Ex-Citi worker imprisoned for sabotaging bank's computer system

Ex-Citi worker imprisoned for sabotaging bank's computer system

A former Citi employee who knocked out 90% of the bank's networks across North America after a meeting with his supervisor about his work performance, has been sentenced to nearly two years in prison.

According to prosecutors, on 23 December 2013 Lennon Ray Brown had a "discussion" about his performance in a job at Citibank's Regents Campus in Irving, Texas, that he had been in as a full time employee since February that year.

At 6:03 pm that evening Brown knowingly transmitted a code and command to 10 core Citibank Global Control Center routers, erasing the running configuration files in nine of the routers, resulting in a loss of connectivity to approximately 90% of all bank networks across North America.

Then, two minutes later, he scanned his employee identification badge to exit the campus.

In February Brown pleaded guilty to an indictment charging one count of intentional damage to a protected computer. He has now been sentenced to 21 months in prison and ordered to pay more than $77,000 in restitution.

At his sentencing hearing, a text Brown sent to a coworker shortly after his act of sabotage was read out:

"They was firing me. I just beat them to it. Nothing personal, the upper management need to see what they guys on the floor is capable of doing when they keep getting mistreated. I took one for the team. Sorry if I made my peers look bad, but sometimes it take something like what I did to wake the upper management up."

Comments: (1)

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 01 August, 2016, 13:41Be the first to give this comment the thumbs up 0 likes

Any idea how Citi restored its network and how long it took? I'm assuming the affected networks were based on homegrown systems and hosted internally.

The modern architecture using cloud, web services, app stores, third party APIs, and so on, has surely brought down time-to-market for new systems. But it has also increased the number of critical pieces of information required to run and change systems (e.g. app store passwords, API key, etc.). Furthermore, such information is generally known only to a few people in the team. As a result, the modern architecture can increase the number of people who can disrupt systems. What's worse, since these people can be employees or vendors or anyone in a modern architecture’s expanded “supply chain”, it can become harder and more time-consuming to recover from an attack, whether caused by a disgruntled or suboptimally-trained person.

To illustrate this with a recent example:

A customer's ecommerce system recently went down when an employee (intentionally) deleted a few duplicate records in the database without knowing the full impact of his action on the overall system. Had the system been internally developed and hosted, it would have taken 5 minutes to solve the problem and bring the website back up. However, the system had used many elements of the aforementioned modern architecture and it took 4 days to solve the problem; that too, only because the company was able to locate and secure the cooperation of an ex-employee involved in developing the system a year before. Needless to say, the downtime caused a financial loss, not to mention reputation damage.

Just to be clear, it’s not my intention to discourage banks from migrating their systems to modern architectures. By bringing this up, I’m merely trying to throw light on additional factors that banks may need to take into account in their migration risk and mitigation strategy.


Related News