The ex-IT manager of a New Jersey school took revenge on his former employer for his dismissal by disabling a number of the educational institution's IT systems - to do this, he used the powers that were still not revoked at the time of termination of the employment contract. The “saboteur” admitted his guilt in court. He faces up to 10 years in prison and a huge fine.
Cyber attack on school
A former information technology manager at an Essex County public high school in New Jersey, USA, organized a powerful cyberattack on his former employer's IT and telecommunications infrastructure, writes Bleeping Computer.
According to the US Department of Justice, the actions of 30-year-old Conor LaHiff were motivated by a desire to take revenge for what the IT specialist believed was an unjustified termination of his employment in June 2023.
Direct actual damage to the public school as a result of Lahiff's attack was at least $5,000, according to the department.
The atrocities of a former IT manager
According to the case materials, Conor Lahiff caused serious damage to the digital infrastructure of the educational institution where he worked until recently.
Thus, he is charged with deleting 1.2 thousand Apple ID accounts linked to the school’s Apple School Manager account, as well as attempting to change the principles of organizing credentials in the system.
According to information published on the company's support portal, Apple School Manager is a service that allows an educational organization to purchase content, set up automatic device enrollment in a mobile device management (MDM) solution, and centrally create accounts for students and employees. The Apple School Manager Internet portal is intended for technology managers, IT administrators, employees and instructors, according to the section dedicated to the description of the service.
Lahiff also allegedly deactivated over 1.4 thousand other Apple accounts that were not linked to an account in the Apple School Manager service, and blocked administrator accounts in a number of services used by the school, including those that provide protection against cybersecurity threats to its infrastructure.
Finally, the attacker disabled the systems that provided telephone communications within the organization, making it unavailable to staff for 24 hours.
What punishment does Lahiff face?
In mid-December 2023, the man pleaded guilty to one count of violating the US Computer Fraud and Abuse Act (CFAA).
Now he faces up to 10 years in prison and a fine of up to $250 thousand - the verdict will be pronounced on March 20, 2024. However, it is unlikely that the court will send Lahiff to prison for the maximum possible term provided by US law. Most likely, the punishment will be set at the lower limit, as has happened more than once when sentencing for more serious offenses, or will not be associated with actual imprisonment at all.
Notably, in a major blow to the digital infrastructure of New Jersey's Essex County High School, Lahiff quickly applied for a similar position at another school in the region, apparently intent on avoiding accountability for his misdeeds. This fact of the defendant’s biography has not escaped the attention of the court in Boston, where the current trial is taking place. According to the court's order, Lahiff will have to notify his potential employer of his criminal record and the fact that he pleaded guilty to violating the CFAA.
A story that repeats itself over and over again
The Lahiffe case is another striking example of how a revenge-driven former IT specialist with broad powers within an organization, even after being fired, retains the real ability to cause significant damage to its critical systems.
Elementary coordination of the actions of representatives of the organization’s HR service and its IT department could protect the school from serious financial losses, the staff from unnecessary headaches, and the obstinate ex-employee from criminal prosecution, at least for some time. It was only enough to promptly revoke the former employee’s access rights to the organization’s computer systems.
In mid-December 2023, CNews wrote about the case of Miklos Daniel Brody from San Francisco, a former cloud services engineer at First Republic Bank, and currently an inmate of one of the US correctional institutions.
Brody destroyed the bank's software development infrastructure by using a working MacBook that was not deprived of privileged access to the corporate network in time. As in the case of Lahiff, the reason for the attack on his former employer was revenge for his dismissal - the man, in violation of security protocols, connected various flash drives containing information of dubious origin, including pornographic nature, to his work laptop.
In March 2021, CNews reported that a former employee of the IT consulting company Deepanshu Kher decided to take revenge for his dismissal by deleting 1.2 thousand employee accounts out of 1.5 thousand in one of the client companies located in Carlsbad (California, USA) in the Microsoft 365 service. Kher’s sabotage stopped the company’s work for more than two days.
