Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Fired Techie Created Virtual Chaos At Pharma Co.

Soulskill posted more than 3 years ago | from the no-printers-were-harmed dept.

Security 339

itwbennett writes "Using a secret vSphere console, Jason Cornish, formerly an IT staffer at the U.S. subsidiary of drug-maker Shionogi, wiped out most of the company's computer infrastructure earlier this year. Cornish, 37, pleaded guilty Tuesday to computer intrusion charges in connection with the attack."

cancel ×

339 comments

Sorry! There are no comments related to the filter you selected.

He is looking at 10 years in prison. (0)

Anonymous Coward | more than 3 years ago | (#37116864)

Well that was totally worth it.

Re:He is looking at 10 years in prison. (1)

1s44c (552956) | more than 3 years ago | (#37116900)

Well that was totally worth it.

Indeed. Employers can be total asses but what Jason Cornish did was illegal and was going to lead back to him. How did he think he was going to get away with that?

Re:He is looking at 10 years in prison. (5, Insightful)

erroneus (253617) | more than 3 years ago | (#37117744)

Yes... it's the "how can you get away with it?" question that boggles the mind. If you can't think at least that far ahead, then you should refrain from doing more than "wish damage." (You know, I wish something bad would happen to them because I hate them kinda thing?)

If it were me, I would do something more subtle... something based on a cron job perhaps ... something that runs, clears out logs and other things, mounts VMDKs, deletes random files, exchanges the file names of various random pairs of documents and things like that. It would be weirdness that people would dismiss at first as human error which give the trail time to grow colder and bad backup data to get worse and then at some point just go all-out, destroying itself and the systems -- preferably killing the hardware in some way. Even then the chances of getting caught are pretty good as it would be a careful balance of luck and planning to create this gradual corruption of data that wouldn't go noticed until it was too late... perhaps only corrupt files older than a certain date which are not as likely to be accessed for a long while.I suppose that would be enough to allow the corruption of backups and such along the way...

Anyway, the first thing should always be to plan not to get caught or even suspected.

Re:He is looking at 10 years in prison. (2)

WrongSizeGlass (838941) | more than 3 years ago | (#37116902)

He's facing a maximum of 10 years wen he's sentenced. I wonder if he'd still have been pissed at Shionogi 10 years after they laid him off?

I'm not blaming Shionogi, but they certainly made a poor choice to use him as a consultant after he'd resigned due to a dispute with management. I'm sure when they laid him off two months later (along with other employees) it was the tipping point for whatever was brewing inside. When an IT person who has access to everything (or even one server) leaves you need to change every password ever created, verify every account, etc, etc. It's sounds like a bit of an over reaction, but you never know who will do what. The other clown not turning over passwords probably played a role in this too.

Re:He is looking at 10 years in prison. (4, Interesting)

Z00L00K (682162) | more than 3 years ago | (#37117152)

What you really should care about when it comes to IT department is to keep them happy. The cost compared to what can happen when an employee is disgruntled is minor.

And even if you remove/change all passwords - are you sure that there isn't a backdoor somewhere? Especially in a system like Active Directory where login accounts can be "hidden" anywhere in the tree. Also - some accounts can't change password easily since there are services that may depend on them - or that the password also is the encryption key. It's just a ticking time bomb in some cases.

Some of you may claim "You are doing it wrong" when you depend on "unchangeable" passwords - but in some cases there are interdependencies that causes that kind of problem. And the problems can be all the way from a background task that locks the system account because it uses the old password to encryption key based on the password for the backup solution. In some cases it's caused by the third-party software that you use.

Re:He is looking at 10 years in prison. (4, Insightful)

SniperJoe (1984152) | more than 3 years ago | (#37117460)

I know this might not be a popular opinion, but why should a business "really care" about keeping the IT department happy over any other department? Yes, they could do a lot of damage, but so could ANY disgruntled employee who walks in with a gun and starts shooting. Companies should treat ALL employees with respect, not grudgingly cozy up to IT because they feel like IT has them backed into a corner.

The other sense that I get from your statement was that it seemed like you were blaming management here. It feels a bit like, "Well, they didn't keep their IT staff happy, so they brought it upon themselves!" We don't know what the disagreement was, nor who was at fault for that disagreement. People get in disagreements all the time about relatively minor issues. Perhaps Shionogi wanted him to do something one way and he wanted to do it a different way. That's certainly not worthy of revenge. Right now, we just don't know. The simple fact remains that Mr. Cornish committed an act that was unethical and illegal and did substantial damage to the business. Yes, poor management controls and practices allowed this to take place, but they weren't the ones who committed the act.

Re:He is looking at 10 years in prison. (4, Insightful)

datapharmer (1099455) | more than 3 years ago | (#37117564)

I wouldn't blame management for the damage, but it certainly is foolish to not take proper precautions when firing IT staff with administrative access. The damage a disgruntled IT employee can cause these days is akin to burning a building down 20 years ago - you could lose everything.

Re:He is looking at 10 years in prison. (0)

Anonymous Coward | more than 3 years ago | (#37117678)

The truly sad part of this is, why should a company have to be so worried about any employee in the first place? IT or project manager, or janitor, it doesn't matter.

