Fired from a job as a technology contractor for a Toyota factory in Kentucky, Ibrahimshah Shahulhameed went home, logged into the company's computer network and attacked it with programming commands.

It took the automaker months to fix the damage and landed Shahulhameed in prison. He is appealing the conviction.

While attention has been drawn recently to outsiders suspected of attacking companies such as Home Depot and JPMorgan Chase & Co, Shahulhameed's case illustrates the growing threat from within. US companies and organisations suffered $40 billion in losses from unauthorised use of computers by employees last year, according to SpectorSoft based in Vero Beach, Florida, which develops software that companies can use to monitor Internet activity of their workers.

Read also:
Russian hackers behind world's biggest data heist
Female cyber sleuths hack into tech boys club


"The most costly data breaches are usually those that are created by a malicious insider," said Larry Ponemon, chairman of the Ponemon Institute, an information security research center based in Traverse City, Michigan. "These people normally have access to things external hackers generally don't have access to."

FBI warning

The FBI this week issued a warning to companies about a rise in hacking by current and former employees. Insider threats, both intentional and accidental, were cited by more than 70 per cent of information security managers as their biggest concern in an April survey.

The workers often use cloud-storage services as well as personal email accounts to transfer data, according to the September 23 public notice by the FBI and Homeland Security Department. Sometimes they remotely access computers, the warning said.

Companies have to balance giving employees access to information while monitoring for suspicious or abnormal behaviour, said Nimmy Reichenberg, vice president of marketing and strategy for Boston-based consulting company AlgoSec, which conducted the survey of IT managers.

"A lot of times it's a matter of misconfiguration," he said. "Should you be able to access your email remotely? Absolutely. Should you be able to remote desktop into an email service and get full control of an email server? Probably not. That's when bad things begin to happen."

Hospital hack

Jonathan Wolberg of Tucson, Arizona, sought revenge on his former employer, a cloud-computing company, according to prosecutors who didn't name the employer. Wolberg was found to have secretly logged into the Virginia-based company's networks following his resignation as a systems administrator in 2012 and shut down a server, according to the FBI.

The attack left hospitals responsible for surgery and urgent care without access to key information and cost hundreds of thousands of dollars to repair, according to the agency.

Wolberg pleaded guilty and was sentenced in April to 33 months in prison for intentionally causing damage to a protected computer, according to the FBI. He remains in prison, said his attorney, Jeff Zimmerman, a partner at the law firm Smith & Zimmerman in Alexandria, Virginia.


Shahulhameed "sabotaged various internal programs" and "improperly accessed proprietary trade secrets and information such as pricing information, quality testing data, and parts-testing data,'' Toyota said in an August 2012 complaint filed in US District Court for the Eastern District of Kentucky.

He was convicted in February for intentionally damaging computers at the plant in Georgetown, Kentucky, after he was fired by a Toyota contractor, according to an FBI statement. He maintains his innocence and is appealing his conviction, said Derek Gordon, a partner with the law firm Anggelis & Gordon in Lexington, who filed the appeal.

A spokesman for Toyota couldn't be immediately reached for comment.

Legal gray area

Employees who illegally access company networks can find themselves in violation of the 1986 Computer Fraud and Abuse Act. That's what happened to Robert Steele of Alexandria, Virginia, who the FBI says used a secret administrative account to download proprietary documents from a government contractor where he previously worked.

Steele illegally sifted through thousands of documents belonging to his former company while working for another contractor that competed for government work, according to the FBI. He was convicted in May 2013 of unauthorised access to a protected computer. He is appealing his conviction, said his lawyer, Christopher Amolsch.

A gray area can complicate prosecutions under the 1986 law, however, because it must be proven that workers acted in excess of their authority or without proper authorisation, Peter Toren, a partner in the Washington law firm Weisbrod, Matteis & Copley, said.

"Did you have the right to get inside the computer?" said Toren, who served as an attorney for the Department of Justice's computer crime and intellectual property section from 1992 to 1999. "Most employees can say they had the right to access and gain entry into the computer."

To convict an employee for causing damage to a computer, prosecutors must prove the worker acted with intent rather than negligence, Toren said. "It can be difficult to prove but it's all done circumstantially," he said.

Growing threat

The number of information security managers who cited insider threats as their biggest concern increased to 73 per cent in 2014 from 62 per cent in 2013, according to an April 2014 survey by AlgoSec. The concern about insider threats, which includes accidental breaches as well as intentional attacks, surpasses that of outside hackers trying to steal financial data, the survey found.

Part of the increase might be attributed to awareness of such threats driven by Edward Snowden, the former US National Security Agency contractor who took and made public secret documents about American spy programs.

Companies rely on system administrators who have privileged access to data and networks. Those employees can also do the most damage and their malice can be difficult to detect, Ponemon said.

In one case the Ponemon Institute helped investigate, a disgruntled worker at a banking and investment management company planted source code that appeared to be an attack coming from the outside to knock servers offline.

That was just a diversion. The true intent was to destroy information from within and cause physical damage to servers, costing the company millions of dollars, Ponemon said. He declined to name the company.

The institute also has seen cases where unhappy employees work as part of a conspiracy with outside hackers to attack a company. "The proportion of malicious inside cases that potentially involved a cyber syndicate seems to be on an increase," Ponemon said.

- Bloomberg