In April 2017, a criminal case was opened in the United States against Nimesh Patel, who worked as a system administrator at Allegro MicroSystems for 14 years. He had to leave the company, and he decided to take revenge on his former employer by infecting his accounting database on the Oracle DBMS with a virus.
Cyber attack on school
A former information technology manager at an Essex County public high school in New Jersey, USA, organized a powerful cyberattack on his former employer's IT and telecommunications infrastructure, writes Bleeping Computer.
According to the US Department of Justice, the actions of 30-year-old Conor LaHiff were motivated by a desire to take revenge for what the IT specialist believed was an unjustified termination of his employment in June 2023.
Direct actual damage to the public school as a result of Lahiff's attack was at least $5,000, according to the department.
The atrocities of a former IT manager
According to the case materials, Conor Lahiff caused serious damage to the digital infrastructure of the educational institution where he worked until recently.
Thus, he is charged with deleting 1.2 thousand Apple ID accounts linked to the school’s Apple School Manager account, as well as attempting to change the principles of organizing credentials in the system.
According to information published on the company's support portal, Apple School Manager is a service that allows an educational organization to purchase content, set up automatic device enrollment in a mobile device management (MDM) solution, and centrally create accounts for students and employees. The Apple School Manager Internet portal is intended for technology managers, IT administrators, employees and instructors, according to the section dedicated to the description of the service.
Lahiff also allegedly deactivated over 1.4 thousand other Apple accounts that were not linked to an account in the Apple School Manager service, and blocked administrator accounts in a number of services used by the school, including those that provide protection against cybersecurity threats to its infrastructure.
Finally, the attacker disabled the systems that provided telephone communications within the organization, making it unavailable to staff for 24 hours.
What punishment does Lahiff face?
In mid-December 2023, the man pleaded guilty to one count of violating the US Computer Fraud and Abuse Act (CFAA).
Now he faces up to 10 years in prison and a fine of up to $250 thousand - the verdict will be pronounced on March 20, 2024. However, it is unlikely that the court will send Lahiff to prison for the maximum possible term provided by US law. Most likely, the punishment will be set at the lower limit, as has happened more than once when sentencing for more serious offenses, or will not be associated with actual imprisonment at all.
Notably, in a major blow to the digital infrastructure of New Jersey's Essex County High School, Lahiff quickly applied for a similar position at another school in the region, apparently intent on avoiding accountability for his misdeeds. This fact of the defendant’s biography has not escaped the attention of the court in Boston, where the current trial is taking place. According to the court's order, Lahiff will have to notify his potential employer of his criminal record and the fact that he pleaded guilty to violating the CFAA.
A story that repeats itself over and over again
The Lahiffe case is another striking example of how a revenge-driven former IT specialist with broad powers within an organization, even after being fired, retains the real ability to cause significant damage to its critical systems.
Elementary coordination of the actions of representatives of the organization’s HR service and its IT department could protect the school from serious financial losses, the staff from unnecessary headaches, and the obstinate ex-employee from criminal prosecution, at least for some time. It was only enough to promptly revoke the former employee’s access rights to the organization’s computer systems.
In mid-December 2023, CNews wrote about the case of Miklos Daniel Brody from San Francisco, a former cloud services engineer at First Republic Bank, and currently an inmate of one of the US correctional institutions.
Brody destroyed the bank's software development infrastructure by using a working MacBook that was not deprived of privileged access to the corporate network in time. As in the case of Lahiff, the reason for the attack on his former employer was revenge for his dismissal - the man, in violation of security protocols, connected various flash drives containing information of dubious origin, including pornographic nature, to his work laptop.
In March 2021, CNews reported that a former employee of the IT consulting company Deepanshu Kher decided to take revenge for his dismissal by deleting 1.2 thousand employee accounts out of 1.5 thousand in one of the client companies located in Carlsbad (California, USA) in the Microsoft 365 service. Kher’s sabotage stopped the company’s work for more than two days.
In April 2017, a criminal case was opened in the United States against Nimesh Patel, who worked as a system administrator at Allegro MicroSystems for 14 years. He had to leave the company, and he decided to take revenge on his former employer by infecting his accounting database on the Oracle DBMS with a virus.
