Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

88% of IT Admins Would Steal Passwords If Laid Off

ScuttleMonkey posted more than 5 years ago | from the you-know-they-have-conjugal-visits-there dept.

448

narramissic writes "According to identity management firm Cyber-Ark's annual 'Trust, Security & Passwords' survey, a whopping 88% of IT administrators would steal CEO passwords, customer database, research and development plans, financial reports, M&A plans and the company's list of privileged passwords if they were suddenly laid off. The survey also found that one third of IT staff admitted to snooping around the network, looking at highly confidential information, such as salary details and people's personal emails."

cancel ×

448 comments

Not a surprise. (1)

Yeorwned (1233604) | more than 5 years ago | (#24799451)

Big brother is always watching...

Reminds me of the old joke... (5, Funny)

Anonymous Coward | more than 5 years ago | (#24799455)

99% of men masturbate. The other 1% are lying.

Re:Reminds me of the old joke... (0)

Anonymous Coward | more than 5 years ago | (#24799495)

Yeah, like that bash quote. Women wants a man who doesn't masturbate, "GOOD LUCK BITCH".

Not reasonable (5, Interesting)

linear a (584575) | more than 5 years ago | (#24799459)

Sounds like an unreasonable estimate to me. If people were that vindicative and dishonest then IT (and similar) systems wouldn't ever keep working.

Re:Not reasonable (2, Funny)

Anonymous Coward | more than 5 years ago | (#24799525)

we store all our important details in a seperate UNIX user account, whose password we don't divulge to sys-admins, so good luck stealing our documents...

Re:Not reasonable (2, Interesting)

Anonymous Coward | more than 5 years ago | (#24799685)

in most cases IT has root- and/or physical access to the servers which means your password is merely gonna hold any determined sysadmin back for a few minutes.

Unless you're using additional measures (certain methods of encryption for example) the "security measures" you desribe arent worth a thing

Re:Not reasonable (0)

Anonymous Coward | more than 5 years ago | (#24799747)

the files are additionally stored in an encrypted winzip file (with maximum "military-level" compression), so i think they're pretty safe

Re:Not reasonable (1)

mweather (1089505) | more than 5 years ago | (#24799905)

So the sysasmins don't have access to the computer where the key is stored?

Re:Not reasonable (5, Informative)

Lobster Quadrille (965591) | more than 5 years ago | (#24800043)

It's off topic, but please tell me more about your IT infrastructure. I promise to to do anything bad with it.

I am constantly amazed at how willing people are to tell you how to attack their own systems, particularly on Slashdot, where simply implying somebody is doing poorly will practically get you full description, network maps, and vulnerability reports.

Similarly, I was talking to a friend in the Army the other day about IT security, and he told me that he didn't think I could attack his unit's systems, then went into a long discussion about what protections are in place. Out of curiosity, I decided to find out what I could learn. He only clammed up when I started probing for specifics about password policies on a particular device.

People: please don't tell anybody about your IT configuration. At least not on a public forum like /. Admittedly, a lot of it is easy to find out other ways, but that's no reason to give that information out.

Re:Not reasonable (-1, Troll)

Anonymous Coward | more than 5 years ago | (#24800135)

Cue the "Security through Obscurity" parrots.

Re:Not reasonable (4, Funny)

diskis (221264) | more than 5 years ago | (#24799959)

I store my passwords on yellow post-it notes next to the computer. Never seen a sysadmin getting out of the basement, so I assume my passwords are safe.

Re:Not reasonable (4, Insightful)

MagusSlurpy (592575) | more than 5 years ago | (#24799569)

Sounds like an unreasonable estimate to me.

I would be much more interested in the percentage that has already stored such information just in case such an eventuality occurred.

Re:Not reasonable (1)

MiniMike (234881) | more than 5 years ago | (#24799935)

Why bother storing it yourself? When the time comes, just download it from someone who has already stored it...

Re:Not reasonable (2, Insightful)

lena_10326 (1100441) | more than 5 years ago | (#24799665)

I think the reasons systems continue to work after a lay off (or firing) is that the last person laid off (or fired) would be the first suspect for criminal sabotage. IT people are usually of higher than average IQ... and it doesn't take a trained monkey to figure out you'd be the first to receive a knock at the door by a detective should entire databases or source code trees mysteriously disappear.

