Insider Signal Plus - 2021.10

Fired IT admin revenge hacking... again, Netflix payments leaked amid transgender activism, alleged China spy on trial for espionage, police official and son embezzlement, and more!

School IT Technician Wipes Data in Retaliatory Attack

IT technician Adam Georgeson, 29, wiped the data off systems at a secondary school in the U.K. and changed staff passwords in retaliation for being fired from the school. His tampering made the systems of Welland Park Academy, in Market Harborough, Leicestershire, inaccessible, affecting remote learning during the Covid-19 pandemic. After his termination, Georgeson went to work for an IT company in Rutland, but was fired once more, then again changed staff passwords in the aftermath.

Basic Analysis

  • Georgeson attributed his actions to boredom anger at his former employers.

  • In both cases, the employers disregarded a cornerstone rule: immediately eliminate systems access for terminated staff.

  • If it may have been excusable for a school to forget to terminate an ex-employee's access, that is certainly not the case for an IT firm, which should be practicing sound cyber hygiene.

Deeper Analysis

  • In addition to changing passwords to lock users out, Georgeson modified the phone system used by the IT firm to contact customers.

  • When Georgeson realized his activity could be traced and he could get caught, he stepped up activity to hide his tracks--including destroying additional data.

  • In such situations, organizations should disable every personal account used by the IT tech, including mobile connections and remote access.

  • They should also return any physical cards and fobs, and shared passwords (e.g., for vendor sites) should be changed.

  • Admin accounts should have their passwords changed but admin accounts should not be deleted.

  • The IT firm appears not to have inquired about Georgeson's previous employment, which would have revealed the risk he posed prior to his employment.

Sources & Additional Information

Fired transgender Netflix Staffer denies leaking Dave Chappelle's Salary

In a case involving comedian Dave Chappelle's penchant for making jokes about transgender people and a complaint by a trans Netflix program manager who was upset that the company would be airing Chappelle's latest special, the program manager has been fired and accused of leaking that Chappelle was paid $24.1 million by Netflix for the special. The program manager, B. Pagels-Minor, admitted they were pushing for change in the transphobic culture of the company but denied being the source leaking payment information for Chappelle's special, "The Closer."

Basic Analysis

  • The case is at the intersection of civil rights, free expression, and the protection of confidential information--a volatile mix.

  • Pagels-Minor had pushed for more trans content on Netflix.

  • "The Closer" was released without leadership consulting the Trans Employee Resource Group (ERG) at the streaming platform, violating normal practice and angering staff members.

  • Pagels-Minor had organized an employee walkout at the company's Sunset Boulevard building following an LGBTQ backlash against Chappelle, and by 7pm, he had been fired.

  • In a statement, Netfllix said the termination occurred to protect corporate culture, writing, “We understand this employee may have been motivated by disappointment and hurt with Netflix, but maintaining a culture of trust and transparency is core to our company.”

This post is for paid subscribers