88% of IT Admins Would Steal Passwords If Laid Off

narramissic writes "According to identity management firm Cyber-Ark's annual 'Trust, Security & Passwords' survey, a whopping 88% of IT administrators would steal CEO passwords, customer database, research and development plans, financial reports, M&A plans and the company's list of privileged passwords if they were suddenly laid off. The survey also found that one third of IT staff admitted to snooping around the network, looking at highly confidential information, such as salary details and people's personal emails."

Not reasonable

[linear+a]

Sounds like an unreasonable estimate to me. If people were that vindicative and dishonest then IT (and similar) systems wouldn't ever keep working.

Re:Not reasonable

[mccabem]

Sounds like an unreasonable estimate to me. If people were that vindicative and dishonest then IT (and similar) systems wouldn't ever keep working.

Why is Parent comment not modded "Funny"?

A) I don't know if I would have guessed these numbers exactly, but it certainly shouldn't be a totaly surprise to anyone who's worked in IT for any length of time. B) 300 is not even close to a statistically relevant sample size.

That said, the part that I think is interesting is that this corruption is more intense the higher you go in the corporate ladder. What makes that funny upon interesting is that I think the C-level folks may think they're the only ones who do this - this article might actually be news to them. Now that is funny!

Layoffs, by the same token, in practice are generally every bit as corrupt, vindictive (in who gets selected to go) and dishonest (they're usually to boost quarterly profits). Businesses still work (relatively speaking anyway) in spite of that as well.

I'd say this article and the study itself are slanted against workers.

-Matt

P.S. This is another POS Computerworld article - Computerworld UK this time. IMHO, anyway.

Re:Not reasonable

[Lobster+Quadrille]

The odds of running into a malicious hacker when looking for technical help are nearly nil. Hackers simply don't work this way.

It's called Google, and hackers absolutely do work this way. I should know.

Let me tell you a little story.

I am a penetration tester by trade. I was tasked to look into a particular company's custom-built project-management app, which I had no prior knowledge of, access to, or even IP addresses for.

After a bit of googling, I came up with the names and email addresses of a few developers (some of whom no longer worked for the company). Googling those email addies, I found posts on various forums for MsSQL administration, ASP coding, and cisco routers. Within only a few minutes, I knew the hardware that the system was running, the firmware version on the router, the technology in use, and even had some code samples pulled straight from the app.

I located and compromised that application with no prior knowledge in less than an hour.

Having other people "check your work" is a GOOD thing and it's how IT security is actually improved in practice

Yes. Having Project Managers, your programming peers, and a security auditor with an NDA check your work is a good thing. Having some random guy on a forum check your work, and publish the results where they will be archived, index and searchable forever, is an extremely stupid idea.

Re:Not reasonable

[Phroggy]

I've been on the other end of that kind of thing. I had a client, who had an employee they suspected of doing something shady. The employee had already given notice that she would be leaving the company, and was finishing up her two weeks or whatever. Anyway, the boss asked me to set up her e-mail account to forward a copy of all her e-mail to him, so he could essentially spy on her incoming e-mail without her knowing about it.

I weighed the moral implications briefly, and decided that since this is a company e-mail account intended to be used exclusively for business purposes, and there was a specific issue he wanted to investigate, I didn't have a serious moral objection. Not entirely comfortable, but he's the boss.

The trick was, their ISP was hosting their e-mail accounts. They didn't have a domain name, just individual mailboxes for a couple of people. So I called them up, explained that I was the company's IT guy, and asked them to set the mailbox in question to forward a copy of everything to the owner's e-mail address. I gave them the address to forward the mail to. They set it up without question.

Betray the betrayer?

[knarfling]

When someone is laid of for no apparent reason, they often feel hurt and betrayed. A natural reaction is that the trust between them has already been destroyed.

At one company I was with, a sysadmin was on a conference call, and had his hands full when the call ended. The CEO never hung up the phone, and started talking to his assistant about people loosing their jobs and how much severance would be paid. The sysadmin, who probably should have hung up when he was first able to, couldn't resist listening for a short time. After a couple of minutes, the CEO finally realized that his phone was still on, and hung up the line. By that time, the sysadmin knew that several people would be laid off soon, but not how soon, or which people.

He informed a couple of his friends that the company was in worse shape than he had realized, and discretely began updating his resume. Within a month, the company was bought out and closed down by another company and everyone lost their jobs. He was asked to stay on as part of the transition team and that the new company would pay him, but after a couple of days, it was clear that he had been working for free and the new company was not going to honor the agreement.

