Skip to content ↓ | Skip to navigation ↓

It was just after 6pm on December 23, 2013, and Lennon Ray Brown, a computer engineer at the Citibank Regents Campus in Irving, Texas, was out for revenge.

Earlier in the day, Brown – who was responsible for the bank’s IT systems – had attended a work performance review with his supervisor.

It hadn’t gone well.

Brown was now a ticking time bomb inside the organisation, waiting for his opportunity to strike. And with the insider privileges given to him by the company, he had more of an opportunity to wreak havoc than any external hacker.

Prosecutors described what happened next, just before Brown left the Citibank offices that evening:

“Specifically, at approximately 6:03 p.m. that evening, Brown knowingly transmitted a code and command to 10 core Citibank Global Control Center routers, and by transmitting that code, erased the running configuration files in nine of the routers, resulting in a loss of connectivity to approximately 90 percent of all Citibank networks across North America.”

“At 6:05 p.m. that evening, Brown scanned his employee identification badge to exit the Citibank Regents Campus.”

Seemingly unconcerned about being linked to the attack on Citibanks infrastructure, Brown sent a text message to one of his colleagues:

“They was firing me. I just beat them to it. Nothing personal, the upper management need to see what they guys on the floor is capable of doing when they keep getting mistreated. I took one for the team.”

“Sorry if I made my peers look bad, but sometimes it take something like what I did to wake the upper management up.”

Brown may now be regretting his rash actions, as he has been sentenced to 21 months in a federal prison for transmitting a command that caused damage without authorisation to a protected computer. In addition, he has been ordered to pay $77,200 in restitution.

A moment of madness on Brown’s part caused the disruption of business systems, would have cost the company money to investigate and resume normal operations, and has cast a shadow over the rest of the IT worker’s life. After all, how many firms are likely to trust him with their IT security now?

In short, everyone loses.

Business suitAnd this should be a concern for any business. You spend so much time and effort worrying about online criminals and internet hackers breaking into your business to steal your secrets, have you considered the threat which might actually be on your payroll?

The truth is that the person hacking you may not be someone you’ve never met, wearing a hoody on the other side of the world. They could be sat right next to you, wearing a business suit.

I would wager that the threats posed by malicious insiders, people who you have invited into your company’s offices, who you have shared your network passwords with, who you have granted access to your systems, pose a large potential threat and could put your business at even greater risk.

Even if they’re not IT-specific staff, if you have let them walk into your building they may have opportunities to plant keylogging hardware to grab passwords, open backdoors for other hackers, or spirit away sensitive documents without you realising.

Don’t ignore the risks posed by the insider threat. If you turn a blind eye to them and solely focus on threats coming from outside your network then you are making a big mistake.

Take precautions, restrict privileges, monitor unusual activity, and put policies in place in both IT and human resources.

It is never going to be possible to stop every insider threat. But what you can do is attempt to limit their impact, and reduce the opportunities for a rogue member of your staff to go off the deep end.

Be sure to read our thoughts on what causes an employee to turn rogue, and advice on how to identify and prevent insider threats.


Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

Title image courtesy of Google Earth





10 Ways Tripwire Outperforms Other Cybersecurity Solutions
  • Andron Mc

    I his lawyer a retard? What prison, what 77k? Bullshit!
    The defense is “OOPS! I made an error! It happens in IT!”

    • That_Guy_in_Texas

      I worked with the guy. There were “flags” you could say. He even sent texts boasting about doing it, leaving no way to deny it was intentional. Utterly stupid guy.

      Any the systems he took out were more critical than the article conveys. We’re talking about processing transactions worth millions of $….PER MINUTE. And it was done during business hours when the markets were open. So he’s lucky he only got what he did.

      His future is shot, too. He went from high level career in IT to a career in manual labor.

      He’ll be kicking himself for the rest of his life.

      • random

        sure you did buddy

        • That_Guy_in_Texas

          Really? You think none of the people that worked in the same office are reading the articles to see what the news sites are saying about the company they work at and the guy they worked with? Really?

          Honestly man, that comment was kind of dumb.

      • Granite Burner

        was the bad performance review appropriate? or was he being screwed over by a PHB?

        • That_Guy_in_Texas

          Reviews are confidential, so I don’t know if the content (1-5 rating) of the review was proportional. But if you categorize only as “good” and “bad,” then yes.

      • pyrodice

        Honestly, if he was smart and shorted the company stock before it happened, he’d have come out ahead… but would have faced insider trading charges too. :P

      • Chris P

        And the bank didn’t think to implement password management / password cycling / 2FA or 3FA with verification from senior management if someone needed to check out a password to these systems that were so business critical? If so, shame on them. Yes, what this guy did was childish and unprofessional and he paid the price for his behaviour. But if the bank doesn’t take the security of its own systems seriously it should be apologizing to customers and shareholders. This guy should never have been able to go rogue like this and there are good, existing solutions that can prevent this.

        • That_Guy_in_Texas

          I agree with you. And I probably shouldn’t say anything else about that…in the spirit of the “if you can’t say anything nice” philosophy.

          But trust me. Auditors are going to stay quite busy for a while.

      • the_other_it_guy

        no comments

    • fumblepigskin

      That defense was probably thrown out the window when he sent the text messages that are quoted in the article in which he admits he did it on purpose and with malice.

      “They was firing me. I just beat them to it. Nothing personal, the upper management need to see what they guys on the floor is capable of doing when they keep getting mistreated. I took one for the team.”

      “Sorry if I made my peers look bad, but sometimes it take something like what I did to wake the upper management up.”

  • Jay

    Sad that it has to come to this. Management should have have seen red flags. Seems like a bad situation all around. There are better ways to handle flare ups like these. Usually if someone is going to get fired you put measures in place, reduce the likely hood of someone flipping out.

  • Rob Galt

    Hmm, the engineer couldn’t even speak proper English. I’m not surprised that he received a poor performance review.

    • Neither could George W. Bush! …& he got elected – Twice. What does that say about the USlessA Voters?

      • looms ominously

        yes, yale and harvard alumni george w bush was an illiterate dunce

        • jeffn84

          He’s been misunderestimated by the public. It’s not his fault.

        • Dawg

          You can take an idiot, buy him books, and send him to school. All you get back is an educated idiot.

          • looms ominously

            why do we bother with public education then

      • Rob

        You still mad LOL

        • Dawg

          We ALL should still be mad. Bush was one of the biggest blunderers in our history.

          • tim46278

            WOW! That’s rich. Idiotic, but rich.

          • dakotain

            Until obama. How’s that hope and change working out for ya?

      • Are you an idiot

        Are you an idiot? Jesus christ that has nothing to do with Rob’s comment.

      • Way to slantwise SEO a trackback. We get it… You voted Hillary…

    • Granite Burner

      he was able to tell routers what to do pretty effectively. that was his job, not elocution.

      • Ace

        If you can’t speak your mother tongue it’s a clue that there’s an intellectual deficit in there somewhere.

        • Al Geria

          Nowhere was it implied that it was his mother tongue, but go ahead and keep making stupid comments, sweetie.

        • No, you are wrong. Speech deficiency often is sign of special skills or even gifts which are very priced in IT, where person is two-three orders of magnitude more efficient and creative than average lip servant with their Oxford English. Yes, you can speak perfect English but most probably you are illiterate in technical sense, or just yet another “average IT worker”.

    • Wacky Tobaccy

      You’ve obviously never worked in IT. Some of the best engineers write like that.

  • abhimanyu

    way to go bouy, i will vouch for you, certainly.

  • Ragel Gumm

    sounds like his management doesn’t have a clue about what the network group does. a bad review for a core network infrastructure person ? these guys & girls are usually the best group of network people in the company. They usually function as the tactical architects. I was a senior unix system admin & system architect for several companies. the only time I saw core network people leave was they were offered better jobs & more money.

    • Granite Burner

      yep. makes me wonder if the real insider threat was the PHB that locked horns with a member of his network engineering/ops staff.

  • Stephen Lyons

    Sometimes networks can get taken down by someone interpreting work orders slightly differently. We had a case where a maintenance company tasked one worker to replace all the routers in one of our datacentres. Instead of removing one and replacing it, then moving on to the next, he removed ALL the routers, went to lunch, inserted replacement routers on return from lunch!

    • Tueksta

      another job well done! :D

  • This is the kinda shit that wakes me up in cold sweats at night :/ what this article doesn’t tell you is the ripple of mistrust it caused in the industry….

    • West Coast

      The mistrust is of the banks not guys like this.

    • That_Guy_in_Texas

      You are EXACTLY right. And the company agrees.

