Another Reason for Privileged User Monitoring

No sooner did I write about a CEO gone bad do I read this: Ex-IT Chief Busted for Hacking:

Stevan Hoffacker, formerly director of IT and VP of technology for Source Media, was arrested at his home yesterday on charges of breaking into the email system that he once managed.

According to the FBI and the U.S. Attorney for the Southern District of New York, Hoffacker hacked into his former company's messaging server, eavesdropped on top executives' emails about employees' job status, and then warned the employees that they were about to lose their positions.

I doubt there's any real "hacking" involved here. Hoffacker probably retained access or leveraged knowledge of configuration errors to access these systems.

The FBI did not say exactly how Hoffacker broke into the mail system, but it noted that the former IT exec had access to the passwords for the email accounts of other Source Media employees.

Of course, if Hoffacker was an "ex-IT chief," he wasn't a "true insider." He was an "ex-insider," who should have had all of the (hopefully) nonexistent access granted to an outsider. True, he had knowledge of the systems not possessed by the typical outsider, but just because I created systems for previous employers doesn't mean I can waltz onto their networks now.

Although I am bringing up the "inside threat" again, please don't forget that you probably have external intruders from all over the globe inside your organization now. While privileged user monitoring and insider threat deterrence, detection, and ejection are important, keep in mind the parties who are already abusing your corporate assets.