A disgruntled employee, angry at missing out on a pay rise, conducted a three-year campaign of sabotage against his company's computers by spraying the cleaning product Cillit Bang into the grills of the servers.
Credit controller Edward Sobolewski was yesterday sentenced to eight months in jail and ordered to pay £10,000 costs for his "malicious" attacks. His employer, market research company Frost & Sullivan, eventually installed motion-sensitive CCTV cameras in a bid to find out the cause of the regularly occurring damage.
Further reading
In defence of security software - an interview with Trend Micro's Rik Ferguson Java is a mess, says security expert Government cyber security staff "should be paid as much as private sector"
When confronted, Sobolewski initially denied responsibility, claiming that he was only "cleaning" the servers, but admitted his guilt when confronted with the CCTV evidence.
"For over three years, you maliciously poured cleaning fluid into servers intending to disrupt the business where you worked," said Judge Patrick Eccles. "The damage itself amounts to the order of £32,000."
He added: "A lot of time was lost by your actions. Extra work had to be done by your colleagues to put this right - people had to come in at weekends, people had to investigate the cause of the damage. These were malicious actions, regularly carried out by you against your employer over perceived slights.
"Whilst you are remorseful - and I'm sure you are - it's only because these matters were eventually found out. Had you not been discovered, it is likely you would have continued doing it."
Sobolewski claimed that he was suffering from depression, especially following his break-up with his girlfriend - two years after he started the sabotage, but which his defence claimed was the "immediate catalyst". He was also, he added, "struggling with his workload".
The case, though, also provides a reminder of the importance of physical security over IT assets, not just cyber security. Security professionals recommend locking server rooms and restricting their access only to those people that need access - not letting anyone walk in on a room with equipment worth tens of thousands of pounds.
