×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ex-Employee Busted For Tampering With ERP System

Soulskill posted about a year ago | from the wannabe-bofh dept.

Security 178

ErichTheRed writes "Here's yet another example of why it's very important to make sure IT employees' access is terminated when they are. According to the NYTimes article, a former employee of this company allegedly accessed the ERP system after he was terminated and had a little 'fun.' 'Employees at Spellman began reporting that they were unable to process routine transactions and were receiving error messages. An applicant for his old position received an e-mail from an anonymous address, warning him, “Don’t accept any position.” And the company’s business calendar was changed by a month, throwing production and finance operations into disorder.' As an IT professional myself, I can't ever see a situation that would warrant something like this. Unfortunately for all of us, some people continue to give us a really bad reputation in the executive suite."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

178 comments

ERP (-1, Offtopic)

Anonymous Coward | about a year ago | (#43623575)

erp, as in derp.

Re:ERP (5, Insightful)

Penguinisto (415985) | about a year ago | (#43623685)

Derp is right... no better way to destroy any hope of a career, than to do something monumentally stupid like this.

I've left positions that have been, to put it charitably, crap. Once it involved hard feelings against an asshat that destroyed the department.

OTOH, the golden rule is to never touch the machinery. EEOC and labor laws be damned, HR critters do talk to each other; even if your stupid stunt never made the news, it will make the rounds. Rest assured this guy will have to move to the other part of the country at the very least.

Re:ERP (0)

Anonymous Coward | about a year ago | (#43623891)

Who cares about the HR critters. When you don't use your last boss as a reference, it's going to raise questions. And when your next prospective employer calls your old employer to ask those questions, the answers are very soon going to point you toward a growing familiarity with frozen burgers.

Re:ERP (-1)

Anonymous Coward | about a year ago | (#43624033)

Not in the US necessarily. It is 100% against the law to say anything negative about a former employee if you get a reference call.

Not that the person making the call won't figure it out when the answer to every question is "Yes, Joe Smith worked here during the period you are asking about."

Re:ERP (4, Informative)

Ammin (1012579) | about a year ago | (#43624241)

Uh, no. It's not illegal to say anything negative. There's this thing called the First Amendment. It does, however, open you up to civil lawsuits for slander and 98% of employers have decided they just don't want to take the risk of an expensive lawsuit.

Re:ERP (0)

Anonymous Coward | about a year ago | (#43624323)

Huh? Move across the country? He should be convicted for hacking a system he no longer worked at, and that conviction will follow him all across the country. There's no escaping the conviction on a background check. All employers will be able to find it, and he didn't do anything 'leet' enough to make the security companies interested in him even though they sometimes employee ex-cons.

His IT career is over. His next likely occupation is fry-cook.

Re: ERP (2)

FuzzNugget (2840687) | about a year ago | (#43624379)

Uh, yeah, a place known as "prison". What the summary didn't include is that he was charged and could face up to 10 years and a $250k fine.

Re:ERP (0)

Anonymous Coward | about a year ago | (#43624503)

no wonder he got sacked - must have real mental problems

Beats hitting printer with a baseball bat... (1)

aralin (107264) | about a year ago | (#43623631)

... right?

Re:Beats hitting printer with a baseball bat... (2)

Penguinisto (415985) | about a year ago | (#43624039)

Nothing beats hitting a printer with a baseball bat...

...unless it involves hitting a router or server with a baseball bat.

Re:Beats hitting printer with a baseball bat... (4, Funny)

NatasRevol (731260) | about a year ago | (#43624143)

Or rolling the old server off the roof. And video taping it. Through each window the server passes by. And from the ground. In super slow-mo.

Their security processes suck (4, Insightful)

Anonymous Coward | about a year ago | (#43623639)

Proves that security is a process, not a product.

I always suspect.... (1, Insightful)

i kan reed (749298) | about a year ago | (#43623647)

I always suspect that companies in these cases deserve what happens to them, even though the other party in the fiasco demonstrates their own lack of ethical principals.

It's like a psychological glitch, I guess.

Re:I always suspect.... (1, Insightful)

Anonymous Coward | about a year ago | (#43623695)

Riiiiiight. It's the victim's fault. Clearly. They could have prevented the situation, after all...

Just like it's a hot woman's fault for getting raped... she could choose how she was going to dress, after all...

Give me a break!

Re:I always suspect.... (1)

erroneus (253617) | about a year ago | (#43623741)

Actually, in the case of running business, there are a lot of "victims" in situations like this. But the business is entrusted with a lot of things and they have been show to violate that trust when they allow things like this to happen. Sometimes these types of trusts are enforced by law such as SOX or HIPPA. Other times it's merely an expectation for which a law may not have yet been written.

Re:I always suspect.... (4, Insightful)

Anonymous Coward | about a year ago | (#43623787)

He did not say it was their fault, he said they might have deserved it. Are you unable to read and parse English?

Obviously the IT worker is still a jackass and responsible for the whole thing if the summary is accurate (which it rarely is, but that's irrelevant to my point)

Give me a break with your half-assed sarcastic replies with absolutely no thought put into them.

Re:I always suspect.... (1)

Anonymous Coward | about a year ago | (#43624301)

Many people have a hard time understanding situations where both parties are guilty.

They think that if one party has some guilt, that reduces the guilt of the other party by that same amount.

It is as if they think there is a finite quantity of guilt that is divided between two people.

Of course, this metaphor makes no sense. In reality, one party can be 100% guilty of one crime, while the other party is 100% guilty of a completely different crime. Or one party could be only partially guilty due to only partial involvement and/or knowledge, while the other party remains a full 100% guilty of his part.

