Lumping Terry Childs in with Chihlung Yin and Cornish is incorrect and irresponsible. The last two directly and purposefully caused network and service downtime and destroyed servers in the process. The San Francisco network never went down. There was no service loss, and it most certainly did not "come crashing to a halt." Spreading misinformation like this serves no purpose and actually worsens the public's understanding of insider threats. For shame.
Inexplicably, the link in that quote relating to Terry Childs goes to a story on the Anonymous threats to hack BART in retaliation for shutting down its cell repeaters a few weeks ago. It has nothing to do with Childs at all.
There's at least one other bizarre quote in this particular piece, courtesy of Eric Chiu, founder and president of HyTrust:
The breach at Shionogi is a great example of how vulnerable virtualisation infrastructure and the cloud can be. Critical systems like email, order tracking, financial and other services were impacted, having been virtualised without the proper controls in place.
This is nonsense. The sabotage at Shionogi has very little to do with virtualization, other than the fact it may have been slightly easier for Cornish to destroy all those servers. He didn't hack into anything; they never disabled his accounts and those accounts apparently had full administrative rights over the vSphere implementation. What kind of "proper controls" for virtualization would have prevented that?
Further, if Shionogi wasn't virtualized and had 88 physical servers, it's the work of a few minutes for someone with Administrator-level access to write and run a script to cause each of those servers to format their disk and otherwise destroy themselves. It's not quite as simple as clicking on the virtual server and deleting it from disk, but if a bad actor took an hour or so to prepare, logged in remotely, and ran that script, it may actually have been faster than logging into vSphere and destroying the servers in that manner. Virtualization had nearly no role in this fiasco, though the fact that they were virtual servers is likely to have been the reason that the services were reinstated in days, not weeks. Rebuilding and restoring 88 physical servers takes an awful lot longer than restoring virtual servers.
I really don't mean to single out this one article, but it's a good representation of the utter nonsense I've seen floating around the Web about this case. The technical errors in describing the actual events are one thing, but attempting to tie in Childs is simply irresponsible.
The only lesson to be learned by the Shionogi compromise is that you should disable user accounts when an employee leaves. That's it. There's nothing else to learn here.
This story, "Shionogi shenanigans: Tech journalism hits a new low," was originally published at InfoWorld.com. Read more of Paul Venezia's The Deep End blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.