Re:Not reasonable (1)

Amouth (879122) | more than 5 years ago | (#24800063)

welcome to the world of digital.. just copy it.. then they don't "mysteriously disappear"

- not that i would do that - just want to to state the obvious

Re:Not reasonable (5, Insightful)

MightyMartian (840721) | more than 5 years ago | (#24799911)

A company hawking privacy management claims your IT department is filled with thieves and extortionists. Shocking, I tell you, shocking!!!!

Re:Not reasonable (2, Insightful)

D'Sphitz (699604) | more than 5 years ago | (#24800095)

I agree, this doesn't seem right. Regardless of any moral or legal implications, I would just simply have no desire to steal business data or passwords or open backdoors for myself. I can't imagine that i'm in the minority, what use would it be?

I can't believe 88% of those surveys would steal data simply because they were layed off, presumably to turn to a life of crime that would likely pay less than just getting another IT job. We're not talking about janitors stealing trash liners here, IT Admins make a nice chunk of change and what we're talking about here could send them to prison, it just doesn't add up.

BOFH (5, Funny)

Archangel Michael (180766) | more than 5 years ago | (#24800133)

You've never seen my personal IT Bible, the Archives of the BOFH.

He exemplifies keeping a system running smooth THROUGH vindictive and dishonest means.

He's my Hero.

a survey (4, Insightful)

Joe the Lesser (533425) | more than 5 years ago | (#24799461)

Yea, and I'm training to be a cage fighter.

More like 88% of IT Admins like to say they would steal CEO passwords if laid off, but something tells me when the time came to break the law they would let the opportunity slide.

Re:a survey (2, Funny)

Anonymous Coward | more than 5 years ago | (#24799539)

I could program a virus that would rip that place off bigtime......bigtime

Re:a survey (2, Funny)

Anonymous Coward | more than 5 years ago | (#24799669)

I could program a virus that would rip that place off bigtime......bigtime

I believe you have my stapler.

Re:a survey (1)

apathy maybe (922212) | more than 5 years ago | (#24799549)

Yeah, I would probably keep a record of confidential information too. But I probably wouldn't do anything about it, just keep it safe.

Keeping a copy of the password and using it to do something that is obviously breaking the law, are two different things.

Re:a survey (5, Insightful)

BobMcD (601576) | more than 5 years ago | (#24799583)

...but something tells me when the time came to break the law they would let the opportunity slide.

And they'd be wise to do so. Anyone who thinks that stealing such things once laid off is a bright idea just does not have a criminal mind.

Think it through, fellas - what, exactly, do you plan to DO with this data?

Do you intend on working in your field, ever again?

How do you feel about seeing the inside of a federal prison??

Seriously, lay off the power trip. It's just a fucking job. Don't screw up your ENTIRE life just because you have the password...

Re:a survey (1)

Deaddy (1090107) | more than 5 years ago | (#24799943)

I guess it's such a high percentage because sysadmins know the urge to snoop, even just out of curiosity. Nethertheless I guess you're right, maybe not with 88%, but a big share would not steal data.

Re:a survey (4, Insightful)

ivanmarsh (634711) | more than 5 years ago | (#24799953)

Uh... as the admin what need do I have for the CEO's password? I have more access to the network than he does.

I'd have to agree this whole article sounds like BS to me.

why? (0)

Anonymous Coward | more than 5 years ago | (#24799463)

people need more integrity.

you know what they say... (0)

Anonymous Coward | more than 5 years ago | (#24799465)

...with great power comes great responsibility.

In other news... (4, Funny)

steveo777 (183629) | more than 5 years ago | (#24799467)

12% of all admins were laid off today in order to clear up resources for paying ransom on old passwords...

New Poll (4, Funny)

Mishra100 (841814) | more than 5 years ago | (#24799469)

88% of IT Admins Would Steal Anything to get Laid

The solution: (1)

Alexpkeaton1010 (1101915) | more than 5 years ago | (#24799471)

Don't lay off the IT guys.