A victim's guilt, when present, does not reduce the perpetrators guilt. To use the OP's bad analogy, a rapist is 100% guilty of, and fully responsible for, the rape even if the victim was dressed provocatively and acted seductively while consciously entering an environment full of potential rapists and lacking in security forces. Of course, the victim is guilty of negligent and reckless self-endangerment, was clearly being damn stupid and got hurt for having deliberately put him/her self in a position to get hurt. But that guilt, though present, does not absolve the rapist of any responsibility, nor afford any extenuation.

Re:I always suspect.... (1)

Anonymous Coward | about a year ago | (#43623903)

Riiiiiight. It's the victim's fault. Clearly. They could have prevented the situation, after all...

Just like it's a hot woman's fault for getting raped... she could choose how she was going to dress, after all...

Give me a break!

It's not an all or none situation. The way a woman (or man) dresses influences those around them. If a woman dresses like she's cheap or easy, she'll attract the wrong crowd. It's akin to walking through a ghetto with bills hanging out of your pockets.

Re:I always suspect.... (1, Flamebait)

dgatwood (11270) | about a year ago | (#43624287)

Riiiiiight. It's the victim's fault. Clearly. They could have prevented the situation, after all...

Actually, yes. There's such a thing as guilt through sufficiently gross negligence. For example, if you leave your car unlocked and the windows rolled down with a stack of hundred dollar bills in the front seat, you deserve to walk back to find them gone. Chances are, your insurance won't cover such a loss, because it is, at least in large part, your own fault.

Just like it's a hot woman's fault for getting raped... she could choose how she was going to dress, after all...

This is more like choosing not to be dressed at all, while hanging around the front porch of your ex's house on a night when he always comes home drunk. Not saying the rape isn't still wrong, but you'd be hard pressed to find anyone who would give much sympathy....

Re:I always suspect.... (-1)

Anonymous Coward | about a year ago | (#43623699)

I'm 100% sure they fucked him over so hard, that he felt he had no resort.

Not surprising with how unrespected IT is as a 'profession'

Re:I always suspect.... (2)

mark-t (151149) | about a year ago | (#43623885)

Meh. Everyone has a choice. They can either take responsibility for their actions, or they can be immature and blame other people for them.

100% sure? I doubt that... unless you are saying you are the accused yourself.

Because you see, he's claiming "not guilty", so that would imply he's asserting that he didn't do it. In our society one is innocent until proven guilty, so it makes no sense for anyone other than the accused to be 100% certain of anything in that matter, let alone that he felt he had no choice.

Re:I always suspect.... (4, Insightful)

JeffOwl (2858633) | about a year ago | (#43623707)

It is entirely possible, but far from granted. There are plenty of individual tinfoil hat wearers that either don't perceive reality the way that most do or alternately don't need a reason to be a jerk. This is just one side of the story.

Re:I always suspect.... (5, Funny)

ScentCone (795499) | about a year ago | (#43623737)

I always suspect that companies in these cases deserve what happens to them

Did you see the outfit that ERP was wearing? That general ledger module was WAY above it's knee. And I think the CRM middleware was wearing a lot of perfume. Totally asking for it.

Re:I always suspect.... (1)

Anonymous Coward | about a year ago | (#43624051)

Society kills people because they 'deserve' it. That doesn't make the killing right but it also doesn't absolve the victim of any responsibility. If a woman leaves a bar with a stranger and goes to his place she may not deserve to be raped but she could have taken steps to protect her own well-being. It doesn't make the crime any less punishable but also doesn't mean it's smart to ignore preventative measures. Then again we are a society that is symptom oriented in every way.

Re:I always suspect.... (1)

Anonymous Coward | about a year ago | (#43624179)

I always suspect that companies in these cases deserve what happens to them

Did you see the outfit that ERP was wearing? That general ledger module was WAY above it's knee. And I think the CRM middleware was wearing a lot of perfume. Totally asking for it.

And of course if the entry hadn't been fully agreed to, the child process would never have been spawned. After all, the mainframe has a way of automatically shutting those things down cases of legitimate violation.

Re:I always suspect.... (0)

Anonymous Coward | about a year ago | (#43623845)

Cool story bro. Glad you're a bit of a sociopath. I hope nobody caught up in your fiasco has kids to feed or a mortgage to pay.

Re:I always suspect.... (0)

Anonymous Coward | about a year ago | (#43624037)

This is America. You're all sociopaths

Re:I always suspect.... (2)

i kan reed (749298) | about a year ago | (#43624085)

I think I just lack empathy for non-humans. Companies aren't people. When they suffer, I just see numbers changing on a ledger.

Re:I always suspect.... (5, Insightful)

RoknrolZombie (2504888) | about a year ago | (#43624261)

I think I just lack empathy for non-humans. Companies aren't people. When they suffer, I just see numbers changing on a ledger.

That's funny...when companies make people suffer that's all they notice too...

how to NOT give everyone passwords? (1, Insightful)

h00manist (800926) | about a year ago | (#43623659)

I have yet to work somewhere where the password management wasn't simply a nightmare.

Isn't there some utility that could be added to all systems and unify password management?

Re:how to NOT give everyone passwords? (4, Funny)

VortexCortex (1117377) | about a year ago | (#43623723)

No. Multi User OSs are a pipe dream. Next you'll want file level access restriction. Madness.

Is there a password management unicorn? (0)

xxxJonBoyxxx (565205) | about a year ago | (#43623739)

>> Isn't there some utility that could be added to all systems and unify password management?

I can tell you've never worked in IT by the fact you asked that question.

Re:Is there a password management unicorn? (0)

Anonymous Coward | about a year ago | (#43623831)

> I can tell you've never worked in IT by the fact you asked that question.

Not really, most IT people are pretty clueless about anything they have been personally exposed to.

Re:how to NOT give everyone passwords? (1)

ScentCone (795499) | about a year ago | (#43623745)

Isn't there some utility that could be added to all systems and unify password management?

Single sign on, and tools like Active Directory aren't just in beta testing, you know?

