Former Citibank Employee Sentenced for Causing Intentional Damage to a Protected Computer

Great, now in addition to the constant internet misuse of their, there and they’re, we get to add ‘they’ to the mix.

:-/

Love,

/grammarnazi

P.S. ***Tagline***

at approximately 6:03 p.m. that evening, Brown knowingly transmitted a code and command to 10 core Citibank Global Control Center routers, and by transmitting that code, erased the running configuration files in nine of the routers, resulting in a loss of connectivity to approximately 90% of all Citibank networks across North America.

A. Why would such a self-destruct command even exist.

It's not a "self-destruct" command. It's simply a delete command... BTW, these "journalists" appear to be nearly as well versed in technology as they are in their knowledge about firearms.

The simple fact is that network or system administrators must be among the most trusted people in any business. They literally "hold the keys to the kingdom." For instance, as a network administrator, since I had access to all of the data of our publicly traded company, I was covered under the same "insider trading" laws as our CEO, even though I really wouldn't know anything about what to do with the information.

B. Why did this guy have access to run such a command.

Security systems in modern networks allow RBAC, or "Role Based Security Access." Depending on your management role, you will have different levels of access. As a network administrator, the level of access is usually full access to do what needs to be done to modify the configuration on the routers. Those modifications include the ability to delete lines of code in the configuration, or even the entire configuration file. That's just a part of the job.

Again, it all comes down to a level of trust. They "trusted poorly."

Mark

Shutting down one server shouldn’t cause an outage if the application runs on clustered servers. *Mission critical* applications should, IMHO, run on mainframes configured in a parallel sysplex environment.

Actually, it wasn't servers, but "central routers" which are normally used to link entire data centers together, not just computers.

In businesses like CITI, you can bet that their network infrastructure is redundant, and under normal circumstances, if one or even two of those central routers fail, the other routers are capable of compensating, usually with no intervention, and it's completely transparent - Without network monitoring software, nobody would notice.

On the other hand, someone who knows how the redundant systems are configured could bring them down in such a way to ensure that the system can't compensate, and the entire network comes crashing down.

Those core routers would be in fully staffed Network Operation Centers with backups, and it should take less than 5 minutes to bring each router back on-line by uploading the backup of a configuration file (provided you don't have to reboot the router, that could add 10 minutes.)

The problem is that ANY downtime for an organization like CITI would cost the company many of millions of dollars PER MINUTE!

Mark

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.