Re:The solution: (1, Funny)

Anonymous Coward | more than 5 years ago | (#24799625)

... yea just shoot them instead :P

Re:The solution: (0)

Anonymous Coward | more than 5 years ago | (#24799821)

Yup:
Sounds like job security to me.
Ever heard of the BOFH? He has taught EVERY Admin across the globe the right skillz to not get laid off.
the HR dude is gonna tell on you, lock him in the server room and hit the Ansul button. Boss gonna can you, threaten you'll "Anonymously email his wife all of those 'dirty emails' he's been sending his secretary".

Most people dont get it. Just because they have pocket protectors, and allergies, doesn't mean they don't have it figured out. Christ, they know 10 different computer languages, all the ISO standards related to computers since 1983, and all of the ISBN numbers of the O'rielly computers books! And Yes, all the filthy, sinful emails that YOU send to Ironogirl3214, and there only a bash script away from making your life a living hell!

And Cyber Ark are selling? (5, Insightful)

Colin Smith (2679) | more than 5 years ago | (#24799475)

Let me guess...

 

Re:And Cyber Ark are selling? (2, Insightful)

dropadrop (1057046) | more than 5 years ago | (#24799543)

My thoughts exactly...

Re:And Cyber Ark are selling? (0)

Anonymous Coward | more than 5 years ago | (#24799641)

This is obviously marketing at work. In general front line IT staff are treated like total crap by management from the top down. There are probably some that would consider retaliating after being used, abused, then kicked to the curb once management has found a less expensive short term alternative.

Sometimes I think we really need a medieval style guild (NOT a union) that punishes companies that habitually abuse IT workers. But alas, greed and the lowest common denominator make that basically impossible.

Re:And Cyber Ark are selling? (4, Insightful)

nine-times (778537) | more than 5 years ago | (#24800061)

In related news, IT admins have done a survey of security firms and have found that 95% of them will provide you with useless and even harmful advice and services if it will make them any money.

This is silly. (1)

Pig Hogger (10379) | more than 5 years ago | (#24799477)

Better go the pre-emptive way: make offside backups before the shit hits the fan.

Re:This is silly. (4, Funny)

spun (1352) | more than 5 years ago | (#24799691)

Better go the pre-emptive way: make offside backups before the shit hits the fan.

Bad idea. You'd get a 5 yard penalty on the play.

Stunning results. (1)

saintlupus (227599) | more than 5 years ago | (#24799481)

So, 88% of IT administrators are antisocial clowns?

Well, you could knock me over with a feather. I'm shocked.

(Honestly, I think that number is ridiculously high and inaccurate. But I work for a college, so maybe I'm just underestimating the evil of corporate IT.)

--saint

Re:Stunning results. (0)

Anonymous Coward | more than 5 years ago | (#24799561)

Yes, you are.

Re:Stunning results. (1)

neuromancer23 (1122449) | more than 5 years ago | (#24799815)

>> So, 88% of IT administrators are antisocial clowns?

I thought that was obvious from the posts on slashdot, although I think its probably closer to 90.

Figures Seem Inflated (5, Insightful)

dthrall (894750) | more than 5 years ago | (#24799497)

I'm actually surprised at this claim. It would be nice if they posted some additional info, like their sample size, etc. Sorry, I just seriously can't believe that 9 out of 10 people would maliciously act in this manner. Snooping over the network out of curiosity, I'll buy that one.

Re:Figures Seem Inflated (1)

dthrall (894750) | more than 5 years ago | (#24799547)

Identity management firm Cyber-Ark conducted the survey of 300 IT professionals in its annual review 'Trust, Security & Passwords'.

Re:Figures Seem Inflated (1)

Colin Smith (2679) | more than 5 years ago | (#24799571)

Snooping over the network out of curiosity, I'll buy that one.

Snooping over the network is part of an admin's job.

 

But... (5, Insightful)

lucky130 (267588) | more than 5 years ago | (#24799499)

How many of them are just saying that to sound cool?

Re:But... (1)

s_p_oneil (795792) | more than 5 years ago | (#24800059)

Damn, you beat me too it. I'm surprised you got modded funny. It's probably true to some extent.

Inaccurate? (1)

ilovegeorgebush (923173) | more than 5 years ago | (#24799511)

I hate these sensationalist statistics. How many people did they ask? What's the report's definition of 'admin'? etc etc

95% of statistics are made up on the spot.

