Slashdot Mirror
IT Worker's Revenge Lands Her In Jail
aesoteric writes "A 30-year-old IT worker at a Florida-based health centre was this week sentenced to 19 months in a US federal prison for hacking, and then locking, her former employer's IT systems. Four days after being fired from the Suncoast Community Health Centers' for insubordination, Patricia Marie Fowler exacter her revenge by hacking the centre's systems, deleting files, changing passwords, removing access to infrastructure systems, and tampering with pay and accrued leave rates of staff."
Every time some person does stuff like this and it hits the press, every other IT person ends up suffering when the PHBs realize what the sysadmin or the Cisco guy is capable of.
Will this mean better security? Of course not. It just means that oftentimes someone who shouldn't have access to enable secrets or root passwords gets those as a "backup".
Person commits crime, goes to jail. Fascinating reporting there.
Give me Classic Slashdot or give me death!
I love how computer crimes are measured on an entirely different scale to all other crimes. While I think her crime was serious, when you look at the prison sentence relative to other things it seem disproportionate. If she had done the same thing without a computer I bet she would see less than 1/2 the jail time.
Suncoast Community Health Centers for hiring such imbeciles to entrust with the health of you and your relatives!
is she hot?
Also, does she run linux at home?
Violence is the last refuge of the incompetent. Polar Scope Align for iOS
"Revenge is a dish best served cold." (or by Anonymous, on your behalf...). A massive grudge-hack spree 4 days after your termination suggests that A) IT didn't have its shit together and B) You are now suspect #1.
Unless you are very good, you aren't going to avoid leaving enough of a trail that wriggling out of the "#1 suspect" spot will be easy or comfortable...
Fowler's attack on the company's firewall, which had caused a "lockout", took Federal Bureau of Investigations (FBI) three months to resolve.
What? Seriously. What? What the hell is a lockout and why would it take anyone three months to solve a firewall issue?
The prics of stupidity are going to have a field day with this one.
or did she use passwords she already had to get into the system? I wouldn't be surprised if this was yet more abuse of the word "hacking".
One important thing about getting out of the number one spot, don't broadcast how you would get out of it on Slashdot.
Fight Spammers!
Not that odd. The rest of the world reports on news from the rest of the world. It's only inside the borders of the US that the news programs seem to stop at the national border.
Ceci n'est pas un sig.
Will the pric of stupidity stand up in court, or will she be put through the penal system?
Ceci n'est pas un sig.
http://xkcd.com/538/
Sounds like she got what was coming to her. Whether or not she had a legitimate grievance with her employer is irrelevant; you just don't pull shit like that. Period.
Hmmm, given that this is not the first time this kind of thing has been in the news, you'd think that companies would not leave a single point of failure like this in place. You always have to be ready for someone with privileges to go rogue, especially when terminating them. During the tech bust of the 90s I remember IT people being routinely escorted from the building during layoffs, not even allowed to turn their computers back on. It was brutal, but I could see how some of those guys could go rogue and do a lot of damage.
To the making of books there is no end, so let's get started
They noticed the event on March 17th and jumped into action and had it stopped a little after April 1st. Well, just a second there, professor. We, uh, we fixed the *glitch*. So she won't be receiving a paycheck anymore, so it'll just work itself out naturally.
Sounds like she tried to start a mutiny or something!
Perhaps she refused a code red?
Seriously how can someone that works in IT at a freaking community health centre get canned for insubordination?
Maybe she had good reason to trash their systems... I'm guessing rogue AI.
FBI Agent A: "Decrypt their firewall."
FBI Agent B: "It's no use! She used a lockout code and quantum-encrypted the datagrams with 3000-bit MD5!"
FBI Agent A: "Damn. We'll have to hack all their IP addresses by hand. Start writing a GUI in Visual Basic."
Three months later...
fBI Agent B: "Success!"
FBI Agent A: "How did you get past that firewall? Did you spoof the ARP cache in order to cure the DNS root poisoning?"
FBI Agent B: "No, we took the machine off the network and replaced it with a new one."
FBI Agent A: *looks at Agent B baffled*
FBI Agent B: "We cut the binary stream on the physical level and installed a dummy firewall using authorized intrusion methods."
FBI Agent A: "Why didn't you say so? Learn to express yourself properly, boy."
FBI Agent B: "Yes, sir."
USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
The best revenge is to become successful. I'll never forget the feeling of driving up to a user group meeting, whom an ex-boss was a participant in, with my new BMW.
1. What the hell are the feds doing here? Is everything a federal crime nowadays?
2. $17,000 of damage is worth how many months in jail? Really?
3. How can it possibly take months to resolve the problems?
There is surely more going on here that is being reported. I especially wonder about (1)
Enjoy life! This is not a dress rehearsal.
1. Why didn't this woman do this in such a way that it couldn't be traced back to her? 2. Why did the employer not change all critical passwords and accesses when the woman was terminated? I think both the employee and employer are guilty of terminal stupidity here.
This is a demonstration of incompetence in the company. I have, in the past, been the person who's job it was to secure a system after the firing of a guy who had "the keys to the kingdom". He was called in to the termination interview, and by the time he came back out, his windows and unix accounts was frozen and archived, his remote access credentials were revoked, his email was redirected, and his keycard was invalidated.
What do you want to bet that this will encourage employers to fire anyone on the spot who gives a resignation, dares looks for a job, or gets a call for a reference from an employee who still works for them.
After all if you want to leave you *could* be disgruntled and need to be fired right on the spot and escourted out. This has a double bonus of making I.T afraid to leave as they will be canned if anyone calls for a reference. that means more hours, abuse, and less pay. This worker just makes life more difficult for the rest of us. I read about these employers here and during the recession this has become more common as the accountants want to minimize damage to their I.T. systems.
http://saveie6.com/
This should be in Security, IT, or even YRO... idle is the completely wrong place!!
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
I'll admit, the tactics she unleashed on the company infostructures were somewhat unimaginative. It's possible to cause havoc simply by encrypting everything you're supposed to encrypt as a matter of company policy, giving your supervisor a copy of each of your passwords, leaving under a stormcloud -- and forgetting what all those passwords actually were when they call you weeks later to find out what your password was.
I love information entropy. It's like arson, only the only accelerant you need is your boss' inability to conceive why it might be important to keep those little scraps of note paper. The neat thing is, I always chose SECURE 32 byte passwords, so forgetting was just a matter of non remembering on a daily basis.
``Tension, apprehension & dissension have begun!'' - Duffy Wyg&, in Alfred Bester's _The Demolished Man_
Your description and vision of the workplace is a totalitarian nightmare, not even the military is as cut and try as you describe.
You allow the boss of a worker to be rule with impudence and sharply criticize a worker who does not think of their employer as a slave owner or overlord.
The fact is, any employee can refuse to do anything, and expect that they will at least get a fair hearing from the boss's boss about why they refuse to carry out a specific task.
Yes, under certain circumstances, like a service worker at a small owner-run restaurant, the boss really is a dictator...but even then there are checks...if a restaurant gets a bad reputation they will not be able to find good help, and after a few iterations of the cycle they'll be headed straight for bankruptcy, i've seen it...when a small business gets a reputation as bad employers the word spreads and employees start to not care if they steal or do a bad job for you...
Consequences have actions, and there is a proper way to handle greivances...people like you perpetuate the boss as slave owner mentality...stop it! demand fair treatment!
Thank you Dave Raggett
Dude, if anyone fucked with my accrued vacation, live entry into a running woodchipper would be too kind.
September 2011: Looking for Cocoa/iOS work in Boston area Cocoa Programmer Quincy, MA