Former IT worker accused of hacking Gucci networks

A former IT engineer at Gucci has been accused of causing more than $200,000 worth of damage after an attack on the company's IT infrastructure.

Sam Chihlung Yin is facing multiple felony charges, including identity theft, computer trespass and falsifying business records. The charges carry penalties of up to 15 years in prison.

Prosecutors allege that, following his termination from the company as a network engineer, Yin launched an elaborate social engineering scheme to access Gucci's corporate network.

The 34 year-old man is said to have created a fake employee account and convinced administrators at the company to grant the account access to Gucci's virtual private network (VPN) using a reconfigured USB token.

Once inside the VPN, Yin allegedly shut down access to the company's email networks and document archives, while deleting other corporate data.

Gucci estimates that the outage, which lasted nearly 24 hours, resulted in a loss of roughly $200,000, after factoring in lost productivity and restoration costs.

IT administrators have long known about the dangers associated with terminated and disgruntled employees. Former workers have been highlighted as one of the top causes of corporate data breaches.

In 2008, a rogue administrator took down a FiberWAN network used by the city government of San Francisco. The attack cut off nearly two thirds of the city's network traffic capacity.

"People do, of course, leave jobs all the time and most of them would never dream of logging back in to their old place of work to cause mischief," wrote Sophos senior technology consultant Graham Cluley in a blog post.

"But it only takes one disaffected former worker to wreak havoc, so make sure your defences are in place, and that only authorised users can access your sensitive systems."