Company's failure to disable account of former employee cripples prosecutors in charging him with "unauthorized" access
Incident Date: January 2003
Incident Location: Queensland Australia
An Australian man stole money from his former employer’s customers using his still active account and password, according to an account in the 2003 Australian Computer Crime & Security Survey. During January of 2003 the man remotely logged into the company’s network and accessed records of customer credit card transactions. The criminal then changed customer account details and made refunds to his own credit card using the altered accounts. The company became aware of the crime when it noticed the occurrence of the unusually large number of refunds.
Queensland Australia Police identified, arrested, and charged the man with fraud based on Section 408C of the Criminal Code (Qld) 1899. However, the prosecution ran into a problem charging him directly with computer crime offences. Since the company had failed to disable the employee’s system account once he was no longer employed, a case could not be made to show that he had obtained unauthorized access to a ‘restricted’ computer.
Title: 2003 Australian Computer Crime & Security Survey
Publication Location: Australia
Publication URL: http://www.auscert.org.au/download.html?f=65
Do you have additional information to contribute regarding this story? If so, please email firstname.lastname@example.org with the details and source.