Fired Techie Created Virtual Chaos At Pharma Co.

itwbennett writes "Using a secret vSphere console, Jason Cornish, formerly an IT staffer at the U.S. subsidiary of drug-maker Shionogi, wiped out most of the company's computer infrastructure earlier this year. Cornish, 37, pleaded guilty Tuesday to computer intrusion charges in connection with the attack."

He is looking at 10 years in prison.

Well that was totally worth it.

Re:He is looking at 10 years in prison.

[1s44c]

Well that was totally worth it.

Indeed. Employers can be total asses but what Jason Cornish did was illegal and was going to lead back to him. How did he think he was going to get away with that?

Re:He is looking at 10 years in prison.

[WrongSizeGlass]

He's facing a maximum of 10 years wen he's sentenced. I wonder if he'd still have been pissed at Shionogi 10 years after they laid him off?

I'm not blaming Shionogi, but they certainly made a poor choice to use him as a consultant after he'd resigned due to a dispute with management. I'm sure when they laid him off two months later (along with other employees) it was the tipping point for whatever was brewing inside. When an IT person who has access to everything (or even one server) leaves you need to change every password ever created, verify every account, etc, etc. It's sounds like a bit of an over reaction, but you never know who will do what. The other clown not turning over passwords probably played a role in this too.

Re:He is looking at 10 years in prison.

[Z00L00K]

What you really should care about when it comes to IT department is to keep them happy. The cost compared to what can happen when an employee is disgruntled is minor.

And even if you remove/change all passwords - are you sure that there isn't a backdoor somewhere? Especially in a system like Active Directory where login accounts can be "hidden" anywhere in the tree. Also - some accounts can't change password easily since there are services that may depend on them - or that the password also is the encryption key. It's just a ticking time bomb in some cases.

Some of you may claim "You are doing it wrong" when you depend on "unchangeable" passwords - but in some cases there are interdependencies that causes that kind of problem. And the problems can be all the way from a background task that locks the system account because it uses the old password to encryption key based on the password for the backup solution. In some cases it's caused by the third-party software that you use.

Re:He is looking at 10 years in prison.

[SniperJoe]

I know this might not be a popular opinion, but why should a business "really care" about keeping the IT department happy over any other department? Yes, they could do a lot of damage, but so could ANY disgruntled employee who walks in with a gun and starts shooting. Companies should treat ALL employees with respect, not grudgingly cozy up to IT because they feel like IT has them backed into a corner.

The other sense that I get from your statement was that it seemed like you were blaming management here. It feels a bit like, "Well, they didn't keep their IT staff happy, so they brought it upon themselves!" We don't know what the disagreement was, nor who was at fault for that disagreement. People get in disagreements all the time about relatively minor issues. Perhaps Shionogi wanted him to do something one way and he wanted to do it a different way. That's certainly not worthy of revenge. Right now, we just don't know. The simple fact remains that Mr. Cornish committed an act that was unethical and illegal and did substantial damage to the business. Yes, poor management controls and practices allowed this to take place, but they weren't the ones who committed the act.

Re:He is looking at 10 years in prison.

[datapharmer]

I wouldn't blame management for the damage, but it certainly is foolish to not take proper precautions when firing IT staff with administrative access. The damage a disgruntled IT employee can cause these days is akin to burning a building down 20 years ago - you could lose everything.

Re:He is looking at 10 years in prison.

[Lumpy]

That does not help. Honestly a highly skilled IT guy that understand virus writing can infect all the machines with a timebomb and you would never know it. IF he did it right and inserted the time bomb into a driver there is nothing you could do to stop it.

It's called paying IT people what they are worth and running background checks. This guy would not have had a squeaky clean past if he did stupid crap like this.

Finally having enough staff so that ANY changes are done with a peer review. I.E. Update XYZ needs to be applied. Sr IT guru does not apply it himself and deploy, it MUST be reviewed by 2 others and DOCUMENTED.

