These computer criminals are part of a new sort of cyber saboteur: the disgruntled ex-employee. In recent months, axed workers have posted a company's payroll on its intranet, planted data-destroying bugs, and handed over valuable intellectual property to competitors. Although exact numbers are hard to come by, computer security experts say it is fast becoming the top technical concern at many companies. "This is a major threat," says Internet Trading Technologies CEO Craig Goldberg.COSTLY DAMAGE. Take the FBI's San Francisco office, which saw just three cases of disgruntled ex-employees breaking into corporate networks last year. So far this year, it has 15. In Boston, no cases were reported in 2000; now, there are four. That may not sound like much, but most companies want to avoid negative publicity and don't report such crimes. "This is just the tip of the iceberg," says James Hegarty, supervisor of the FBI's computer crime squad in Boston. "We think it's phenomenally underreported."
Of course, fired workers have always exacted revenge on their former employers. But this time, they're capable of much greater damage. More than ever, companies depend on computer networks that are vulnerable to electronic sabotage. With more than 30,000 Web sites filled with hacking tools that any grade-schooler could use, today's brand of getting even is far easier for alienated workers to pull off. It's also far more costly for companies. The FBI estimates the cost of the average insider attack at $2.7 million.
Many of the attacks amount to low-level extortion. One systems administrator at a hospital encrypted patient files once she learned she would be laid off. She then offered to fix the problem immediately in exchange for severance, a cash payout, and a no-prosecution agreement. The hospital signed the "golden parachute," as computer-security experts call such deals, and subsequently was unable to press charges.
So who is the typical perpetrator of cyber sabotage? An introvert prone to nursing grudges, says Bethesda (Md.)-based Political Psychology Associates Ltd. Researchers have identified six common traits in attackers: a history of personal or social frustrations, heavy computer usage, loose ethics, reduced loyalty, a sense of entitlement, and lack of empathy.
Companies rarely know how many computers they have or who is authorized to use them. And they often don't immediately terminate their ex-workers' access. Worse, one computer-security consultant cites a case in which a laid-off worker even managed to use the password of a dead co-worker to log back into a company's network, because the dead man's profile hadn't yet been deleted. International Data Corp. estimates that as many as 30% of a company's approved users are no longer around. Many executives also make the mistake of assuming firewalls will protect them. But a third of companies using firewalls say they're still hacked into, according to the Computer Security Institute.
That's why taking some simple preventative steps to centralize computer access can save a lot of money. Companies such as E*Trade Group Inc. and Oppenheimer Funds Inc. are racing to install the latest in security software, which offers the ability to instantly block laid-off workers from their entire networks. How times have changed. A year ago, companies begged to get employees to stay. Now, they're doing everything they can to keep former workers away. By Michelle Conlin with Alex Salkever in New York