The first thing that needs to be done is to make very sure that you know your employees. I don't care how big a company is, it's still possible to know, through delegation of responsibilities, your employees.

Second, your computer infrastructure policies need to be up to spec and setup to avoid just this kind of occurrence. This shouldn't happen in any well run IT department.

There should be no reason for an employer to fear their IT staff any more or less than any other employee. It starts with treating employees with respect.

Re:He is looking at 10 years in prison. (2)

Lumpy (12016) | more than 3 years ago | (#37117626)

That does not help. Honestly a highly skilled IT guy that understand virus writing can infect all the machines with a timebomb and you would never know it. IF he did it right and inserted the time bomb into a driver there is nothing you could do to stop it.

It's called paying IT people what they are worth and running background checks. This guy would not have had a squeaky clean past if he did stupid crap like this.

Finally having enough staff so that ANY changes are done with a peer review. I.E. Update XYZ needs to be applied. Sr IT guru does not apply it himself and deploy, it MUST be reviewed by 2 others and DOCUMENTED.

But corporations have no interest in properly staffed IT departments that are paid enough to hire competent and trustworthy people... You get what you pay for.

How he got caught. (5, Informative)

will_die (586523) | more than 3 years ago | (#37116916)

For those wondering how he got caught, he accessed the servers from his home also for the McDonalds just before he accessed them he purchased some food using this credit card.

Re:How he got caught. (1)

1s44c (552956) | more than 3 years ago | (#37116992)

For those wondering how he got caught, he accessed the servers from his home also for the McDonalds just before he accessed them he purchased some food using this credit card.

That seems amazing stupid.

Re:How he got caught. (1)

Hazel Bergeron (2015538) | more than 3 years ago | (#37117432)

(1) He will not be incarcerated for anything like 10 years;

(2) Incarceration's looking like a fine alternative to the next decade in the wild. Especially in countries with more lenient prison systems (the US is bad but not as bad as the Middle/Far East; the UK is better than all of the above).

Re:How he got caught. (1)

JosKarith (757063) | more than 3 years ago | (#37117476)

Unless you've been convicted of using Facebook to incite a riot that never happened...
http://www.guardian.co.uk/uk/2011/aug/17/facebook-cases-criticism-riot-sentences

Re:How he got caught. (0)

Hazel Bergeron (2015538) | more than 3 years ago | (#37117530)

I agree that those sentences are absurd and were probably set as politically motivated examples (chilling effect) to spark debate[tm], debate[tm] in UK politics being where you promote one predetermined side of an argument by occupatio over your opposition, then declare consensus among common sense[tm] folk.

The sentences do not negate my suggestion that, especially in the UK, life in prison over the next decade will be preferable to life as someone on the margin's of society left to fend for himself. It has the added political protest bonus that jailtime is extremely expensive for the "taxpayer" (newspeak for "citizen", newspeak for "subject"), especially if you are sent to a privatised jail. If you're not worried about never being able to integrate in a society which hasn't welcomed you so far anyway, what do you have to lose by imprisonment?

Re:How he got caught. (1)

Anonymous Coward | more than 3 years ago | (#37117748)

If you're not worried about never being able to integrate in a society which hasn't welcomed you so far anyway, what do you have to lose by imprisonment?

Your cherry?

Re:How he got caught. (0)

Anonymous Coward | more than 3 years ago | (#37117556)

UK prisons aren't that great. They don't even put prisoners in different tiers, so my uncle who had a drunk driving violation -- a two month sentence -- was in with rapists and murderers. Norway is what you were looking for. If you're a criminal, you're practically an idiot for not going to Norway to torch buildings, steal, and kill people.

Re:How he got caught. (1)

Hazel Bergeron (2015538) | more than 3 years ago | (#37117622)

With all respect, a drunk driver is not necessarily any safer to be around than a rapist or a murderer. Indeed, an otherwise law-abiding man who murders once out of passion could be much safer than any number of people convicted of more minor offences.

Anyway, there are different prison security categories, but not based on the criteria you're implying.

Re:How he got caught. (3, Funny)

Anonymous Coward | more than 3 years ago | (#37117536)

That's bullshit, McDonalds doesn't sell food.

Re:How he got caught. (1)

Runaway1956 (1322357) | more than 3 years ago | (#37117598)

And, did he also use his own computer, probably running Windows, which keeps logs of contacts? Or, did he use a LiveCD, do his dirty deeds, then shut down the computer?

I know for certain that if I were to do something like this, I would NOT use an installed operating system, and I would MOST CERTAINLY not use a Windows system! Not even from a public computer, from a library, or senior citizen's center!

Re:How he got caught. (1)

darkmeridian (119044) | more than 3 years ago | (#37117712)

For those wondering how he was in a position to cause such mayhem: "Cornish had resigned from the company in July 2010 after getting into a dispute with management, but he had been kept on as a consultant for two more months." *slaps forehead* The guy had issues with management and resigned, so they let him stay on for two more months ... because?!