At that time, he still had sysadmin access, and began to look through emails of the former employees. Some, including the CEO, were still getting and sending emails through web access through the old company server. He learned that although the board of directors did not want to spend the money to make sure that the fired employees could still have health insurance for a couple of months, they were willing to give the former CEO $25,000 for his efforts.

I have always said that a good sysadmin knows all the secrets of a company, but a great sysadmin knows when not to look. In this case, was the sysadmin justified in looking after he had been promised to be paid and then told he was not being paid? (Yes, his access should have been cut off, but he was the one who would have had to cut himself off and he was never told to do so.)

Although this situation may be unique, I think that many sysadmins may feel the same way. Once they are betrayed, they no longer feel the need to stay loyal to those that betray them.

Re:a survey

[mikael]

If you are that good as a IT admin (or any other position, for that matter), if you are that good, they will have already done more damage to the company by firing you, that you could do deliberately back to them.

Recruiters estimate that simply by firing one person and hiring another, a company will lose around $120,000 in productivity alone; HR and accounting paperwork to fire that person, redundancy payments for several months in advance, along with recruiters fees to find someone new, time taken by existing employees to interview possible candidates, more HR and accounting paperwork to hire the person if there is a match, and time taken by the new employee to get up to speed. Not even considering that other people may be waiting for various tasks to be completed by the person in that position.

Re:a survey

[Lumpy]

I agree, accidently deleting a huge database is better. go in, yank 1 cable from the back of the server and plug it back in from one of the power vaults to the Raid 50 and the raid will eat it's self over the course of 2-3 days. Without any admins familiar with it, they will not get the pile of raid failure warnings until most of the DV and files are corrupt. Bonus points if it takes 2-3 weeks and all the backups are corrupted as well.

Impossible to trace or prove anything was intentional, and it screws them good.

There are at least 80 other ways to cause gradual data corruption that without familiar IT staff on hand will grow out of control by the time someone finds it.

Screw stealing passwords or data, just start a chain of unfortunate events.

MY favorite is to make some very restrictive rules in the company firewall and then save it, revert to the old rules right before you're laid off. the date stamp will be from months previous and confuse anyone tromping around in it.

Re:Might Be Reasonable

[visualight]

I've been through a couple of layoffs. In one, the company was concerned about stealing, sabotage, and other vindictive behaviours. So they surprised everyone with two week severance packages and an escort out the door one morning. They brought in people at the butt crack of dawn to turn off every computer in the building. Later, "core" people started deserting the company, taking whatever they wanted with them.

In the other one, there was an announcement, something like, "The 20 people in this room are being laid off. Starting in two weeks we're going to lay off 4 people per week for 5 weeks. We expect you all to continue to do your jobs as well as you can *while* you look for work. Let your supervisor know of any scheduled interviews, they will be considered paid time off. As you find work report your start date so each week we can try to lay off people who already have new jobs."

The second layoff went without a hitch. The people laid off kept relations with the company, some came back later.

I know it's not the same as firing someone, but it does seem to me some companies treat laid off employees as if they've been fired.

As a former admin who was laid off...

[MerlynDavis]

I not only insisted that they change all the passwords I knew by heart, but I asked them to go through the entire list of passwords I might have access to and change them. I worked with my replacement to make sure that every password was changed properly, and that any access I might have had was closed off.

The last thing I wanted was to be in a position where someone hacked the systems and I got blamed because I "knew the passwords"....

I even handed over my personal notes on the network and had my boss shred the ones he didn't need before I left.

I can't believe there are that many admins who have that little respect for themselves that they'd be willing to steal passwords.

Re:As a former admin who was laid off...

[masdog]

That's what I did when I was walked out two weeks into my three week notice. I walked down to the office of the guy that was going to be handling my work until a replacement was found, disabled my VPN access and account in front of him and the Security manager, and then left the room as the administrator password was changed.

Even with those measures, I was still the first person blamed when one of the plant networks went down two weeks after I left (and on the first day of my new job of all times) due to a hardware failure (fiber-to-ethernet converter...and had I been allowed to have that last week, I would have been able to a few peopel to fill in for me...turning a two day outage into a five to ten minute outage).

I think all sysadmins should review this

[Abattoir]

League of Professional System Administrators Code of Ethics. I have a copy hanging on the wall by my desk and I refer to it regularly to keep me honest. Integrity is the biggest asset for any system administrator.