The district attorney’s office said Gabriel Murillo and Kartik Patel pleaded guilty on Wednesday, November 5, 2008. Prosecutors said the pair of engineers illegally accessed the city’s traffic computer in August 2006 and disabled signals at four key intersections. It took four days to restore operations. The hacking took place hours before a job action by a union representing city engineers.

Under a plea deal, Murillo and Patel must pay restitution and serve 120 days in jail or perform 240 hours of community service.

This is another example of why you need to have an excellent security policy. It is reported that the engineers have not yet been fired nor is it known if they will be fired. This serves as another warning about what security measures a company should take during times of labor disputes and striking employees. Striking employees should have their access to company computers restricted or limited to accounts with less permission than root or system administrator privileges. Companies and municipalities should have rules and policies to deal with strikes, labor disputes, and other ways of reducing their exposures to malicious attacks. 

The city was fortunate that this time it was just engineers and only four intersections that were disrupted. Interestingly, although this happened in 2006 there have actually been a couple of movies come out since then with similar plot lines such as 2007’s “Live Free or Die Hard” movie with Bruce Willis:  a plot about cyber-terrorists and an attempt to shut down the US infrastructure.

The chances of an internal attack or internal hack are a lot higher and more likely than an attack from outside the firewall. And with internal knowledge of existing security policies the consequences of malicious attacks can be a lot worse.

But sometimes their intent is malicious.