However, the attack did not attack "vital" systems like research lab data. It affected emails, sales systems, and the like. Sure, that's annoying, but it was "only" $800,000 in damage. Sending this dork to ten years in prison is the same as a death sentence.

As an aside, the scariest commentary I've ever heard about the US prison system was by an inmate on a documentary, who observed, "If they keep you in here for ten years, they should never let you out." *glares menacingly at camera*

Who will pay the damages? Compensation? (0)

aglider (2435074) | more than 3 years ago | (#37116930)

I think that hardly that moron^H^H^H^H^Htechie will have enough resources to compensate his former employer for damages.
However long his imprisonment will be, that idiot^H^H^H^H^Hpoor company will pay.
This should make it very clear than too many companies use IT just like fridges: push the plug in the socket, put a warm bottle in, wait, get a cool bottle out.
IT is not really that way. And Mr. Jason knows that very well.
Mr Jason should be hired for free as the CTO of that company and get his payroll only once the damages have been paid back.

Re:Who will pay the damages? Compensation? (1)

gandhi_2 (1108023) | more than 3 years ago | (#37116994)

the ctrl-H thing isn't as funny or neat as you seem to think it is.

Re:Who will pay the damages? Compensation? (-1)

webmistressrachel (903577) | more than 3 years ago | (#37117094)

Agreed. What's it supposed to represent, anyway? Is it a reference to dumb American accents ala herp-de-herp, or is it a stiffled hahahahaha, or what?

Re:Who will pay the damages? Compensation? (1)

Anonymous Coward | more than 3 years ago | (#37117110)

Oh wow.

And this was the moment I realised Slashdot was no longer for nerds.

Re:Who will pay the damages? Compensation? (1)

Canazza (1428553) | more than 3 years ago | (#37117130)

or modern nerds have moved on from VIM

Re:Who will pay the damages? Compensation? (1)

ZeroExistenZ (721849) | more than 3 years ago | (#37117326)

VIM is a bit far back. I use notepad.
As a matter of fact, I use a Unix based system (Mac) and run an emulator on it (parallells) to run notepad. Because it makes me feel right at home.

I've coded industry strength software in C# in notepad. And now I'm doing the same in an emulator.

Fluent in C,C++, ObjectiveC, Java, C# and an array of scripting languages and scripting libraries (don't make me laugh the "library solutions" to attack a basic vanilla problem by "modern nerds"...)

The "nerd" is no more, if I see what comes in from IT colleges and how hard it is to find kids with the right mindset. My experience in the industry spans only 10 years, but it's becoming an aging crowd.

Go away you "modern nerd" with cheesy vampire soap and WoW nostalgia!

Re:Who will pay the damages? Compensation? (1)

Canazza (1428553) | more than 3 years ago | (#37117462)

Yes, but when you press CTRL+H in Notepad you get the Find+Replace popup, not ^H or backspace.

Re:Who will pay the damages? Compensation? (1)

AlecC (512609) | more than 3 years ago | (#37117542)

Ctrl-H was backspace on paper tape machines. It dates back well before vim: I was using it in 1970, though you had to follow it with DEL to remove the mistype before retyping. It probably dates back to the 19th century.

Re:Who will pay the damages? Compensation? (1)

cc1984_ (1096355) | more than 3 years ago | (#37117636)

Ctrl-H was backspace on paper tape machines. It dates back well before vim: I was using it in 1970, though you had to follow it with DEL to remove the mistype before retyping. It probably dates back to the 19th century.

I hope you're joking.

19th century? Any self respecting geek knows that Vim was around well before that.

Re:Who will pay the damages? Compensation? (1)

Anonymous Coward | more than 3 years ago | (#37117144)

http://rule6.info/vi-short.html

"Ctrl-H erase last character"

HTH

Re:Who will pay the damages? Compensation? (4, Informative)

neokushan (932374) | more than 3 years ago | (#37117192)

And in case you didn't figure it out, "^" represents the CTRL key.

And oddly enough, it's not just VI - the windows command prompt works exactly the same way, open one now and hit CTRL+V (probably expecting to paste something) only to get ^V on your screen instead. But it's ok, hit CTRL+H and it'll backspace for you.

I believe its less to do with VI and it's CRAZINESS and more to do with the legacy of some keyboards not actually having a backspace key. Shock horror, I know.

(Cue the "...back in my day, we had to use TWO keys to backspace!" comments...).

Re:Who will pay the damages? Compensation? (1)

Canazza (1428553) | more than 3 years ago | (#37117274)

What I want to know is why he didn't just ^W

Re:Who will pay the damages? Compensation? (1)

murdocj (543661) | more than 3 years ago | (#37117372)

As I recall, the old CRT keyboards did have a backspace key, it was just a lot easier to hit ctrl-H. The ctrl key was just to the left of "A" (somehow that got morphed into caps lock, which seems really stupid). So you could hit ctrl-H w/o ever leaving the home row. I think the backspace key was less conveniently located.

But this goes back a few years... it might well be that the first CRTs I used didn't have a backspace.