Re:how to NOT give everyone passwords? (2)

Penguinisto (415985) | about a year ago | (#43624087)

...and tools like Active Directory aren't just in beta testing, you know?

Nope; just that it seems like it at times. ;/

Re:how to NOT give everyone passwords? (1)

steelfood (895457) | about a year ago | (#43624491)

That requires an IT department full of competent people and not just interns hired at $10 an hour. Most systems don't talk well with each other, and require custom code to implement single sign-on. This is especially true of home-grown systems built 20 years ago.

Everybody wants to use a computer. Nobody wants to learn how or at least pay someone who knows how.

Re:how to NOT give everyone passwords? (3, Informative)

mordred99 (895063) | about a year ago | (#43623799)

Password Management is not the same as access management. In terms of password management, yes, you can standardize all systems to authenticate and authorize from a central system (LDAP, AD, RADIUS, RSA Tokens, etc.) The issue becomes when a person leaves, turn it off and all their access goes away. The issue is for proprietary systems that use things like digital certs, or that do not play well with centralized auth systems (ie. lazy programming in my book for enterprise apps).

As for the other piece, access management, this has to do with the knowledge (and proof) that a person was given access to (and what level of permissions) as well as who approved, and who implemented the account creation/deletion. There are systems which costs millions of dollars to manage access and the subsequent audit requirements around it.

Re:how to NOT give everyone passwords? (0)

Anonymous Coward | about a year ago | (#43624579)

You want something that:

* Discovers systems
* Randomizes admin passwords
* Controls access to those accounts
* Audits access, including session capture
* Allows for prompt disconnect
* Replicates storage across servers and sites (imagine losing all those passwords?)

There's a whole category of products that do that. Here's ours:

http://hitachi-id.com/privileged-access-manager/

Not Guilty (5, Informative)

Anonymous Coward | about a year ago | (#43623665)

He plead not guilty, and he's yet to be convicted, but I can definitely envision a scenario whereby shutting his account off could cause catastrophic failure of many systems. This typically happens when someone does not follow best practices with service accounts and such and is not an uncommon situation.

That being said, he could have been really fucking pissed at them and decided to fuck with shit. Some management out there can be real fuckheads to their employees.

Re:Not Guilty (1)

Stormthirst (66538) | about a year ago | (#43624075)

It's not beyond the realm of possibility for example that the IT department decided to do the damage themselves. Highly unlikely considering the level of damage done of course, but still possible

Re:Not Guilty (0)

Anonymous Coward | about a year ago | (#43624523)

He plead not guilty, and he's yet to be convicted, but I can definitely envision a scenario whereby shutting his account off could cause catastrophic failure of many systems.

That would have to be an incredibly stupid set-up. You close this guys account, other users can still use the system. You don't tie a business process to a specific user account - that is silly in the extreme. It breaks with the "people is interchangeable" idea that is so popular with management/HR.

He'll never work in IT every again... (1)

Mysticalfruit (533341) | about a year ago | (#43623683)

Nobody is ever going to trust this guy near anything production ever again... Yeah it sucks when you get terminated. There's nothing that would ever warrant this type of behavior no matter how egregious the conditions or the people were. I won't be surprised if his former employer goes to the feds and tries to argue that he be arrested on computer crimes.

Re:He'll never work in IT every again... (2)

mark-t (151149) | about a year ago | (#43623747)

He wasn't fired. He quit in a huff over not getting a promotion that he presumably felt he deserved (and apparently even gave them 2 weeks notice).

Re:He'll never work in IT every again... (4, Funny)

thereitis (2355426) | about a year ago | (#43623749)

Some people can turn a lemon into lemonade. Some can leave the lemon alone. Others turn a lemon into a rotting, worm-infested lemon, like it seems this guy has.

Re:He'll never work in IT every again... (0)

Anonymous Coward | about a year ago | (#43624021)

With computer crime laws the way they are, an employer would have a field day with him when it comes to criminal charges. Just the provision of damage more than $1000 is felony territory, and it is very easy for a company to say that deliberate damage is over a grand (hire a high-zoot contractor to mitigate damages, and you have that figure if not more.)

The county DA would also have a field day. Both a judge and a jury will hear in their minds:

DA: "Look at the damage this guy has wrought!"
Defense: *random technobabble about forged IPs*

Just like the juries who associated IPs with actual people, most will end up convicting, and the DA then can ask for the max sentence... and likely get it.

Any sysadmin who has been in the field for any time at all learns what happens to other admins who leave "surprises" behind. I've cleaned up the modified binaries and hidden cron jobs that would erase stuff should a file not be touched in a certain time, and the admin that did that ended up having to move overseas to find any work at all.

These days, the lusers tend to have Corrections Corporation of America stock, so they won't just fire, they will get the DA to prosecute.

Because "IT People" are not "Professionals" (1, Interesting)

erroneus (253617) | about a year ago | (#43623709)

I have been mulling over this fact for a while now and some conclusions have been forming that I find to be extremely disturbing.

1. Degrees in "IT" are worthless in that they do not pertain particularly well with technology as it seems to evolve very quickly.
2. Degrees in "IT" are worthless because there is no one standard like there is with law and medicine.
3. As a resort against the first two problems, the industry has favored "certifications" but the problem with that is they become little more than fancy product endorsements which, as many of us know, does not guarantee real knowledge or understanding, but only guarantees that someone has been listed as passing a test in some database somewhere.

I think item 3 really needs to be appreciated. It's all about the cert isn't it? And these certs are in specific brands and ranges of products... often specific products. Imagine (warning-- car analogy) you were pulled over by a cop and you are asked for your license to drive. You are then arrested because your license does not cover you make or model of the car you are driving.

Obviously that doesn't happen because a driver's license covers general knowledge and understanding of the rules of the road and knowledge of standards about driving and signage and the like.

