A former IT administrator at the US division of a Japanese pharmaceuticals company stands accused of causing $300,000-worth of damage when he remotely deleted virtual machines supporting business critical applications.
In February, Jason Cornish allegedly accessed Shionogi’s network from a McDonald’s outlet in his hometown of Smyrna, Georgia, and installed "a software programme" that deleted various virtual machines (VMs). These included VMs hosting the company’s email server, its order tracking systems and its finance application.
That disrupted the company’s operations for a number of days. The $300,000 estimate for the damage caused includes lost business, the cost of restoring the network and of assessing the scale of the disruption.
A statement from the US Attorney’s office in New Jersey alleges that Cornish accessed the network through a different user’s account.
Cornish had resigned from Shionogi in July 2010. The statement implies the attack was in retaliation to redundancies that took place after he had left, and that affected a friend of his. "In late September 2010, shortly after Cornish had resigned from Shionogi, the company announced layoffs that would affect […] Cornish’s close friend and former supervisor," it says.
He has been charged with "knowingly transmitting computer code with the intent to damage computers in interstate commerce". The maximum penalty is a ten year prison sentence and a $250,000 fine.
The fact that Cornish was allegedly able to cause so much damage remotely could be seen as an unwanted side effect of virtualisation. Equally, however, the episode can also be seen as simply an unfortunate combination of poor user access management with inadequate business continuity provisions.