Re:Who will pay the damages? Compensation? (1)

rickb928 (945187) | more than 3 years ago | (#37117652)

More like some terminal emulations not implemented very well.

Re:Who will pay the damages? Compensation? (0)

Anonymous Coward | more than 3 years ago | (#37117160)

30 years ago it was how a backspace was represented over a terminal screen. It's a reference that dates the user as an old fart who hasn't kept up with technology for decades and still secretly hopes for an Amiga comeback.

I'm sorry if this sounds harsh but GP should stop sniggering over the Jargon File and keep up with the times.

Re:Who will pay the damages? Compensation? (0)

Anonymous Coward | more than 3 years ago | (#37117208)

Come on, backspace always worked properly on the Amiga. However, on Unix systems a misconfigured terminal was a common occurrence, and it isn't completely unknown on linux either.

Re:Who will pay the damages? Compensation? (0)

Anonymous Coward | more than 3 years ago | (#37117200)

I'll presume you're a relative newbie to IT -> Read all about backspace [wikipedia.org]

Re:Who will pay the damages? Compensation? (1)

Cwix (1671282) | more than 3 years ago | (#37117322)

Really?
That was pathetic.

Re:Who will pay the damages? Compensation? (1)

datapharmer (1099455) | more than 3 years ago | (#37117608)

Fail. Turn in your nerd card. Seriously though, if you really don't know then you should read up about control character mapping.

Re:Who will pay the damages? Compensation? (0)

Anonymous Coward | more than 3 years ago | (#37117142)

Really^H^H^H^H^H^H^HWhy?

Re:Who will pay the damages? Compensation? (0)

Anonymous Coward | more than 3 years ago | (#37117196)

It's hard to read through. ^HH^HT^HH^H^H.

Re:Who will pay the damages? Compensation? (1)

petscii (318753) | more than 3 years ago | (#37117210)

word^wforshizzle!

Re:Who will pay the damages? Compensation? (2)

Kulfaangaren! (1294552) | more than 3 years ago | (#37117284)

I see only one problem with that, USA has laws against slavery...something about a civil war they had a while back...if I remember correctly. :)

Re:Who will pay the damages? Compensation? (1)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#37117366)

Eh, I'm sure that if you give Visa's lawyers a call they can probably hook you up with the draft language for a 'Managed Freedom Debt Restructuring Settlement' which would do almost as well...

Re:Who will pay the damages? Compensation? (2)

c0lo (1497653) | more than 3 years ago | (#37117336)

I think that hardly that moron^H^H^H^H^Htechie will have enough resources to compensate his former employer for damages.

What damages? TFA mentions "virtual chaos" - why wouldn't this equate with "virtual damages" and "virtual prison"?

For those not fully awaken, I'm attempting some lame fun on the overuse of "virtual/virtualization". I've seen until now lots of abuses: "piracy is theft", "cloud", cyberwar/cyberterror (BTW, cybernetics [wikipedia.org] doesn't have too much to do with computers) etc. The "virtual chaos" seems a new concept.

Re:Who will pay the damages? Compensation? (1)

epyT-R (613989) | more than 3 years ago | (#37117344)

maybe employers should treat their employees reasonably and this would happen less often. the employer had all the cards here.. they could've played it any way they wanted, but no. they bated him and then stuck it to him when he bit.

One by one? (1)

MrQuacker (1938262) | more than 3 years ago | (#37116984)

Damn, he took his time. Musta felt good though.

But seriously, if you're smart enough and determined enough to do this, cant you foresee the outcomes?

tl;dr, Shoulda just spliced an ethernet cable into a power cord, added a "Never unplug this!!!" sticker, and left it by a power outlet. Once the blue smoke is released, the magic is lost.

Re:One by one? (0)

Anonymous Coward | more than 3 years ago | (#37117022)

You have inspired me! Glad I haven't handed in my resignation letter, yet...

Re:One by one? (4, Insightful)

somersault (912633) | more than 3 years ago | (#37117112)

Shouldn't a "too long; didn't read" section be shorter than the rest of your comment? And it should provide a summary, rather than go off on some tangent.

Re:One by one? (1)

ArsenneLupin (766289) | more than 3 years ago | (#37117338)

I initially read this as "Never plug this in!", would have been more funny that way. Indeed if someone did plug it in (and someone would... idiots are everywhere...), Mr Cornish would have been able to share his punishment with whomever disregarded this clear instruction...

Re:One by one? (1)

jamesh (87723) | more than 3 years ago | (#37117576)

Once the blue smoke is released, the magic is lost.

This is true of people and of computers... guess which one will get you longer in prison of you are found to be responsible for the release of the blue smoke?

Re:One by one? (0)

Anonymous Coward | more than 3 years ago | (#37117680)

Once the blue smoke is released, the magic is lost.

This is true of people and of computers... guess which one will get you longer in prison of you are found to be responsible for the release of the blue smoke?

Turns out that people smoke is more pork-like than blue. One thing you have to say for humanity: we are delicious!

Re:One by one? (1)

mehrotra.akash (1539473) | more than 3 years ago | (#37117584)

Wouldnt it just fry the NIC it is plugged into, or the motherboard at max?

