Sacked IT Guy Annihilates 23 of His Ex-Employer’s AWS Servers
by Lisa Vaas
March 22, 2019
An employee-from-hell has
been jailed after he got fired (after a measly four weeks), ripped off a former
colleague’s login, steamrolled through his former employer’s Amazon Web
Services (AWS) accounts, and torched 23 servers.
The UK’s Thames Valley Police announced on Monday
that 36-year-old Steffan Needham, of Bury, Greater Manchester, was jailed for
two years at Reading Crown Court following a nine-day trial.
Needham pleaded not guilty
to two charges of the Computer Misuse Act – one count of unauthorized access to
computer material and one count of unauthorized modification of computer
material – but was convicted in January 2019.
As the Mirror reported during
Needham’s January trial, the IT worker was sacked after a month of lousy
performance working at a digital marketing and software company called Voova in
In the days after he got
fired, Needham got busy: he used the stolen login credentials to get into the
computer account of a former colleague – Andy “Speedy” Gonzalez – and then
began fiddling with the account settings. Next, he began deleting Voova’s AWS
The company lost big
contracts with transport companies as a result. Police say that the wreckage
caused an estimated loss of £500,000 (about $700,000 at the time). The company
reportedly was never able to claw back the deleted data.
It took months to track
down the culprit. Needham was finally arrested in March 2017, when he was
working for a devops company in Manchester.
oova, like all companies,
should have done a few things to protect itself from this sort of nightmare.
Security experts had agreed, prosecutor Richard Moss noted during the trial,
that Voova could have done a better job at security.
Voova CEO, Mark Bond, admitted to the court that the company
could have implemented two-factor authentication (2FA):
There was no multi-factor
authentication, a means of confirming the user ID which requires a user to
verify their identification by something they know or possess.
2FA would have made it much
harder for Needham to traipse through Voova’s AWS account posing as “Speedy.”
Of course, you also have to
lock the door after employees leave by shutting down their accounts.
Make sure you have a plan in place for when employees leave that
covers everything from physical access to your property and hardware like
laptops, phones and access tokens, to email and call forwarding, and logins for
all the company software and services they had access to.
For a Free BeyondTrust Discovery Scan, click here.