Why can't we have such standards for IT? Well, for starters, companies like Microsoft can't handle standards. They have to make everything proprietary so that they can manipulate and dominate markets. This is a similar problem with Cisco though they do it all to a much lesser degree and at times use different terminology instead of different technology. (Though clearly proprietary Cisco protocols exist.)

For all of those people who have been a bit confused about the issue of standards and especially "open" standards, this may be a key issue which might help you understand why standards are so important. At present, standards are quite literally owned by business entities in part or in whole and the right to live by them come at a price... or several prices.

As a result of all of this, practitioners of IT are not all the same and can't be held to any given standard of any sort whether it is conduct or knowledge or standards of practice.

IT People are not "Professionals" as much as we would like to think we are. We can behave that way. We can dress that way. We can follow "standards" but which ones? There are so many. And so many products to endorse along the way. We are as "professional" as NASCAR drivers with dozens of logos plastered on our resumes.

How did this all happen? We can thank the likes of Microsoft for this. And until real standards are adopted world-wide, we cannot have a way forward out of this mess. Thanks to Microsoft's [successful] efforts to corrupt ISO standards, even "standards compliance" may not be an option. And who does it harm?

It harms YOU if you want to be considered to be "Professional."

Re:Because "IT People" are not "Professionals" (0)

Anonymous Coward | about a year ago | (#43623767)

We are as "professional" as NASCAR drivers with dozens of logos plastered on our resumes.

Never thought of that... I could do Dell, Cisco, HP, nVidia, and whoever else happened to be at the latest tech conference.

Re:Because "IT People" are not "Professionals" (0)

Anonymous Coward | about a year ago | (#43623815)

Imagine (warning-- car analogy) you were pulled over by a cop and you are asked for your license to drive. You are then arrested because your license does not cover you make or model of the car you are driving.

Aircraft are actually like this. You get certification for specific engine configurations. IE Jet, Prop, turboprop, twin turboprop, vectored thrust, etc.

Imagine getting pulled over, and whoops, you have an I-4 instead of the V6 your license allows. Then you lose your car, your job, and your livelihood.

Re:Because "IT People" are not "Professionals" (1)

Anonymous Coward | about a year ago | (#43623863)

If software was engineered to a creditable standard, like building a bridge, companies would shit themselves. Costs and timescales would go through the roof, filler developers wouldn't make the grade resulting in salaries booming. Unlike real engineering, software is trivial to update and patch once delivered, therefore, companies desire low quality products because given the choice the price is more important than big costs.

Re:Because "IT People" are not "Professionals" (1)

Anonymous Coward | about a year ago | (#43623897)

1. Degrees in "IT" are worthless in that they do not pertain particularly well with technology as it seems to evolve very quickly.
2. Degrees in "IT" are worthless because there is no one standard like there is with law and medicine.
3. As a resort against the first two problems, the industry has favored "certifications" but the problem with that is they become little more than fancy product endorsements which, as many of us know, does not guarantee real knowledge or understanding, but only guarantees that someone has been listed as passing a test in some database somewhere.

Science moves quickly too. Some of what was being taught 10 years ago is no longer correct, and certainly it doesn't keep you up to date with the latest thinking.

Degrees aren't to teach you a subject and that's an end to it. They give you a solid grounding in a subject and give you the skills to teach yourself about the subject. Once you graduate it's your responsibility to take that starting point and use those skills to continue adding to your knowledge, which keeps you up-to-date with the latest developments.

Certifications are simply a way to prove to a prospective employer that you know the subject. They're not needed to do the job, but are to prove to a prospective employer that you are capable of doing the task they are recruiting you for.

Re:Because "IT People" are not "Professionals" (1)

Darinbob (1142669) | about a year ago | (#43624235)

But you can't do modern science if you don't understand the science of 10, 20, 100 years ago. But in IT you can get a functional job despite being poorly educated in the field. Certs are the worst, they're nearly meaningless when viewed alone, but in some fields they're essential to even get in the door. With a million interchangeable employees it doesn't help you to say that you can learn the technology quickly, they want to see a cert that says that you can be a drone instantly. Certs give companies the tools to hire and fire quickly, grabbing up the cheapest labor without wasting time determining if the qualifications are good enough. Employers don't want IT employees who are smart and adaptable, they want interchangeable components.

Re:Because "IT People" are not "Professionals" (2)

cheekyjohnson (1873388) | about a year ago | (#43624331)

They give you a solid grounding in a subject and give you the skills to teach yourself about the subject.

No they don't; they're paper. As for giving you the skills to teach yourself about a subject? You could have done that from the very beginning.

Certifications are simply a way to prove to a prospective employer that you know the subject.

But they don't do that. Certifications test for rote memorization and not much else.

Re:Because "IT People" are not "Professionals" (0)

Anonymous Coward | about a year ago | (#43623987)

We are as "professional" as NASCAR drivers with dozens of logos plastered on our resumes.

So, we're professionals then?

I'd like to say I'm confused, but really, you're the one who's confused. Professional. You keep using that word. It does not mean what you seem to think it means.

Re:Because "IT People" are not "Professionals" (2)

mordred99 (895063) | about a year ago | (#43624089)

I don't know where to begin in response to this, so lets take this by point/paragraph.

1) An IT degree is not "worthless" because it teaches you certain technologies. You lean about specific technologies, and yes they change. However learning how a technology works (not just learning how to click a button and wow it works) is the true knowledge you are learning. I learned LDAP and Netware in college, and those technologies are fundamental to how I can look at all authorization technologies today, even though people rarely deploy true virgin implementations of those technologies today. The same can be said about modem technology. I learned how a modem worked and today, very few people still use modems. However knowing frequency multiplexing, understanding bandwidth, encoding methodologies, etc. I can know how most any telecom signal works.

2) IT degrees are not standardized. Yes, and nor should they. Universities are a bevy of politics, greed, money changing hands, etc. Curriculum are determined by committees made up from companies which are giving money to the universities to make sure they get the kinds of employees they want. Any company that wants a person can spend 30 minutes and determine if the person has the skills they want. This is called an interview.

