Zombie Accounts Come To Life
Posted by Bob Craig - Dir Prod Marketing on Mon, May 18, 2009
According to articles in the Mercury News and SC magazine, ex-employee Abdirahman Ismail Abdi used a zombie account to log on to a computer system at the California Water Service Company (CWSC) in San Jose the evening of April 27 after hours and successfully transferred $9 million to offshore bank accounts in Qatar.
Here is what we know, so far:
- Abdi is not a U.S. citizen and was ordered deported to Somalia in 2005.
- He was an internal auditor with the California Water Service Company and resigned earlier the same day.
- He was able to enter the building after hours, where the only person who spotted him was a janitor.
- He was able to physically access and log onto a sensitive financial system.
- His credentials enabled him to transfer $9 million out of the country without raising any alarms.
The money was retrieved and he is being sought by the FBI, which has charged him with unlawful flight from prosecution. This incident raises a number of troubling questions for the folks at the CWSC:
- Why was an illegal alien given privileged access to sensitive financial data?
- Why wasn't his computer account immediately disabled or revoked when he resigned?
- How was he able to gain access to the building after hours? Did he still have a key or passcard that provided him entry?
- Logging onto a sensitive system and initiating a multi-million dollar wire transfer after hours is suspicious. Why didn't the system detect and block this type of suspicious activity?
- How is it that a single individual can transfer millions of dollars electronically without requiring additional authorization?
Without further revelations, it's unlikely we'll learn the answers to all these questions, but you should probably be asking, "Could the same thing happen to my company?"