But corporations have no interest in properly staffed IT departments that are paid enough to hire competent and trustworthy people... You get what you pay for.

Re:He is looking at 10 years in prison.

The truly sad part of this is, why should a company have to be so worried about any employee in the first place? IT or project manager, or janitor, it doesn't matter.

The first thing that needs to be done is to make very sure that you know your employees. I don't care how big a company is, it's still possible to know, through delegation of responsibilities, your employees.

Second, your computer infrastructure policies need to be up to spec and setup to avoid just this kind of occurrence. This shouldn't happen in any well run IT department.

There should be no reason for an employer to fear their IT staff any more or less than any other employee. It starts with treating employees with respect.

Re:He is looking at 10 years in prison.

[erroneus]

Yes... it's the "how can you get away with it?" question that boggles the mind. If you can't think at least that far ahead, then you should refrain from doing more than "wish damage." (You know, I wish something bad would happen to them because I hate them kinda thing?)

If it were me, I would do something more subtle... something based on a cron job perhaps ... something that runs, clears out logs and other things, mounts VMDKs, deletes random files, exchanges the file names of various random pairs of documents and things like that. It would be weirdness that people would dismiss at first as human error which give the trail time to grow colder and bad backup data to get worse and then at some point just go all-out, destroying itself and the systems -- preferably killing the hardware in some way. Even then the chances of getting caught are pretty good as it would be a careful balance of luck and planning to create this gradual corruption of data that wouldn't go noticed until it was too late... perhaps only corrupt files older than a certain date which are not as likely to be accessed for a long while.I suppose that would be enough to allow the corruption of backups and such along the way...

Anyway, the first thing should always be to plan not to get caught or even suspected.

Re:He is looking at 10 years in prison.

[gatkinso]

Yeah... nobody has ever been busted for timebombing their former employers systems.

Re:He is looking at 10 years in prison.

[maxwell+demon]

And if your employer suddenly doesn't let you access the computers again, you know that he has read your post. :-)

Re:He is looking at 10 years in prison.

[delinear]

Because the IT guys can potentially do a lot more damage to your business (personal injury/loss of life aside) without even needing a gun. And they can do it from the comfort of a beach in some country that doesn't have an extradition treaty with the company's country. It's incredibly unprofessional on the part of the IT guy, of course, and not something I would ever advocate (especially if you intend to ever get another job) but it's certainly in the company's interests to at least part on good terms if you have to part ways (and always have off-site back-ups of everything mission critical, of course).

Re:He is looking at 10 years in prison.

[RulerOf]

But corporations have no interest in properly staffed IT departments that are paid enough to hire competent and trustworthy people... You get what you pay for.

That has got to be the best excuse I've ever seen to help justify spending large amounts of time on Slashdot while I'm at work.

Re:He is looking at 10 years in prison.

[Amouth]

This guy would not have had a squeaky clean past if he did stupid crap like this.

that argument fails for the first offence.

and given that each offence has the same potential - you can only use a mark on a a background as a red flag .. you can NOT use a clean record as a green flag. Companies need to profile new hires - and they need to treat employees (ALL not just IT) with respect.

Re:He is looking at 10 years in prison.

[C0vardeAn0nim0]

Companies should treat ALL employees with respect, not grudgingly cozy up to IT because they feel like IT has them backed into a corner.

i agree about treating everyone with respect, the part about being backed in a corner is mostly because IT is not the core competency of most company (IT companies like google, MS, oracle, etc. excluded), so manager don't understand computers as well as they understand their product and its market, and humans tends to be suspicious of things we don't understand, this makes it easy to put them in the corner and get concessions from them

Re:He is looking at 10 years in prison.

[mallyn]

Woe! Woe now!

If this were me . . .

The minute I leave after a disagreement with management, I would:tell them (hopefully with at least two or three people in the room for witnesses) to immediate terminate *all* of my access to *everyhthing* as I will not do any consulting for them.