3) IT has focused on certs. While yes, this is true, it again tells you if a person has a certain knowledge in certain areas. A company that implements certs can determine the level of knowledge required to pass them and this is no big deal either. Industry knows which are the crap certs and which are the good ones. Again, an interview can determine really quick if a person knows their stuff.

I think you are looking about this the whole way. There are IT workers, and there are IT professionals. An IT worker is an individual who only has the skills to do one specific type of task, and cannot branch out into other areas or line of work. An example of this is a desktop admin (Not all, don't flame me, just read the specifics as I state them) at a large company. If the person has only just joined, and all the know how to do is load a boot CD and ghost images, then guess what, they are an IT worker. They might expand further into creating images and doing other things on that team, but they are still an IT worker. Until they understand full system integration, app design, architecture, etc. then they know how to one specific task (or set of tasks).

A true IT professional is an individual who can work on almost any given technology, knows and has experience with most of the underlying technologies, and can quickly come up to speed with anything that is given to them. These people are rare, and people like this rarely are desired in the traditional hiring process and most the time work as consultants. Why is this? Simple, companies want IT workers. Give them a task, they do only that task. People who can see the bigger picture are not needed often, and when they are, cheaper to hire a consultant for the few weeks they are needed.

I am proud to say I am an IT professional. I have two masters degrees and several certifications after my name. I make a great living, and will be retired by the time I am 45. I can tell you that being an IT professional has not harmed me one bit. I would like to know how this has harmed me? The only way I can see it harming you to be an IT professional is if you want to do the same IT job for the rest of your life, at the same company. Not me, I want to use the knowledge, skills, and god given inquisitiveness I have to learn.

IT needs apprenticeships and trades schooling syst (0)

Anonymous Coward | about a year ago | (#43624417)

IT needs apprenticeships and trades like schooling systems.

Re:Because "IT People" are not "Professionals" (1)

mlts (1038732) | about a year ago | (#43624121)

One lesson I learned the hard way: Certifications seem meaningless to the IT person and the people immediately surrounding them. However, out of the direct hierarchy, the only thing that matters are those colorful pieces of paper with alphabet soup abbreviations on them.

In fact, I've had jobs where some muckety-muck comes in, demands every single IT person produces certificates to "prove they are capable of operating the equipment." Ironically the most experienced guy in the bunch who has been in the industry since I was in third grade got axed on the spot because he didn't bother with keeping his MC-ITP or RHCE current.

People think certificates don't matter, but saying, "RHCE, cert id " means *far* more on a resume than almost any interview questions/answers. In fact, I've sat on interviews where the HR person asked the candidate the very first thing:

"Do you have a MC-ITP? No? Exit is to the right. Please fetch the next candidate in line."

Re:Because "IT People" are not "Professionals" (1)

RoknrolZombie (2504888) | about a year ago | (#43624351)

The problem with certs isn't the certificate itself, nor the information that it's supposed to cover. It's in the 'boot camps' that teach people how to pass tests instead of understand the information. So many people buy their way to a certificate that it's significance is completely wasted - I certainly won't hire someone just because they have a certificate, and the more certs a person has the more that prompts me to test what they actually COMPREHEND instead of what they SAY that they know.

We had a guy that got hired - MCSE among various Cisco certs, was able to answer questions like he knew what he was doing. We found out a few weeks later that the dumbass wasn't even capable of connecting a shared printer to the network. This isn't an isolated incident either - by far, the most intelligent IT Professionals that I've dealt with have gotten their education as a means to find a decent job, not as a means to teach them their bailiwick. Their knowledge comes first, and they only shoot for the degrees/certs when they realize that zero degrees means zero work. That's the true travesty here - not that they exist, but that the tail is wagging the dog.

Re:Because "IT People" are not "Professionals" (1)

war4peace (1628283) | about a year ago | (#43624153)

Yeah well sometimes it's not your fault. The employer throws various unrelated projects at you.
My current employer, for example. When I got hired I had to learn a proprietary product that nobody else used; it was an internal project. Afterwards, I got shifted to a team lead position so I had to learn a lot about leading people; then I found an opportunity and moved on to become a Service Delivery Manager, and that's a whole different world. Had to learn ITIL and related stuff. I have even done project management, built BRDs, etc. Then there were re-orgs, so I had to learn CRM applications, then CRM reporting, then SQL, then a wee bit of Linux/Solaris Administration, then most recently OBIEE analysis and dashboards and there's where I am now.

Apart from that SDM opportunity, nothing else was my choice per se. It was a matter of changing responsibilities, decisions being made by powers that be without even asking "are you okay to have all your work taken away from you and be reassigned to a completely new position with no payment increase whatsoever?".

Oh yeah, and I don't work for Microsoft (never did). Don't blame one company for a general trend. They're just... playing along.

It's business as usual... (5, Interesting)

Coeurderoy (717228) | about a year ago | (#43623725)

>> Unfortunately for all of us, some people continue to give us a really bad reputation in the executive suite." The only reason the executive freak out at this is because most of then have absolutelly no idea what could happen, and how it could happen... When a sales rep leaves with his or her client, an acountant make some creative acounting and buy a condo with some "reimbursment", a Marketing manager exposes the company to serious bad mojo because he can't keep his pants on, etc .... they understand what happen. But realising that they should pay the guy that has root password on the ERP server the same as the CEO since he has actually more power that the CEO, this would be scary... So nobody should do any kind of "bad stuff", and revenge no matter how justified it is, is rarely worth the time needed to execute it. (that is why we do have courts of justice, in theory at least they help "outsourcing" revenge, and make it more "educative", not that the actual implementation always work...)

ERP (1)

Ultra64 (318705) | about a year ago | (#43623731)

And what is ERP?

Re:ERP (2, Funny)

Anonymous Coward | about a year ago | (#43623829)

Wyatt's last name?

