Non-public database abuse
There is an interesting story at the SecurityFix on an individual who has been sentenced for using access to non-public LexisNexis searching to do background checks on, among other’s police who she though was investigating her for prostitution.
From the article…
Many people might assume that only cops can look up this type of information, but Smith was granted access to the database by virtue of her job as a bill collector for the Center for Medicaid Services, an agency of the Department of Health and Human Services.
She was making about $3,000 a night in her sideline… and tried to stay one step ahead of those that might investigate her by using her access to the LexisNexis search capabilities. Again from the article…
According to court documents, Smith spotted a post to the Yahoo! group “kchourlyfriends” about Kansas City police Sgt. Brad Dumit, and decided to run a background check on him in hopes of figuring out what types of undercover names Dumit might have used. She also looked up information on another prostitute she believed was cooperating with law enforcement, according to the documents.
I wonder how many others that have access to these kinds of searches use them for things outside of their legitimate work? A little information can be a powerful thing.
The press release on the charges puts it this way… “Federal Employee Sentenced for Computer Hacking to Promote Prostitution”. I don’t know if I’d go as far as to call it “computer hacking” if she had access to the database for legitimite work and misused that access for personal benefit.