Re:Inaccurate? (1)

yerktoader (413167) | more than 5 years ago | (#24799593)

The article says 300 interviewed, as for who they actually interviewed and how they ask the questions, who knows?

Re:Inaccurate? (1)

ilovegeorgebush (923173) | more than 5 years ago | (#24799629)

That's still a shocking survey. 300 people? That's entirely non-representative.

Strong morals? (5, Funny)

FliesLikeABrick (943848) | more than 5 years ago | (#24799517)

What ever happened to sysadmins being known for having strong/good morals and ethics?

Re:Strong morals? (1)

Joe The Dragon (967727) | more than 5 years ago | (#24799639)

The PHB has beaten it out of them.

Re:Strong morals? (0)

Anonymous Coward | more than 5 years ago | (#24799675)

BOFH happened.

Betray the betrayer? (5, Interesting)

knarfling (735361) | more than 5 years ago | (#24799963)

When someone is laid of for no apparent reason, they often feel hurt and betrayed. A natural reaction is that the trust between them has already been destroyed.

At one company I was with, a sysadmin was on a conference call, and had his hands full when the call ended. The CEO never hung up the phone, and started talking to his assistant about people loosing their jobs and how much severance would be paid. The sysadmin, who probably should have hung up when he was first able to, couldn't resist listening for a short time. After a couple of minutes, the CEO finally realized that his phone was still on, and hung up the line. By that time, the sysadmin knew that several people would be laid off soon, but not how soon, or which people.

He informed a couple of his friends that the company was in worse shape than he had realized, and discretely began updating his resume. Within a month, the company was bought out and closed down by another company and everyone lost their jobs. He was asked to stay on as part of the transition team and that the new company would pay him, but after a couple of days, it was clear that he had been working for free and the new company was not going to honor the agreement.

At that time, he still had sysadmin access, and began to look through emails of the former employees. Some, including the CEO, were still getting and sending emails through web access through the old company server. He learned that although the board of directors did not want to spend the money to make sure that the fired employees could still have health insurance for a couple of months, they were willing to give the former CEO $25,000 for his efforts.

I have always said that a good sysadmin knows all the secrets of a company, but a great sysadmin knows when not to look. In this case, was the sysadmin justified in looking after he had been promised to be paid and then told he was not being paid? (Yes, his access should have been cut off, but he was the one who would have had to cut himself off and he was never told to do so.)

Although this situation may be unique, I think that many sysadmins may feel the same way. Once they are betrayed, they no longer feel the need to stay loyal to those that betray them.

Re:Strong morals? (1)

Poohsticks (921205) | more than 5 years ago | (#24800065)

Not sure why the mods see fit to mark this as funny. I take that as a serious question.

I'm also glad to say that I AM a Sysadmin and I've NEVER stolen passwords or data. And I DO have strong morals and ethics. 88% ????

I call bullshit.

Re:Strong morals? (1)

sorak (246725) | more than 5 years ago | (#24800125)

What ever happened to sysadmins being known for having strong/good morals and ethics?

Hey, did you hear about that kid who hacked something...I think it was a hospital or something. He made all the pacemakers play a bad midi of "stayin alive" constantly, at full volume...Three people died, but the hospital was impressed and offered him 175,000 a year to work from home as their head computer guy...I know it happened because I have heard about it from several corroborating sources.

Survey is Pants (5, Insightful)

Fox_1 (128616) | more than 5 years ago | (#24799523)

nothing to see here:

"According to identity management firm Cyber-Ark's annual 'Trust, Security & Passwords'"

Making the IT folk out to be bogeymen is great business for security pros. I'm sure there are some idiots out there, but most IT people are normal honest people like anybody in any other profession. I don't buy that we are so far off the curve, 81% is bullcrap and makes me question everything about that company and it's motivations and methods for the survey.

Re:Survey is Pants (0)

Anonymous Coward | more than 5 years ago | (#24799855)

"but most IT people are normal honest people like anybody in any other profession."

Which is why I don't trust'em.

Re:Survey is Pants (1)

bjdevil66 (583941) | more than 5 years ago | (#24800025)

I think I get the gist of the phrase, but I want to be sure... What exactly does the phrase, "Survey is Pants" (or " is pants") mean?