Petty stuff (1)

girlintraining (1395911) | about a year ago | (#43623733)

As an IT professional myself, I can't ever see a situation that would warrant something like this.

I can see a great many situations. But all of them revolve around people being less than professional. Just because you act professionally doesn't mean your boss will, or your coworkers, or another department that feels threatened by a project of yours, etc. You may not be petty, but a lot of people are.

And that pettiness, in the right set of circumstances, can lead to an otherwise respectable person doing something like this. Human beings have a strong need for vengance. Our judicial system is based on it, though it's not politically fashionable (or wise) to say so publicly. When someone is "getting away" with something, the aggrieved party will sometimes resort to vigilantism.

While this could be a one-off situation, and while I never would approve of such behavior, it is more likely that corporate culture played a significant role in the disaster. Without addressing those problems, starting with senior management, this company will find themselves going through this again.

Re:Petty stuff (1)

war4peace (1628283) | about a year ago | (#43624181)

It's however not applicable in this particular case. The guy was a jerk from start and he just continued to act as such. Or at least that's what I got from TFA.

ERP? (5, Funny)

Tator Tot (1324235) | about a year ago | (#43623769)

What does erotic role playing have to do with IT systems?

Re:ERP? (1)

Anonymous Coward | about a year ago | (#43624171)

In both cases you have to use your imagination to convince people you know what you are doing....

Re:ERP? (0)

Anonymous Coward | about a year ago | (#43624227)

Aight, I put on my robe and wizard hat.

Resignation == Termination? (5, Informative)

l0ungeb0y (442022) | about a year ago | (#43623807)

I actually bothered to read the article, and the ex-employee in question RESIGNED by giving two weeks notice after being repeatedly passed over for promotion.
Maybe in this day in age, we are now suposed to refer to anyone leaving a company as being terminated, but I for one think there is a profound difference between terminating an employee vs their departure on their own accord.

With that said -- seeing that this guy was butt-hurt enough to leave and commit these acts against his employer shows that he wasn't working with a full-deck.
So I don't think the employer "had it coming" or provoked it -- since they seemed happy enough to employ him, but just didn't see him fit for a higher level position.

Re:Resignation == Termination? (0)

Anonymous Coward | about a year ago | (#43624255)

It's standard ERP terminology, when someone turns in their resignation then they will be terminated in the HR system, with the reason code showing resignation.

Re:Resignation == Termination? (1)

Anonymous Coward | about a year ago | (#43624319)

Two words: constructive dismissal. Treat an unwanted employee unfairly so that he quits, rather than terminate him. Saves on severance pay. Generally regarded (in sane countries) as an unfair labour practice.

Why can't the submiter RTFA before posting? (5, Informative)

Leafheart (1120885) | about a year ago | (#43623809)

So, here is how TFS starts

Here's yet another example of why it's very important to make sure IT employees' access is terminated when they are. (...)allegedly accessed the ERP system after he was terminated and had a little 'fun.

You go, RTFA and this is how it starts..

But after Mr. Meneses was passed over for promotions, he was upset enough to announce his resignation, giving two weeks’ notice. Before his final day in January 2012, colleagues caught him copying files from his computer to a flash drive, the authorities said. They cut off his access to company servers.

So, first of all, he was not terminated, he was mad and left the company. He was still on his two weeks' notice, so, in theory, had legetimate reasons to access the servers. When the company saw an srange behavior, they cut his access. So, looks like a case of a pissed up asshole who decided to go out with a bang and got busted for it.

Re:Why can't the submiter RTFA before posting? (-1)

Anonymous Coward | about a year ago | (#43623927)

+1 informative , with my real points

Re:Why can't the submiter RTFA before posting? (-1)

Anonymous Coward | about a year ago | (#43624343)

Never ever let a disgruntled employee spend his two week notice interacting with other workers. The moment he resigns, he should be out the door, locks and passwords changed, etc.

You think that is bad?? (5, Interesting)

Anonymous Coward | about a year ago | (#43623857)

At a small company I worked for years ago there was a tendency to fire accountants (who simply didn't agree with the CFO). Turns out the CFO was embezzling funds and a number of folks just didn't want to go along with the program. So one day the CFO fired this one accountant and it was pretty bitter.

As the IT director I had advised the CFO many months earlier that IT needs to oversee all the software and accounts in the company as it is a security matter. He agreed to all but the accounting software and its controls (he didn't want anybody seeing his criminal ways).

So one day after firing the accountant, someone writes a $1,000,000 dollar check to a customer and it gets processed. Suspicious turns to the accountant having access, but there is no proof. The CEO and CFO both stop by my cubicle complaining how could this happen?? I simply told them you advised me several months back not to put the accounting software or user accounts under any IT control, even after I had warned you of the security dangers. We can't firewall a separate system that IT is not in charge of or have credentials to... Frustrated they walked away, annoyed like they couldn't blame someone for their stupidity.

I kind of felt sympathy for that accountant, although he probably should of contacted the authorities. I had not way of knowing, except rumors you hear. Pretty ballsy, but that's what happens when suits have their ego and lack of ethics... Eventually there was an investigation on the books and things flew wide open. I left the company prior to it hitting the fan.

       

Re:You think that is bad?? (1)

mowaterfowl (2859817) | about a year ago | (#43624069)

Sounds familiar. I worked for a publicly traded company where the CIO was submitting invoices (approved by him) to accounting from a regular vendor. What they (accounting) didn't catch was the remit to address was on occasion different. They assumed it was to a local office of the vendor, not it's national HQ. Come to find out, the CIO had setup a corporation and bank account under the same name, just as a legal entity in a different state.

Apparently, one day there were a few guys in suits waiting for him at the bank. When things got a little weird at the counter when he went to deposit a check, he bolted out of there. Minutes later, he bolts into the office grabs his laptop and a stack of papers and runs out off the office as fast as he could. He left skidmarks in the company garage as he left. Next day, the CFO has a staff meeting with IT and explains all of this.

