminated. During this incursion, Mr. Burleson used a secret privileged account he had created while still employed. This account allowed him to view the new password of the security officer account.
Now using the security officer account Mr. Burleson ran the programs which deleted commission records on the computer. His programs were designed to delete the records, copy themselves to a new name, delete the previous copies, and schedule the new copies to run when the normal commission records process executed. This configuration would ensure a continued source of problems as well as make tracing and stopping the record deletions more difficult.
USPA & IRA sued Mr. Burleson in civil court for illegal trespass, breach of fiduciary duty, and gross negligence. The jury agreed with the plaintiff’s argument and ordered Mr. Burleson to pay approximately $12,000 in damages.
Following this litigation, prosecutors charged him in criminal court with burglary, harmful access to a computer with loss and damages over $2,500, and criminal mischief over $750. He was found guilty following a two-week jury trial. Mr. Burleson’s sentence was seven years of supervised release and $11,800 in restitution to the company.
Fortunately, USPA & IRA had backup data which allowed them to reconstruct the deleted records and pay the commissions due to the agents.
Title: Dedicated Computer Crime Units
Author: J. Thomas McEwen
Publication: National Institute of Justice
Data Destruction and Logic Bomb Case
Publication Location: Washington D.C. USA
Do you have additional information to contribute regarding this story? If so, please email firstname.lastname@example.org with the details and source.