Nothing to see here (5, Insightful)

Arc the Daft (1340487) | more than 5 years ago | (#24799551)

A firm selling data security products claims that people with access to sensitive information can't be trusted. News at 10.

Post here if you're a minority as well (4, Informative)

Rob Kaper (5960) | more than 5 years ago | (#24799563)

I haven't, I wouldn't. At best you encounter some of those things during ordinary work or even unproductive boredom.. but I totally see no value in having such details of a place you no longer work.

(Of course here in Europe there's a due notice so you have plenty of paid time to find a new job, but still..)

Maybe I'm just daft or weak?

Re:Post here if you're a minority as well (1)

sam_paris (919837) | more than 5 years ago | (#24799695)

Same here, this study is clearly bullshit. I do quite a bit of DBA'ing for my company and have access to all the various DB's including customers and staff, blackberry etc and to be honest, i've never snooped or been inclined too, I find it all very boring. In addition, it's never smart to burn bridges, if I did leave the company why risk a good reference or criminal charges?

If i'm using the DBs i'm either making some necessary modifications or doing some sort of profiling/tracing. If i'm not using the DBs i'm doing something more fun, like reading Slashdot.

Re:Post here if you're a minority as well (1)

MightyMartian (840721) | more than 5 years ago | (#24800009)

No fucking kidding. Look at the guy in San Francisco? Think anyone will ever let him get access to a computer more complex than one that has "BIg Mac" "Large Fries" "Diet Coke" on it?

Maybe we should find out how many people employed at security firms snoop on their customers' networks, keep lists of passwords and would potentially hold networks hostage if they're contract was suddenly torn up.

I'll go you one better.. (3, Funny)

Jaysyn (203771) | more than 5 years ago | (#24799567)

.. I have a 120dpi scanned transparent GIF of the CEO's signature.

Re:I'll go you one better.. (1)

c0d3r (156687) | more than 5 years ago | (#24799657)

I've got hundreds of signed timesheets signed by the CEO.

I stole all the passwords (1)

hoofinasia (1234460) | more than 5 years ago | (#24799575)

Yeah I "Stole" all the admin / management passwords when I quit my last IT job, by virtue of a thing called long-term memory. this "memory" is usually accounted for by the remaining IT pros, and the passwords are often changed anyway. Big deal. My last instruction was to change all the passwords, as was the last instruction of my predecessor. Lay-offs have even more notice than quits, so 88% might steal, but if they can use it for anything, then more layoffs should promptly follow.

It's an ethics issue, not a technological one... (1)

Vexler (127353) | more than 5 years ago | (#24799577)

Just because we are talking about technology workers does not imply that they are a more virtuous bunch. Unethical behavior has existed as long as man, and if anything a scumbag is helped immensely by the power of technology to do immense damage.

In other words (1)

DaveV1.0 (203135) | more than 5 years ago | (#24799579)

88% of IT Admins are unethical dirtbags.

Let me guess (4, Insightful)

Kjella (173770) | more than 5 years ago | (#24799581)

....you take a survey saying something like "Have you in your work had access to..." or "Have you known company information after leaving..." which you often have then tweak it into "IT admins spy on you and will steal your IP" in order to make FUD and sell your product? I think I know enough people in the IT business to tell that these numbers are horribly off.

The other 22%... (4, Insightful)

AioKits (1235070) | more than 5 years ago | (#24799591)

It could be just me, but I honestly don't care enough about what other employees or coworkers are doing to bother sneaking about their crap. If it's anything like their desktops, I'm probably going to see hundreds of cute kitten photos, pictures of family and a bunch of music hidden under folders named things like, "NotMP3s".

When I was an admin (short stint so I could pay bills, 3 years) I usually didn't give a rat's ass about what the users stored on their system unless it showed up in my virus scan reports or I was told to investigate someone due to "suspicious behavior". (BTW folks, before you get off on the 'evil spying on users' tangent for me, it was only twice and it was two girls working in tandem selling info to another company on how much certain people were paid.) I never could understand the whole "I have the power!" attitude some people showed when it came to passwords or how they'd screw the company if they were laid off. If I felt I was unfairly fired or downsize or funsized, whatever, that's what my lawyer is for (he works for cheap cause I fix his laptop, heh). Why complicate issues by fudging with the network access?