At the same time, a huge merger was pendinig between the company and it's competitor. Now, this part is rumor...but apparently the FBI never showed up to the court proceedings. He apparently got away clean and became a CIO for some other company a few states away.

Re:You think that is bad?? (1)

Anonymous Coward | about a year ago | (#43624443)

Was the CIO Donald Gordon? And was the company FusionStorm?

I really don't understand people who do that (3, Insightful)

Slashdot Parent (995749) | about a year ago | (#43623887)

Why do people ever think that it's a good idea to leave a trail of destruction behind them?

It doesn't make you clever, you're just abusing access. Any idiot screw things up.

There's a huge potential downside for you: if you get caught, you face prosecution, or at the very least, a negative recommendation.

And obviously there is no upside for you. It's not like your tantrum is going to get you that job/promotion/whatever. You want them to miss you because they used to have such great quality work products from you, and now they don't have them anymore.

Awesome work, not tantrums, is what will keep you in a happy professional career.

Re:I really don't understand people who do that (2)

war4peace (1628283) | about a year ago | (#43624209)

Why does a dog lick his balls. Because he can...

Re:I really don't understand people who do that (1)

Slashdot Parent (995749) | about a year ago | (#43624295)

Why does a dog lick his balls. Because he can...

An apt comparison.

If your dog is licking his balls excessively, it could be a sign of skin irritation, infection, or injury. In other words, if your dog is really going to town on his balls, that means that there's probably something wrong with him.

Similarly, if an IT "professional" abuses his authorities to wreak havoc on an organization, there is probably something wrong with him, too.

Re:I really don't understand people who do that (1)

admdrew (782761) | about a year ago | (#43624571)

if your dog is really going to town on his balls

Annnnd here's my favorite out of context /. quote of the week (year?).

Proper procedures (1)

bobdehnhardt (18286) | about a year ago | (#43623913)

Proper procedures for any IT or security dismissal (or really, for anyone with access to sensitive/proprietary information) is escorting them from the building, disabling their access while they are being told that they're terminated. Any external access they have is revoked by the time the get to the front door; any shared accounts they know (like root, su or domain admin) have their external access suspended until the passwords can be changed. Collect their IDs, corporate cell phone, USB devices, etc. before they leave the premises; they can make an appointment to come back and get them after they've been inspected for any proprietary information. Don't let them go back to their desks and get anything - either send someone to get it for them, or tell them they can get it when they return for the other stuff.

This needs to be part of the process for ANY termination, even if the employee has been a model of behavior and is taking their change of status phenomenally well. People in stressful situations can behave erratically and unpredictably, and the organization must protect themselves against an unexpected reprisal. I've seen people throw away extremely generous separation packages in favor of revenge via venting on Facebook or sending abusive/threatening emails to the CEO. And I wondered what the hell was going through their heads, right up until I got downsized myself in the middle of the recession. I chose to accept, regroup and move on, but I now have a much better understanding of the stress something like that brings to bear.

Re:Proper procedures (1)

Anonymous Coward | about a year ago | (#43624163)

And how do you handle situations when some departs on their own accord and gives you two weeks notice.you know like the case here

Re:Proper procedures (1)

mordred99 (895063) | about a year ago | (#43624459)

You disable all but base corporate access to systems. You have the person who is leaving begin the knowledge transfer (or if you are a decent company, you were doing it already) and have all the information put on team shares, etc. So the person still does not have access to any mission critical systems, only has email and basic network share access, and then they can do nothing but damage their PC (which will be ghosted anyways) and maybe some file share or email servers. None are mission critical (yes, email is not mission critical, however much management think it is).

That is if the person is on good terms, and you want them to help you through the transition. Many companies just walk them to the door the second the two weeks is given and pay them for that two weeks immediately. No reason to risk anything.

Re:Proper procedures (1)

Kozz (7764) | about a year ago | (#43624219)

When I was preparing to give my employer three (rather than two) week's notice, I was fully prepared to be shown the door that very moment, and got all my ducks in a row just in case. As it turns out, they kept me on. But when I gave my manager my formal resignation, I also gave him a note saying (essentially), "I have accounts on the following systems.... for everyone's protection, please see that they are disabled as soon as is appropriate."

Reputation of IT folks vs... (0)

Anonymous Coward | about a year ago | (#43624043)

... Executives? Managers?

I got a chuckle out of one line: "Unfortunately for all of us, some people continue to give us a really bad reputation in the executive suite."

Unfortunately the reputation of the denizen of the Executive offices is exceptionally bad.

Trust is something that must be inspired, not commanded, and those near the higher end of the food-chain seldom inspire trust, especially given the whims that impact our ability to raise a family (much less get any semblance of work/life balance).

Been there... (0)

Anonymous Coward | about a year ago | (#43624083)

Ran an IT department, alone, that previously was staffed by, uhm, six, before the company halved in size in a post-dotcom implosion. Burned out. The ceerow just sat and watched. I still consider them debtors, but that's besides the point.

I was not a happy frog, having been well and truly cooked. Thought about it for a long time, then decided not to go through with any and all plans to harm the company. Tried to tell the nitwit CFO just how close I'd been to causing some spectacular delayed digital fireworks during my "exit interview". He didn't get it.

And closing down my accounts? Hah. I let myself out, closed my own accounts, all but one that I couldn't close entirely. Without leaving back doors or anything. Really.

Moral of the story? Eh, I dunno. They got off lucky, even though I didn't. If there's a moral it's the same with every parting under storm cloud cover:

It's usually a better idea to not massively piss off the people that hold the keys to the corporate crown jewels. You don't want those people to be mentally unstable, and so you don't want to drive them stark raving mad either. That doesn't justify vengeful actions, but an apple a day keeps the doctor away, no?