I hope they throw the book at him (4, Interesting)

Viol8 (599362) | more than 3 years ago | (#37117028)

He could have potentially wiped out some on going expensive research while he was at it and potentially cost lives not to mention jobs at a company that obviously wasn't in the best financial health to start with. This selt centered little prick doesn't deserve any leniency.

Re:I hope they throw the book at him (1)

neokushan (932374) | more than 3 years ago | (#37117088)

I believe you know the full story from both sides then, yes? So what was his dispute with the management that made him do this?

Re:I hope they throw the book at him (4, Informative)

ScentCone (795499) | more than 3 years ago | (#37117106)

So what was his dispute with the management that made him do this?

It doesn't matter what his dispute was. There are no circumstances in which doing the equivalent of burning down your former place of employment is a legitmate move in a dispute.

Re:I hope they throw the book at him (0)

Anonymous Coward | more than 3 years ago | (#37117248)

Yeah, all those poor investors with there millions...

Do you really have no idea how much a malicious employer can do to ruin you? I interviewed with one guy, just interviewed, and the moment I mentioned that I had a non-verbal learning disability he started shouting at me how I'd wasted his time and he ought to bill me, and he was going to lay a formal complaint with the firm that referred me. That firm, and several related firms have now blacklisted me because of that one malicious bastard being so biased against someone with something akin to dyslexia. Since that time, I've been unable to find work related to my degree, and I presently work for a minimum wage job that barely qualifies as full time.

So, keeping that in mind, you think it to be immoral and illegitimate for me to destroy him and his business, were I in a position to? The guy ruined me, just one fat prick who thinks he's above the law, and I've no comeback against him.

Personally, I'd take his house, his car, his boat, his clients, and his family if I could, right before I found the most expensive lawyer in the land to destroy his reputation, and then demand compensation and that he pay my legal costs for me. That'd be a start, anyway. If he could spend his retirement in poverty for what he did, I think that'd be fair.

Re:I hope they throw the book at him (0)

Viol8 (599362) | more than 3 years ago | (#37117292)

"Yeah, all those poor investors with there millions..."

*Yawn*. Can we skip the right-on reactionary socialist BS please?

"That firm, and several related firms have now blacklisted me"

No one gets blacklisted unless they're a total tool or they live in north korea. Perhaps you should give us the full story instead of your poor-lil-me abridged version.

Also its apparently escaped your notice that the guy had already been employed by the company so initially they obviously had no issue with him.

Re:I hope they throw the book at him (1)

epyT-R (613989) | more than 3 years ago | (#37117450)

people can and do get blacklisted for the wrong reasons all the time. in today's era of no-privacy, it's VERY easy. I'm no socialist, but it should be obvious that any entity in a position of power will abuse it eventually. whether it's corporate or government is irrelevant.

Re:I hope they throw the book at him (1)

mabhatter654 (561290) | more than 3 years ago | (#37117308)

ADA Lawsuit?
The case you just stated is EXACTLY what they're for.

Easy money for some vulture lawyer... As mich as we dint like them.

Re:I hope they throw the book at him (1)

Anonymous Coward | more than 3 years ago | (#37117396)

If your story has any truth to it, you're protected from discrimination under the ADA and you can take enough money out of that company to where you don't need to worry about working for a few years. If your reputation is already ruined, there's nothing to lose.

But since you haven't already done that I'm assuming that you're full of shiat.

Re:I hope they throw the book at him (1)

Tim C (15259) | more than 3 years ago | (#37117560)

So, keeping that in mind, you think it to be immoral and illegitimate for me to destroy him and his business, were I in a position to?

Yes, absolutely:

1) There are laws in existence to prosecute exactly his type of behaviour; use them.
2) In destroying his business you are hurting his employees, their families, etc.

Re:I hope they throw the book at him (1)

ArsenneLupin (766289) | more than 3 years ago | (#37117358)

There are no circumstances in which doing the equivalent of burning down your former place of employment is a legitmate move in a dispute.

Yes, burning down your place of employment should only be done in context of insurance fraud, or to help them save costs of properly disposing of dangerous goods. But never for petty revenge!

Re:I hope they throw the book at him (1)

Bing Tsher E (943915) | more than 3 years ago | (#37117630)

No, those are wrong actions, too. There actually is a right and a wrong.

Re:I hope they throw the book at him (0)

Anonymous Coward | more than 3 years ago | (#37117424)

the closer to corporatocracy we get, the more legitimate it becomes.

Re:I hope they throw the book at him (0)

Anonymous Coward | more than 3 years ago | (#37117448)

Unless, of course, they steal your red stapler.

Re:I hope they throw the book at him (1)

hairyfish (1653411) | more than 3 years ago | (#37117554)

Of course there is. If you were a former Al Qaeda Terrorist for example.

Re:I hope they throw the book at him (2)

WillDraven (760005) | more than 3 years ago | (#37117676)

That's what I was thinking. What if your former employer is planning on doing something that could kill lots of people and the regulators/police/media don't believe you or are complicit in the scheme? Never is a pretty strong word.

