author photo
By Clare O’Gara
Wed | Apr 29, 2020 | 5:30 AM PDT

If there's one thing we know about criminals, it's that they like to take advantage of a crisis.

And COVID-19 is no exception. Hackers, in particular, are using this pandemic for self-interest while disregarding the sick and dying.

But what happens when the threat comes from the inside? The medical device packaging company that employed Christopher Dobbins might have an idea.

How did an employee become an insider threat?

Personal protective equipment, or PPE, is one of the most important items for medical workers fighting COVID-19. Shipments are vital, and shortages pose a real risk.

Despite this, or perhaps because of it, prosecutors say Dobbins decided to purposely delay and disrupt PPE shipments as revenge for being fired.

The U.S. Department of Justice (DOJ) says Dobbins had admin level access in his company's package shipping system while he was employed.

Here is the timeline of how a fired employee became an insider threat:

  • Early March 2020: the company fires Dobbins
  • March 26, 2020: the company gives Dobbins his final paycheck
  • March 29, 2020: Dobbins hacks into the company's computer network through a fake user account he created before he left the company
  • He gave himself (the fake user) administrator access 

Rogue employee becomes insider threat after getting fired

The DOJ explains what came next:

"Once logged in through the fake user account, Dobbins allegedly created a second fake user account and then used that second account to edit approximately 115,581 records and delete approximately 2,371 records. After taking these actions, the complaint alleges, Dobbins deactivated both fake user accounts and logged out of the system.

The edits and deletions to the company's records disrupted the company's shipping processes, causing delays in the delivery of much-needed PPEs to healthcare providers."

That's the kind of insider threat that can threaten lives.

And it follows a similar script to the one at Columbia Sportswear a few years ago when the company fired its IT Director, Michael Leeper:

"According to a lawsuit Columbia Sportswear filed... Leeper created a network account under a fake name during his final hours of employment. The lawsuit alleges he set up the account under the the fictitious name of 'Jeff Manning' and that he then used the account to hack into the Columbia Sportswear network...."

In this case, the impact of this computer intrusion goes far beyond simple revenge.

U.S. Attorney Byung J. Pak is furious with the crime:

"This defendant allegedly disrupted the delivery of personal protective equipment in the middle of a global pandemic. Scarce medical supplies should go to the healthcare workers and hospitals that need them. The Department of Justice is dedicated to moving quickly on cases like this to bring criminal opportunists to justice and protect the public during these challenging times."

With layoffs and downsizing ahead for many organizations, it is a critical time to watch for insider threats.

Employees who know they are on the way out the door may feel betrayed and use their access to damage your organization or those who depend on what you do.

Related podcast: cyberattack against the WHO during COVID-19

Speaking of cyberattacks with significant consequences, we're still wondering about the motivation of a recent attack against the World Health Organization.

Listen to our podcast interview with the man who uncovered the attack: