A former IT manager in a U.K. school has been handed a prison sentence after his employer proved his guilt in court, despite his best efforts to cover his tracks.
The irony in this case is that the more serious crimes were committed after the IT manager, Donald Bart-Williams, was suspended from his job at St. John’s School in Leatherhead, Surrey. He then used his knowledge to hack the school’s s30 ystem for financial gains, stealing thousands of dollars in the process.
Bart-Williams’ sentencing comes after he was charged on multiple counts of cybercrime offenses. He did not appear in court on the day of his sentencing, prompting police to issue a warrant for his immediate apprehension.
Suspended for Dereliction of Duty
The case against Bart-Williams, age 56, starts with an audit conducted in the school which revealed that software updates to keep the computer systems protected were missing.
This was sufficient for the school to keep the IT manager under suspension when they investigated what went wrong. And that is when Burt-Williams began to show his criminal intentions, if one goes by the case built by the school’s management against him.
Hacks and Monetary Theft
The suspended IT manager found a novel method of stealing funds. Having been in charge of maintaining the IT infrastructure in the school, he knew his way around the facility’s computer systems.
According to a statement from Surrey Police, charge of fraud against him is that he colluded with another individual and posted fake invoices into the school’s system.
He would then remotely pass these for payment and share the funds received. It was later revealed that the person he was allegedly colluding with is Gavin Strutt, an IT consultant.
The police are launching a separate investigation against Strutt for his having raised invoices for non-existent products/services and pocketing illegal payments against them.
Attempts to Cover the Tracks
As mentioned, yet another charge pressed against Bart-Williams is that he made every attempt to erase the evidence within the school which could pin him down.
These included his having the school’s internet disconnected, as well as physically going to the school and causing damage to the fiber optics cables.
There was also the charge that he had the school’s CCTV system switched off. The argument presented by the school’s lawyers was that no one apart from Bart-Williams knew how this was to be done, and thus it became a circumstantial proof of his involvement.
Unluckily for him, the school had sufficient evidence to convince the judge and the jury of Bart-Williams’ guilt. The sentence to prison will run for four and a half years.
The court took the testimony of another IT consultant who helped the school appoint Bart-Williams as the IT manager. He said he was quite impressed with the credentials and knowledge displayed by Bart-Williams.
His testimony also helped explain to the court the actual impact of Williams’ actions on the functioning of the school and how students’ education even suffered due to the breakdown of the IT systems.
Not the First Incident of This Kind
Internal staff committing such fraud on their employer is becoming commonplace. In the U.S., there are many such cases reported, including one making headlines last month involving a former employee of electric car maker Tesla.
It is a difficult choice for the organizations to decide which of their employees should be given free access to all confidential data and which ones denied.
However, most corporate entities are routinely aware of such threats and quickly address them before any damage is caused. These measures can include changing passwords and resetting administrator systems so that former employees cannot access any data upon leaving their staff positions.
But the possibility of hacking into the system can still remain a risk. It cannot be denied that hacking can be done by anyone, and the appropriate security must be provided to the system and the network to prevent losses.
These measures include facilitating timely firmware updates and conducting mock drills to ensure there are no vulnerabilities in the systems. Organizations can possibly make employees handling such sensitive information sign some kind of binding agreement which can deter them from attempting to hack their former employer.