I will tell them to send me my personal belongings (if I have any there I care about, as I personally have a strict policy of keeping nothing I value at the office) home and *escort me off the place immediately* and hand them my badge.

This way, there is no doubt that I have a clean break from these folks.

If something happens later on, hopefully I would be far from blame.

Re:He is looking at 10 years in prison.

Companies should treat ALL employees with respect, not grudgingly cozy up to IT because they feel like IT has them backed into a corner.

Completely agree,
I'm a programmer with a decent paycheck and reallllly nice benefits, but it was a pretty big wake up call to see how our cleaning staff was treated... My boss is more than a bit of a fratboy(privileged background, heavy drinker) and while it's his prerogative to hire/fire, he certainly exercises it freely when it's people that he doesn't see as a possible threat(e.g. cleaning staff and programmers with fingers in less projects).

I already put in my notice; I can make as much money elsewhere and possibly work for someone that is genuinely nice(or just freelance).

Re:He is looking at 10 years in prison.

[RichMeatyTaste]

Sorry but this is just another example of a company who has no idea how to properly terminate or control access. First, those service and/or other random accounts should not have the ability to remotely access systems in the first place, let alone domain admin access. Second, thanks to the miracle of PowerCLI/etc changing local passwords across all hosts (VMware in this case since it is the focus of the story) is dead simple, free, and fast. Third, if you are going to term someone with admin access you cut off their access BEFORE you tell them.
Yes changing service account passwords is difficult but it is your job as an IT staffer to let management know that downtime will be required if someone with full admin access is let go. I've been through that exercise multiple times and it took a small team of us to get it done. Once you have done it once though you know what to expect and can accurately predict how long it will take moving forward. Not only that, you can use the exercise to determine what changes to make that will simplify the process moving forward (such as less accounts with remote access rights).

Re:He is looking at 10 years in prison.

[BitZtream]

What you really should care about when it comes to IT department is to keep them happy. The cost compared to what can happen when an employee is disgruntled is minor.

Or ... have better security management and then just fire spoiled brats like this fuck.

Keep him happy? WTF?! Its work ... a four letter word ... its not the companies responsibility to 'keep you happy', only to pay you what they agreed on.

WTF is wrong with slashdotters today where they seem to think being in the IT world means the company is there to serve you rather than the other way around.

And anyone with a clue will claim they're doing it wrong, because they are. No one should 'depend on onchangeable' passwords, there are password management systems JUST TO HANDLE THIS SORT OF PROBLEM, and if everyone does their job it works just fine. The only way this sort of shit can happen is if multiple people are slacking off or in on the scam.

Again, you're inexperience and lack of understanding makes you think there is some sort of acceptable situation where this can occur because of some interdependancies ... which clearly means YOU, specifically Z00L00K are doing it wrong and shouldn't be doing it at all.

Re:He is looking at 10 years in prison.

[BitZtream]

Right, and the engineers who design your actual products ... which are the reasons the IT guys exist aren't as dangerous?

The accountants who can drain and send your entire financial portfolio to random places around the world aren't dangerous?

No, IT guys aren't special, you just think you are and you're too ignorant to realize you really can't do anything more than be fucking obnoxious. You can't do anything that someone else in the company can't do better as far as hurting the company.

It is certainly in your best interests not to try to fuck over the company on your way out the door, unless you like spending time in jail.

IT people are the most self absorbed, arrogant spoiled brats I've ever seen, and there isn't a single reason for it. Just a bunch of people who think they're smarter than everyone around them because their lack of a social life let them learn a little more about Windows than others.

Your statement on slashdot makes me realize that I probably should be okay with employers lookup up peoples online activity just so they can avoid hiring people like you and save themselves the potential of dealing with someone so disconnected from reality that they clearly don't realize what a job is.

Re:He is looking at 10 years in prison.

[erroneus]

Sounds like a great way not to get suspected :)

Re:He is looking at 10 years in prison.

[BitZtream]

Second, thanks to the miracle of PowerCLI/etc changing local passwords across all hosts (VMware in this case since it is the focus of the story) is dead simple, free, and fast.