Re:I hope they throw the book at him (0)

Anonymous Coward | more than 3 years ago | (#37117668)

So what was his dispute with the management that made him do this?

It doesn't matter what his dispute was. There are no circumstances in which doing the equivalent of burning down your former place of employment is a legitmate move in a dispute.

That's true. He's not an executive. And besides, executive only threaten to burn the place down if you don't pony up more cash/perks.

Although they can count on a nice golden parachute if they manage to burn the place down anyway.

Re:I hope they throw the book at him (1)

m50d (797211) | more than 3 years ago | (#37117682)

True enough, but it's still a relevant part of the news story.

Re:I hope they throw the book at him (0)

Anonymous Coward | more than 3 years ago | (#37117174)

That doesn't matter. Nothing justifies what he did. He's causing harm to others beyond whoever "wronged" him. If he was wronged in some way there are other means to gain recompense. He got fired and lashed out because he was angry, had the means to do damage, and unable to control himself. Assholes like that need to be weeded out of the gene pool as far as I'm concerned.

Re:I hope they throw the book at him (1)

epyT-R (613989) | more than 3 years ago | (#37117468)

if he was fired legitimately, I agree. if he was fired for bs, I don't. then it's the employer's fault beacuse it placed its desire to stick it to the employee over the safety of its customers.

Re:I hope they throw the book at him (1)

Viol8 (599362) | more than 3 years ago | (#37117348)

There was no excuse for what he did. End of.

Re:I hope they throw the book at him (1)

neokushan (932374) | more than 3 years ago | (#37117498)

I'm not debating that what he did was right or wrong (it's certainly wrong), all I'm saying is that there is a good possibility that his actions weren't entirely selfish. It wasn't just him that got laid off and we don't have any information on what his initial disagreements with the management were, for all we know they wanted to experiment on baby pandas (yes I know that's unlikely, but the point remains). Saying he doesn't deserve any leniency without knowing the full story is just wrong.

Re:I hope they throw the book at him (1)

circletimessquare (444983) | more than 3 years ago | (#37117580)

there's no magical hollywood plotline that justifies his actions. there's no full story needed. some people are just so incredibly selfish this level of vindictiveness makes sense to them. can you imagine what any poor woman would go through/ went through after dating this guy?

Re:I hope they throw the book at him (1)

jamesh (87723) | more than 3 years ago | (#37117642)

Saying he doesn't deserve any leniency without knowing the full story is just wrong.

As long as you know the full story of _what_ he did, then _why_ he did it shouldn't really matter unless it can be established that he was mentally incompetent at the time eg under duress (family being held hostage etc), having a psychotic episode, really really drunk/wired, upset because favourite TV show just got cancelled, or whatever else counts for "temporarily insane" these days.

Re:I hope they throw the book at him (0)

Psychotria (953670) | more than 3 years ago | (#37117300)

He could have potentially wiped out some on going expensive research while he was at it and potentially cost lives not to mention jobs at a company that obviously wasn't in the best financial health to start with. This selt centered little prick doesn't deserve any leniency.

English. Do you speak it? Your comment does not say what you think it does.

Re:I hope they throw the book at him (1)

hairyfish (1653411) | more than 3 years ago | (#37117516)

Or he could've prevented a new strain of pandemic virus from being released and saved billions of lives. Or he could've accidently deleted the winning lottery numbers Or if is Uncle was his Aunty...

I'm impressed he could do that much damage... (4, Informative)

Mysticalfruit (533341) | more than 3 years ago | (#37117030)

I usually can only destroy 10 or so vm's before my vsphere client runs out of memory / handles or just segfaults for the fun of it. Needless to say, my displeasure with that vpshere client has caused me to become somewhat of a vsphere command line ninja.

Firstly, it appears this guy was treated poorly and not only is he a nitwit, it would appear that most of his coworkers/management were as well.

Secondly, it's acts of sabotage like this that make it hard for the rest of us to do our jobs.

Thirdly, on a not so serious note... wi-fi from McDonalds? vSphere console? How did he think he was NOT going to get caught? Did he even try to wipe the logs off the vsphere server? Had this guy two brain cells in his head, he could have obliterated their infrastructure and not left a trace of evidence.

Re:I'm impressed he could do that much damage... (1)

chomsky68 (1719996) | more than 3 years ago | (#37117082)

<quote>Firstly, it appears this guy was treated poorly</quote>

Where did ya get that one from? Coz he was laid off?

Re:I'm impressed he could do that much damage... (1)

mabhatter654 (561290) | more than 3 years ago | (#37117352)

THIS is why companies "perp walk" you to the door IMMEDIATELY after you had in the letter to resign. They certainly don't let you come back as a contractor... Unless you are leaving for a scheduled retirement or something amicable.

As much as the "perp walk" seems like a bad thing, it helps make sure YOU don't get accused of crap like this later on.

