Richard Liriano, a former IT employee of a New York City-area hospital pled guilty of a computer fraud. He used a “keylogger” on dozens of his coworkers’ computers to obtain usernames and passwords of their personal email and other social media accounts. According to the Department of Justice (DOJ), “Using the victims’ stolen credentials, Richard repeatedly compromised their password-protected online accounts, and accessed their sensitive personal photographs, videos, and other private documents.” The keylogger enabled him record computer user’s keystrokes.
Richard was found guilty by the DOJ for misusing his administrative rights from 2013 to 2018 wherein he logged into employee accounts, and copied other employees’ personal documents, including tax records and personal photographs, onto his own workspace computer for his personal use. Over the course of five years, Richard stole about 70 (or more) email and social media account credentials belonging to hospital employees. This internal breach caused the hospital losses amounting to nearly US$350,000.
Richard was arrested on November 14, 2019 and pled guilty on one count of transmitting a program to a protected computer with an intention of causing damage. The maximum sentence for this offence is ten years in prison. After going through other anomalies, U.S. District Judge Lewis A. Kaplan will deliver the sentencing on April 15, 2020.
Insider threats account for most losses that an organization faces rather than an cyber-attack by external factors. Earlier, cybersecurity firm Trend Micro revealed that one of its employees illegally accessed and sold personal information of around 68,000 of its customers. The company stated that customers’ data like names, email addresses, ticket support numbers, and phone numbers were copied from its internal database by the employee and sold off to scammers. However, officials from Trend Micro stated that payment card details or enterprise customer accounts were not accessed.
“Our investigation revealed that this employee sold the stolen information to a currently unknown third-party malicious actor. We took swift action to contain the situation, including immediately disabling the unauthorized account access and terminating the employee in question, and we are continuing to work with law enforcement on an ongoing investigation,” the statement added.