Maybe I'm just too young to understand yet. Now if you'll excuse me, I have to play with my army men, we're planning an attack on the tan army on the coffee table and I gotta move equipment for em.

Re:The other 22%... (1)

AioKits (1235070) | more than 5 years ago | (#24799687)

The other 12%, damned carpal tunnel... Must proofread more often. *sighs and puts on giant bullseye* Hit me where it counts boys, in the math skills.

Re:The other 22%... (4, Insightful)

CFTM (513264) | more than 5 years ago | (#24800067)

As a system admin who has access to ten years of email at an institutional finance firm, I can tell you that I have absolutely no desire to go through these records; sure there would be juicy tidbits about office relationships, hot stocks, whose getting what promotion etc but your integrity is way too valuable for any such tomfoolery. Moreover, my experience is that my coworkers have pretty much all been of like-mind. There's just no upside to doing any of the things listed in this article; it most certainly will not get your job back nor will it help you get another job and as has been said before it will get you put in jail.

And, as was said earlier, it's so shocking to find a company that does security consulting say that the weakest link in your security chain is your people, I mean who would of thunk it? Oh wait, Michael Milken did way back in the 80's and I'm sure someone else did it before him...

Re:The other 22%... (1)

CFTM (513264) | more than 5 years ago | (#24800123)

Actually, I was more thinking Kevin Mitnick not Michael Milken...

Re:The other 22%... (0)

Anonymous Coward | more than 5 years ago | (#24800085)

man. you are really giving 110% today.

I think the operative word is 'suddenly'... (2, Interesting)

LibertineR (591918) | more than 5 years ago | (#24799613)

...which almost never happens.

Typically, (at least in companies with some sense) the decision to remove an IT worker is made in advance, with steps taken to drastically reduce that individual's ability to do damage.

Rarely, is an IT worker told about their demise until steps are in place to have someone watch that person pack their belongings, upon which they are escorted to the door. They would be lucky to steal their favorite coffee mug is such cases.

Stupid is the company that gives notice to someone with keys to the kingdom, except in cases where the person is needed to stick around to train their own replacement.

But then, anyone who would agree to do that without MASSIVE compensation, is a pussy.

That said, I do know a guy who kept a series of special GPOs at the ready when he figured he was on his way out of HP back in the day...

So it is not just me? (0)

Anonymous Coward | more than 5 years ago | (#24799635)

Cool, glad I am not alone. I don't feel so bad about reading the hot receptionists email.

In completely unrelated news.... (0)

Anonymous Coward | more than 5 years ago | (#24799645)

A new study shows 88% of all IT workers are employed by hosting companies running adult websites.

In other news... (1)

NeoSkandranon (515696) | more than 5 years ago | (#24799649)

80% of people talk big about all kinds of hypothetical situations and then turn tail when push comes to shove.

HOw do they do that? (1)

KasperMeerts (1305097) | more than 5 years ago | (#24799667)

I thought all passwords were hashed now instead of just stored as plain-text. If those IT admins store passwords like that, they deserve to be laid off.

Layoffs vs. Firings (1)

saterdaies (842986) | more than 5 years ago | (#24799711)

Seriously? You'd steal passwords just because you were laid off?

Remember that layoffs aren't the same as being fired. If you're laid off, you're likely to get a good recommendation from your boss for new jobs you apply for. Why would you want to burn that bridge?

Now, if you were fired because your boss was incompetent and used you as a scapegoat I could sympathize, not condone, but sympathize.

This just in! (1)

Usefull Idiot (202445) | more than 5 years ago | (#24799713)

100% of douchebag security companies will manipulate data to sell you something!

And BY THE WAY (0)

Anonymous Coward | more than 5 years ago | (#24799717)

We offer a solution to this for the mere price of ...

Ethics FTW (1)

Pat Attack (1353585) | more than 5 years ago | (#24799763)

I know I wouldn't steal company info if laid off. I guess I've always realizes that I'm in a position of high responsibilty and need to act accordingly. Plus, if I ever got caught doing such a thing, I'd never have that type of position again. Snooping though... Well I do get bored sometimes.

