Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Ex-employee wiped financial data from bikini bar

After being terminated from his job, he logged into McLane Advanced Technologies and wiped customer data

At the Bikinis Sports Bar and Grill in Austin, Texas, you can get burgers and beer served to you by cute waitresses wearing denim shorts and bikini tops. And if you're David Palmer, a recently fired IT worker, you can also break into a U.S. military contractor's computer systems and wipe out payroll files, wreaking havoc at its customers.

That's exactly what Palmer did on Jan. 21, 2010. Angry that his former employer, McLane Advanced Technologies, had fired him and then refused to help him with an unemployment benefits claim he'd made to the Texas Workforce Commission, Palmer broke into McLane's systems and deleted payroll files belonging to Lone Star Plastics, a McLane customer that makes polyethylene bags and can-liners. He also broke into a second McLane customer, Capstone Mechanical.

"The only reason for logging into any of these servers was to create general havoc and disorder for McLane Advanced Technologies the following day," Palmer told investigators, according to court records.

The plan worked. When employees at Lone Star Plastics' Prattville, Alabama, facility tried to punch in on the 21st, they discovered that the McLane server that hosted their punch clock software and payroll records had shut down. Two days later, McLane Advanced Technologies contacted the U.S. Secret Service, reporting that it had been hacked.

Palmer, formerly an IT administrator with the company, pleaded guilty to computer intrusion charges Thursday in U.S. District Court for the Western District of Texas. He's set to be sentenced on Nov. 2.

Prosecutors say that Palmer set up a back-door user account entitled "Palmer Lt" before being terminated by McLane at the end of 2009. That account was used to break into the Lone Star Plastics computer and was linked to other intrusions at McLane. Palmer had logged into it from a variety of locations, including his home address in Temple, Texas; Bikinis Sports Bar and Grill; and Buffalo Wild Wings in Waco, Texas.

Disgruntled ex-employees seem to think they can cover their tracks by logging into their former employers from restaurant Wi-Fi networks. Two weeks ago a former IT staffer at the U.S. subsidiary of Japanese drugmaker Shionogi pleaded guilty to similar charges. He had logged in from a McDonalds.

McLane Advanced Technologies sells supply chain management and IT services to the U.S. Department of Defense, state and local governments and large retailers such as Wal-Mart. The company did not return messages seeking comment.

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Buffalo, Buffalo, IDG, Wal-Mart
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: McLane Advanced Technologies, government, security, legal, cybercrime
Latest Blog Posts
Whitepapers
  • Five Things You Need to Know About Your Users Before You Deploy Business Intelligence
    In our years of experience working with companies of all types and sizes to design and deploy business intelligence systems, we’ve learned that there are five key things you need to know about your users before you roll out related technologies to them. In this paper, we will discuss these five things, as well as their implications.
    Learn more »
  • 8 reasons why Citrix NetScaler beats the competition
    Application delivery controllers (ADC) are one of the most critical elements of cloud infrastructures and enterprise data centre architectures. ADCs strongly impact performance, scale and security of the entire application environment, so it is extremely important for IT leaders to choose the right one.
    Learn more »
  • Fixing Your Dropbox Problem - How the Right Data Protection Strategy Can Help
    It’s estimated that more than 50 million people have used public cloud storage services such as Dropbox to share and exchange files. Public cloud services are so easy to use that their openness can undermine existing IT policies regarding the transmission of confidential data. With data volumes threatening to overwhelm onsite storage, IT managers are looking to find a solution that’s affordable and secure. This paper details a simple three-step approach to helping users manage access to the public cloud without placing your data or your business at risk. Read on.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments