San Francisco locked out of its servers
A rogue system admin for the city of San Francisco locked the city computer systems and was holding the access key to ransom.
Fortunately the admin changed his mind after a conversation with his lawyers in the city cells, but still refused to give the code to anyone other than the mayor, forcing Major Newsom to visit the prison in person to retrieve the keys.
The scale is unusual but not the crime. Any business can have a disgruntled employee, no mater how well run the business or how fair the management is. they don't even need to be upset by their employer to take revenge on them in place of their real target. Placing a logic bomb can be a tempting means.
Many businesses that are involved in these events never recover. For many small businesses the data stored on their computer systems is their business. The attack need not be very sophisticated either, taking the disks out of the RAID array and tossing them from a bridge will work as well as a sophisticated hack. Its only if the attacker wants the attack to be reversible that sophistication is needed.
What can a business do to protect themselves? Keeping offsite backups for a start. Backing up the server is the job of the system administrator but making sure that the system is backed up is the responsibility of the CISO - and higher.
In the San Francisco case it is clear that the city gave too much control to a single individual - if the reports are accurate. It should not be possible for one person to have that level of access no matter how senior they are.
So why are businesses run the insecue way? I believe that a large part of the reason is to do with usability, which is one reason I am off to SOUPS at CMU today.