Survey Results, bah (1)

iPhr0stByt3 (1278060) | more than 5 years ago | (#24799769)

We all understand how figures never lie, but liers figure. So it all depends on the wording. Personally, I'm an IT admin, and I've gotten dumped before (employer got sued, but instead of admitting financial problems he claimed I lacked project management skills so as not to scare other employees... whatever, I was mad). But even so, I didn't steal any passwords, and yes, I had full admin passwords to everything (even if they changed those, they didn't know all the passwords I DID have. at least I could've purchased stuff from their TechData account or whatever). That's a little off-topic, but the point is that I didn't steal anything and most IT admins I've worked with would not steal anything either. As for snooping... well, I've never done it on purpose, but in the process of helping people they often leave e-mails and stuff in an open window on their screen after they ask me over to help them... so, ok, whatever, I'm guilty of reading it.

88% of IT Admins Are Stupid (4, Insightful)

Just Some Guy (3352) | more than 5 years ago | (#24799827)

If I'm ever show to the door, I would insist on my ability to operate on the system being terminated at that moment. I don't want VPN access. I don't want an email account. I don't want SSH keys. I sure don't want the boss's password. Why? Because I don't want to be accountable for anything that goes wrong afterward.

Think about it, people. If the IDS catches you SSHing in a couple of weeks after you've left, then they have carte blanche to hold you responsible for whatever breaks, even if it's totally unrelated. Good luck convincing a jury that Oracle coincidentally just happened to explode an hour after you logged into your old workstation. Seriously, what good can possibly come from putting yourself in that situation?

Re:88% of IT Admins Are Stupid (1)

mweather (1089505) | more than 5 years ago | (#24799931)

Don't log in to your own workstation.

Quis custodiet ipsos custodes? (1)

rwillard (1323303) | more than 5 years ago | (#24799833)

Who watches the watchmen?

I bet they would... (0)

Anonymous Coward | more than 5 years ago | (#24799851)

http ://www.itworld.com/security/54579/survey-it-staff-would-steal-secrets-if-laid

and the results aren't tainted (1)

joeflies (529536) | more than 5 years ago | (#24799883)

by the fact that Cyber Ark's business is privledged account management, would it?

I have my doubts (0)

Anonymous Coward | more than 5 years ago | (#24799885)

The article and survey do not seem to realize the difference between IT staff and IT Admins. Also, from the article:

"The survey found that one third of IT staff still keep passwords on post-it notes. And 35 percent admitted to sending highly confidential information via email or couriers."

There is no distinction made between secure emails or transporting information via couriers on encrypted drives. The credibility of the survey is highly in question if they can not even define the questions they ask with some specivity.

How may slashdotters would help a coworker open an excel file? What if they are not supposed to have access to that file? According to my own survey, 87% of all survey results are bullshit.

Posted as a coward to circumvent our IT security policy.

What a discovery dude! (0)

Anonymous Coward | more than 5 years ago | (#24799889)

Takes second best right after penicillin! lol Kidding, I believe it's the normal side-effect of any "power", small or big.

Kudos.

The other 12% (2, Funny)

ArmyOfAardvarks (1281154) | more than 5 years ago | (#24799901)

It was also discovered that 12% of IT Admins lie on surveys.

It depends on your definition of "stealing" (2, Interesting)

Ohio Calvinist (895750) | more than 5 years ago | (#24799915)

TFA was very vauge in how they frame "stealing." When I have left (of my own accord) a job, there is invariably a certain amount of information written in my notebooks when I pakc up my cube that probably contain some user/password items, hostnames, door codes, etc. If you call that "stealing" i'd say the statistic is right.

When I am leaving a job, I'm not actively concerned in making sure every piece of knowledge about my tenure is forgotten and every napkin I may have scribbled something on is returned or destroyed, and every backup I've made is destroyed because I use a lot of the scripts/docs/etc... as part of my new job hiring interview. Conversely, most firms I've worked at haven't changed their admin passwords or door codes when I left, so they don't seem particularly concerned either. (Which may or may not be normative.)

I would say that the time when most IT folks are going out of their way to collect information is if they feel like they're being setup for the fall guy. At my last gig my project lead liked to broadcast the whole group when a server went down (blaming me) so I was maticulous to keep a copy of every log, logon time, email from her, so when I was accused, I could defend myself to our supervisor. If you're being laid off for some straight-up BS; and you're acute enough to see it coming, you better bet I'm going to collect as much as I can to clear my name. Beit to that firm or my new employer should I get a bad reference.