If IT is important to your company, you have to carefully select and take good care of your IT people, too.

"I can't ever see a situation that would warrant.. (1)

0xG (712423) | about a year ago | (#43624203)

You have never worked for Computer Associates, obviously.

My take: IT will never be "professional" (1, Insightful)

ErichTheRed (39327) | about a year ago | (#43624259)

There are two things that really bug me about this story and stories like this:

  • - (Obviously) The employer wasn't able to effectively lock the former employee out of the system
  • - Because of idiots like this (assuming he did it,) IT will never be considered a profession

One of the things I would really like to see before I retire is the ability of IT / systems engineering to grow up a little bit and attain the same level of recognition that professional engineers enjoy. I'm old and curmudgeon-y at 38, but one of the things I've consistently seen throughout my career is examples of stuff like this. When standards are put in place (see ITIL as an example,) they are implemented so poorly or are so rigid that they remove any critical thinking from a process. I know many support people in ITIL shops who have quit out of the sheer frustration of paperwork and being limited to pushing pre-defined buttons at pre-defined times. This kills the pipeline for new engineering talent, and we're increasingly at the mercy of high-paid vendors and vendor consultants. In my opinion, this needs to change.

The problem is, how do we do it? A basic engineering education has math, physics, mechanics, thermodynamics, etc, to fall back on. The fundamentals in these subjects change very rarely. Let's say for the moment that "IT" represents the computer systems engineering field, even though I know the term encompasses tons of technician roles. When you dig down into the fundamentals of IT, you're dealing with the interoperability of computer systems, networks, storage, and so on. The concepts are all the same, but the layers on top keep getting changed every few months as new technology comes out. In many cases, old technology gets trotted out again with new underpinnings attached -- see the rise of virtualization and the parallels to the 70's timeshare concept. Sometimes it's change for the sake of change (and a cut of the App Store pie) -- see Windows 8. The field is definitely not static, but neither is engineering. New methods and materials are tried all the time, and if one works better it displaces the old one.

One thing an engineering curriculum that leads to the possibility of PE licensure has is an ethics component. Sure, some people may consider it a joke, and think following ethical guidelines is for suckers when executives get away with things all the time. But, it's there. IT as it is now doesn't really have something like this. How many sysadmins do you know that behave like a slightly less criminal version of the BOFH [theregister.co.uk]? I've seen a lot of this behavior, and there's very little done to combat it. Because I'm an ethical idiot, I point out things like the loopholes this guy probably exploited to get his revenge. I've often walked into situations where I've been accidentally granted way too much authority. I don't know about you, but my first reaction isn't to exploit it -- I've politely explained, "Look, I know I can do xyz with my privileges, but I really shouldn't be able to. Please take this away from me." Why? Because I really like the work I do, and I want to keep doing it. The guy in this article is going to be lucky to have any sort of job, let alone work in the IT field again, even if he's found not guilty.

I know that a lot of the problems with education rest with the fact that we trust vendors and their certifications to fill the gap in fundamental knowledge. I absolutely hate vendor "whitepapers" that promise a "deep dive" on a technical subject and are thinly veiled advertisements for a product. Having only that as an educational resource leads to people who have a very vendor-centric view of the world. My natural reaction when faced with an unfamiliar system is to dig in to the details and figure out what's going on under the hood. Vendors don't want you to do that, and employers are happy because the vendor they chose just happens to certify "professionals" who "know" the product in question.

Computer systems are absolutely fundamental to the work we do these days. In my mind, having a "professional profession" is the best way to keep systems stable. And yes, that means that professional systems engineers would need to guarantee their work and sign off on it. Therein lies the other problem -- lots of "IT professionals" don't want any sort of regulation or responsibility for their work. I would welcome it, even if I had to pay for liability insurance. Without some formality around what we do, we will always be the scary basement dwelling nerds that are feared by the executives.

Don't piss off the people you are firing (1)

gweihir (88907) | about a year ago | (#43624333)

They always have insider-knowledge. They always can do serious harm.

Treat them with respect, justify the firing rationally, help them find a new job, give them a good recommendation, etc. And once you do that, your risk of them sabotaging you drops tremendously. If you treat them like trash, they will not retain any shred of loyalty to you. Rather obvious, I would think.

Interestingly, in many civilized countries, you routinely stay on and work after having gotten a termination notice or resigning until the termination date. This "remove all access immediately" is an US thing, bit not thought to be necessary in a lot of places. My guess is that it comes down to the way employees are viewed and treated.

While this guy was an *sswipe... (4, Insightful)

macbeth66 (204889) | about a year ago | (#43624367)

Unfortunately for all of us, some people continue to give us a really bad reputation in the executive suite."

Sorry, but nothing, and I mean nothing, compares with the the bad reputation the executive suite has with everyone one. Psychotic bastards, the lot. Have you forgotten the whole banking fiasco that caused a massive economic meltdown? So, I think if anyone has a reputation to fix, it is upper management.

It's not just IT (1)

guruevi (827432) | about a year ago | (#43624419)

There are plenty of operations in the business world where people can fuck over the company they're working for. Sales people sometimes take customers from place to place, mechanics may do stuff that only "they can repair", HR folks and bookkeepers could make or document minor discrepancies and either use blackmail to keep a job or report everything to a state inspection agency.

It's the same problem if you don't deactivate access cards or change keys - you can still come on the property without raising attention and throw a wrench somewhere. However most people still have the idea that computers are "magic" and either does everything automatically or doesn't have an impact on their business. They basically treat IT people as the guy that unclogs the toilet and cleans the offices, once they're not around or they intentionally do something wrong, then it gets noticed but otherwise they're "replaceable" and an expense that doesn't generate any ROI.

It only gets to the news because many people (journalists, bloggers etc) treat their own computers as "magic" and thus everything that happens remotely related to a computer is the witches fault so burn the witch!

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...