Re:I'm impressed he could do that much damage... (5, Insightful)

BeShaMo (996745) | more than 3 years ago | (#37117550)

What's to stop you from backing up their sensitive data and creating your back doors before you hand in your letter of resignation? If you treat your employees well, and create an atmosphere of mutual respect, when the time does come to part ways, the last month or two of employment can be constructively used to tie up loose ends and easing the transition to the next guy. If you, as an employer, have a policy of escorting someone from their workstation the moment they hand in their resignation, you're basically paying someone to twiddle their thumbs while your remaining employees scramble to cover for the guy who now is suddenly gone with no warning, while they must be thinking whether it's really worth it, just to get the same treatment when they are leaving. The "Perp walk" is just as petty a show of revenge as the guy in TFA and as damaging to the future your remaining employees to do their job. The only difference is that it is unfortunately not illegal.

Re:I'm impressed he could do that much damage... (1)

adamofgreyskull (640712) | more than 3 years ago | (#37117726)

I've never had it happen when handing in my resignation, or seen it happen to anyone I know, or heard about it happening to anyone I know, but perhaps it depends on the events leading up to the resignation? Some people just resign because they want to move on to bigger and better things and not because they've had a spat with management. If you had, or if you were *fired* I can understand it of course.

Is it really common for this to happen over a simple resignation?

Re:I'm impressed he could do that much damage... (0)

Anonymous Coward | more than 3 years ago | (#37117240)

Violence is a sword that has no handle, you have to hold the blade.

Re:I'm impressed he could do that much damage... (1)

murdocj (543661) | more than 3 years ago | (#37117398)

Having read the article... other than being laid off, what makes you think that the guy was treated poorly?

Re:I'm impressed he could do that much damage... (0)

Anonymous Coward | more than 3 years ago | (#37117474)

I usually can only destroy 10 or so vm's

...are you joking or what. Because I hope you're joking otherwise you just might get fucked by the law.

Re:I'm impressed he could do that much damage... (1)

TheRaven64 (641858) | more than 3 years ago | (#37117582)

I hope you're joking, because if you can not think of a reason why you might legitimately destroy 10 VMs for your employer - especially if you're using this kind of system where you can easily be managing thousands of VMs - then you probably shouldn't be using a computer.

Please set up and use a documented procedure (1)

mallyn (136041) | more than 3 years ago | (#37117312)

Folks:

Please

This is one reason why we need to have a well documented and well tested procedure for the termination of an IT employee.

There need to be a group of people; not just one or two; in the company who have a *full understanding* of the network, the servers; the entire infrastructure. Those people need to get together and come up with a detail step by step procedure and then test it thoroughly.

Once they test it, they should have it reviewed by not just one, but perhaps two or three different security consultants.

This procedure needs to cover *everything*; network passwords, personal passwords, building/room access cards or keys, etc.

It should be a given that physical locks (old fashioned keys) must be changed. Assume that keys are duplicated.

It should also be a given that *all* root/system/admin passwords must be changed

If the person had any access to any private cryptographic and PKI keys, they must be revoked and replaced.

And, by the way, do you search the areas the person had access to and look for rogue modems, wireless access point, or whatever? Do you have an active inventory and configuration of your network readily available? Do you look above the false ceiling and under raised floors? Probably not. But do it. I''ve seen it all. Even a changed lock on a door that not normally used; the person put his own lock on it so he can get in after all the locks on the 'normal' doors are changed. Any extra routers on the perimeter? Yes, I have seen it. That inventory must be thorough, accurate, and periodically checked.

From experience and stories that I have seen; it is a given that if at all possible, all of the account/password/access termination must be done prior to the person knowing that they are to be terminated. I prefer to do this work over a weekend (and do thorough testing) and then formally terminate the person on the following Monday morning when the employee arrives at the building's lobby or reception.

The best places that I have seen have this procedure not only trained to several people but documented in loose leaf binders prominently on key people's desks. They also run drills periodically (with evaluation by at least one if not more external and trusted security consultants) to ensure that *every* access to the building/network/servers is secured properly.

Yes, this costs money; lots of it; but it's your darn business that's at stake

Re:Please set up and use a documented procedure (0)

Anonymous Coward | more than 3 years ago | (#37117428)

Very sound advice and this pretty much mirrors what we do in-house.

It's also worth saying that as well as daily, conventional tape backups, we take a weekly backup of all our virtual machines using the excellent (and free!) GhettoVCB script (http://communities.vmware.com/docs/DOC-8760) - it snapshots the VMs and then backs them all up (vmdk and vmx files) to a disk set in a separate server connected to the main VMWare server via NFS (takes about 3 hours to do the lot). We alternate between two destination disk sets, with one always in a fire safe on our other site, so if the primary VMs are destroyed we can eitther point the main VMware server to the copies and add them back to the inventory or, worse case, reach for the offsite backup set and a spare server.

We have simulated a major systems failure and have estimated we can get the entire VM set (12 in all, comprising Windows and Linux servers for data storage, Directory and mail services, build tools, CRM, Intranet, network monitoring etc.) up and running on a spare server within one hour and then concentrate on restoring missing data from tape. Core services (file store and email) would be up within 20 minutes.