Not Exactly News To Me (2, Interesting)

strelitsa (724743) | more than 5 years ago | (#24799995)

I've watched three IT admins get escorted out of the building in the past 5 years due to my sending of emails carefully salted with bogus salacious information about our department. If the fake information doesn't make it to a certain vice-president, then their job is safe. If it does, then there's only one person who could have known it (besides me of course), and out the door they go.

This little collateral duty of mine has been quite lucrative - I receive a percentage of whatever money the company saved by firing the dirtbag admins who couldn't keep their noses out of other people's data. And if they were willing to pass on what essentially is inter-office gossip, then who is to say that they wouldn't be just as willing to pass our trade secrets to outsiders?

Umm... (1)

JHolt (1353797) | more than 5 years ago | (#24800015)

Why would any IT admin admit in a survey that they would steal passwords? I could only think that they were tricked into saying that they would do that: Q1: Do you like Candy? yes/no *note by selecting yes you admit that you would steal company secrets if given the chance* Q2: Is the Sky Blue? yes/no *See above*

And yet they complain when they get the walk . . . (1)

Wrath0fb0b (302444) | more than 5 years ago | (#24800057)

IMHO, even a 10% chance* of these sort of breach justifies the dickish practice of immediately cutting off all access to laid-off/fired employees and having security walk them out. For the 90% that don't deserve to be treated that way (and will be justifiably bitter), it's a shitty thing to do. That 10%, however, represents such a huge security risk that I don't really see a better option.

* I make no statement whatsoever on what the actual fraction of admins would do such a thing. I don't think TFA is particularly credible, considering the company. *

You missed a more important question Chief (1)

ThoreauHD (213527) | more than 5 years ago | (#24800073)

How many IT Sysadmins would steal passwords/accounts for no reason whatsoever? I don't know about you folks, but I'm a good sysadmin because I remember IP's and l/p's. In fact I remember all of it from 3 jobs ago- all of it private and all of it confidential.

"Stealing" aka "Knowing" these things doesn't mean that you will use it to do harm. If a sysadmin wanted to harm you, he could fuck you so hard that you would question if there really was a God. That's the truth ladies, and you all know it. If a sysadmin gets pissed ala the San Francisco IT Guy- he could fucking own you all. 80% my ass. 80% know it. The other 20% are retards.

Hmm, my thoughts... (0, Flamebait)

Drakin020 (980931) | more than 5 years ago | (#24800115)

I work as an IT Admin, if I was let go or hell even fired, I would like to keep tabs on my network. I might make an account in the background with admin rights so I can see how the new guy did...See if the exchange store is still mounted, check the SAN and so on...

Sorry I might be straying slightly off topic. It's just...being replaced you feel like part of your territory was taken over, and you want to check in on your baby (network) and see how it's doing.

An explanation for other issues. (1)

Anachragnome (1008495) | more than 5 years ago | (#24800129)

Maybe this is an explanation for all the HUGE leaks of customer information from large Corporations.

Simply a way of "getting back at the man" for being laid off. Steal the data, then release it to the web, or specifically, to people that would put the info to nefarious use.

Another good reason to make it these companies financially responsible for damages incurred by the loss of such private data. Put the onus of security firmly in their hands, and maybe, just maybe, the losses will begin to decrease.

I remember a story from back in Santa Cruz many years ago about a Taco Bell restaurant that fired an employee, then made him finish his shift. He went in the back of the store, SHIT in the huge pot of simmering refrieds, finished his shift then left. The result was dozens of seriously ill customers (due to some intestinal parasite the guy had). Taco Bell got the pants sued off of them. I am sure they do not make employees finish their shifts after firing them now.

Most people probably would (0)

Anonymous Coward | more than 5 years ago | (#24800131)

This doesn't surprise me a bit to be honest. Sure maybe not all of the 88% will end up stealing the data when it comes down to it but I think you will find a majority will.

If I leave my current employer (regardless if I am fired or quit) you can bet that I will bring the contact details of people I have gotten to know through the years which can be handy to know in the future.

I bet that most of the people who said they would steal it in that survey said yes not because they are going to steal a database with 10 000 customers but to keep the important ones you have a close relationship with.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...