    • Cat Marcuri

      Screw the “industry”. Its main goal is to screw as many customers as possible without losing too many of them, so who cares? It’s an industry that shouldn’t exist anyhow.

    • So I hear you’re a software engineer? Us on the ops side usually give a flying fbomb about the long term reliability and security of an infrastructure :/

  • Kevin

    “took one for the team.” lol

  • John Lewis

    You forgot to mention “beautiful spies” – most security engineers are male so they are easy targets

  • Hard Little Machine

    Most American companies treat their workforce like shit just to fuck with them and they really don’t care about the ramifications.

    • Ace

      A mindless comment.

    • wylekat

      Yes, they do. Dealing with corporate dickery now.

    • Half

      Usually they just replace them with cheap labor from India via an H1B

  • ArtStoneUS

    No photographs of him?

  • Cat Marcuri

    Alternately, you could try to treat your employees as though they are actual people instead of numbers in your machines. Has anyone checked on Citibank’s employee treatment record? There MIGHT be a small problem with the employer, not the employees.

  • tufayyur

    I read this article with humor, Thank God for this employee. I would like to support him because what he did to citibank was well deserved, the crooks deserve to go out of business

    • David Paul

      What did Citibank do that they deserve to go OOB, give him a bad performance review? He was apparently an unhinged, bitter, vindictive person. Maybe the review had merit and he reacted with shame and anger, instead of humility and resolve.

  • Joseph George

    Truly a working class hero.

  • Kevin


  • Brook River

    Not really mindless, ask the IT guys at @Disney who were tasked with training their Indian H-1B replacements and were then fired. IT organizations have to choose: cheap Indian workers or loyal American workers. Send the H-1B visas home. Now.

    • David Paul

      Both major political parties have sold us up the Ganges on H1B. The American IT worker will be a dinosaur in 10 years.

  • Tueksta

    Whoever has been his supervisor – I hope he realizes how he also completely fucked up and caused all of this. He should pay half of the damages after all. This is not how to do a performance review.

    • Dan Fundarz

      So he should just be given a good review? lol, thats not real life, but him sitting in prison will be real life.

      • Tueksta

        No, they should’ve stopped the review-scheme and address the real issue at hand, because the reviews apparently weren’t working at all.

  • David Boggs

    Duh…they have tacacs…prevent the wr erase command

  • Dan Fundarz

    He will have alot of time to think about it in prison. Good quality thinking time.

    Not to mention his IT career has officially ended, he will never get another job in this field.

  • bryan furlong

    So an I.T cracks, thank god the disgruntled ex employee only scrubbed software/hardware..for a corporate wake up call whoo-peee. it was much better than him plowing through the lobby with an SKS -a few handguns, and or worse..The underlying problem is unstable employees that pose risks beyond IT-sabotage.. there needs to be mental health backgrounds done on prospective employees.if possible. Citi-corp got off easy,along with fellow employees,who walked away alive- when they parted ways with this Former Employee.. From A personal standpoint, there have been untold death threats and acts at offices, where i am employed as well as a few lockdowns,.caused by someone who was fired, or suspected they would be terminated ,- meanwhile, we, the loyal remaining few wish eternally hope if drama happens, let the event be that easy as the employee trashing the office computers or something like that…hell shut the power off, but please dont mow us ALL down with revenge.. let us leave the office and walk away alive…grant us that one little request…three steps toward the door…. whew…

  • bryan furlong

    I would recommend that every new hire, if EMPLOYMENT LAWS MAKE IT legal in many states sign a legally binding clause stating that they will be held responsible for any and all damage to intellectual property, real and tangible property, and/or future damages resulting from such malicious acts. and the prospective employee -can opt NOT TO SIGN ON AND -TO WORK THERE if they do not agree with terms and conditions, plus retro-active for-current employees…thus preventing half of these rogue employees, who incidentally, probably dont have profit sharing agreements, and /or other incentives to keep everyone satisfied, and on board with the Scope AND focus of the companies missions and goals.IT is An employers market, and they will win..hell or high employees come tenfold as hopefuls, and nobody is that secure in their position.. no job job is safe.from severance….AND YEP I GET A LITTLE SLICE OF THE CASH PIE..SO im QUITE satisfied…(crumbs maybe) ..

  • xman_11530

    Employees – even senior management- may also be careless with confidential organizational information and IT safeguards.

  • anonymous

    good analysis

<!-- -->