Re:Please set up and use a documented procedure (0)

Anonymous Coward | more than 3 years ago | (#37117458)

As always, it's a balance between cost and risk. But if someone really clued happened to set out to do harm, even the commendable level of paranoia described above won't save you. What the parent describes is about the baseline level I'd expect from a medium-sized company that needs to be serious about its security, but it's not gonna happen for small businesses with only a few employees, and nor should it. After all, trying to achieve the level of precautions described here ("There needs to be a group of people; not just one or two; in the company who have a *full understanding* of the network...") is only feasible once you have a reasonably-sized pool of people who are actually capable of understanding the network in the required depth.

Re:Please set up and use a documented procedure (1)

jamesh (87723) | more than 3 years ago | (#37117606)

all of the account/password/access termination must be done prior to the person knowing that they are to be terminated

That was the joke when I used to work at <big company>... if someone's swipe card didn't let them in the building in the morning someone else would ask "oh... do you still work here?". The swipe cards were just magnetic cards and they did seem to wear out quickly so it wasn't that uncommon... but you always wondered for a second when it failed to swipe first go.

Re:Please set up and use a documented procedure (0)

Anonymous Coward | more than 3 years ago | (#37117614)

From experience and stories that I have seen; it is a given that if at all possible, all of the account/password/access termination must be done prior to the person knowing that they are to be terminated. I prefer to do this work over a weekend (and do thorough testing) and then formally terminate the person on the following Monday morning when the employee arrives at the building's lobby or reception.

How often are you firing people that you have this all down pat like that?

Re:Please set up and use a documented procedure (1)

jlebrech (810586) | more than 3 years ago | (#37117616)

Or set up a well documented maintenance plan as a sysadmin, and take that document with you when you leave.

Never publicly flame (1)

wiredog (43288) | more than 3 years ago | (#37117332)

someone who has your root passwords...

Re:Never publicly flame (-1)

Anonymous Coward | more than 3 years ago | (#37117386)

wiredog is a big dick

Protect systems from rogue admins too? (3, Insightful)

bertok (226922) | more than 3 years ago | (#37117566)

Has anyone noticed that every system claiming "enterprise" robustness only ever protect against untrusted third parties or component failure? I think there's an enormous amount of research waiting to be done to develop systems that are robust against attacks by rogue administrators. Think about it this way: a modern distributed cluster can be made robust against nuclear warfare, but not a grumpy admin!

Technologies like the kind developed by internet pirates could be applied to enterprise systems. For example, protocols like Bittorrent are designed to be robust against malicious peers. The lessons learned by Wikipedia (where everyone is an 'admin') could be applied too, such as enforced versioning of all configuration changes.

Similarly, multi-party authentication should be an option for critical enterprise systems. It should be possible to mark objects such as VMs or service accounts as "critical", allowing configuration changes only if, say, three admins authenticate together, like in a nuclear launch. This isn't a new concept -- Certificate Authorities often require secondary approval to issue certain types of certificates.

The need will become ever greater as the trend of moving away from tape towards snapshots and replicas accelerates. Do you seriously think Google backs up to tape? Or Amazon? Or any cloud provider? They don't! They just keep two to thee copies of everything, and hope that none of their thousands of administrators ever cracks and does the equivalent of "rm -rf *" on the entire cloud all at once!

Unfortunately, a business with general purpose servers running Windows or Linux are out of luck. Even if someone were to come up with, say, a virtual hosting environment that's robust against even administrators, that wouldn't prevent other mass attacks, such as formatting the SAN (shudder), deleting every object from the Active Directory domain, or my favourite: setting an encryption key on the backups for a month before leaving, wiping the password, and then formatting every server in parallel. Just resetting every password in the system at once is enough to bring most organisations to their knees, and can be done in seconds! How long would it take your organisation to recover from that? You'll just restore the AD from tape, right? Step one: log on to the backup server... err...

Remember: Mirrors won't help. Replicas won't save you. Snapshots can be deleted just like everything else. If the business didn't have off-site tape backups of everything, it's game over.

Re:Protect systems from rogue admins too? (0)

Anonymous Coward | more than 3 years ago | (#37117688)

I think there's an enormous amount of research waiting to be done to develop systems that are robust against attacks by rogue administrators.

Go read the Orange Book that the DoD published back in the 1980's along with the associated research before claiming that it's "waiting to be done".

The tl;dr bottom line is that such systems were deployed almost 20 years ago and basically died out because sys admins and users both decided they were to much of a pain to use.

For anything short of initiating nuclear war, it's just not worth it.

Instant career murder (2)

dutchwhizzman (817898) | more than 3 years ago | (#37117578)

Anyone doing this will never ever be put into a position of trust again. That is, if the potential future employer do a decent check on who's applying for the job. It doesn't matter how mad you are, you will ruin it for yourself if you do anything to harm your former employer.

keep alive (1)

jlebrech (810586) | more than 3 years ago | (#37117586)

wouldn't it be more worthwhile setting up an infrastructure which constantly needs you expertise to stay running, the day you are not there to enter the magic code then "boom". then you could successfully claim having not touched the system after your contract is up. it would have to not be a time bomb but some kind of bash commands which you enter from memory every morning.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>