Why exactly are your vmware servers using local accounts? LDAP exists for a reason and VMware is happy to authenticate off it. No one should have local accounts.

Third, if you are going to term someone with admin access you cut off their access BEFORE you tell them.

No, you don't. This creates massive potential problems and can become a HR nightmare and potentially dangerous to the guys turning their accounts off if the former employee finds out and then takes it out on IT rather than the HR people who are supposed to deliver the news.

Have you ever had the misfortune of turning someones account off before they were notified ... only to have them call you or show up at your desk asking why their account isn't working? Thats not a position you want to be in.

The solution is that IT and HR work together to handle those situations or that HR has the ability to terminate employee access themselves, and they do it as part of the termination process with the employee physically in front of them.

Yes changing service account passwords is difficult

Then you're doing it wrong and you should be fired. You seriously need to learn how account management should be done and the tools available to help you do so. You should be using a password management system that tracks all passwords and requires all password changes go through it, then you make it policy for two factor verification of any new IT related software to verify the new software is properly linked up to the password management system, meaning not only the guy who installs it, but someone else verifies the pw management system is linked and working properly.

These problems have been solved for 30 years, you just don't know about them due to inexperience, which is why you shouldn't be doing anything like this sort of work.

Re:He is looking at 10 years in prison.

[Samantha+Wright]

Actually it sounds more like a stage magician asking an audience member to confirm, in fact, that there's nothing up his or her sleeves. With that much unprompted "satisfy yourself that there's nothing wrong!" going on, it sounds like he at least knows something.

Re:He is looking at 10 years in prison.

[Vectormatic]

Honestly a highly skilled IT guy that understand virus writing can infect all the machines with a timebomb and you would never know it

This guy would not have had a squeaky clean past if he did stupid crap like this.

These two quotes are pretty much contradictory, if an IT guy is good enough to pull a stunt without you finding out who did it, how would any past employers? At a company with any sort of normal turnover rate, setting your timebom within a two year timeframe will mean there are dozens of suspects.

Re:He is looking at 10 years in prison.

[Lehk228]

The first thing to do is not pull bullshit like this, if you really have to get revenge make an obscene photoshop of your boss and put it on 4chan, otherwise grow the hell up.

Re:He is looking at 10 years in prison.

[Z00L00K]

The problem for small to medium sized businesses is that the IT guy(s) are key players. You have maybe one or two persons that do know the system thoroughly and without their knowledge you won't even be able to read back any backup of your documents, which means that your off site tape archive may be completely useless.

And hiring more - that's a cost that can go up without creating any special benefit except for the day someone gets upset.

From your opinion it does look like you never have been working at an IT department at all - and don't have a clue about it. It also seems to me that they do have a reason to act like spoiled brats considering your attitude towards them. Maybe they have deleted your stash of porn?

Re:He is looking at 10 years in prison.

[kiwimate]

What you really should care about when it comes to IT department is to keep them happy. The cost compared to what can happen when an employee is disgruntled is minor.

Sooo, you mean, bribe them to not misbehave, essentially. How about what I should really care about is to raise standards so I don't have some childish megalomaniacal sysadmin who has far more power than is good for him.

I am really fed up with this entitlement mentality on Slashdot. Forget the whole "but the company was evil/incompetent" nonsense and self-justification. Whatever happened to personal responsibility, ethics, and the knowledge that two wrongs don't make a right? If you want to know why techies are not treated with more respect, it's because of idiotic behavior like this.

Re:He is looking at 10 years in prison.

[Z00L00K]

Reality is that there are always local accounts for the operating system services etc. on any computer (virtual or not) and disabling the local accounts is effectively the same thing as cutting off the branch you are sitting on the day something goes wrong.

Re:He is looking at 10 years in prison.

[Z00L00K]

Time for a check into what the reality is among almost every company.

I'm sure that you are about as popular as cholera at your workplace - even though people around you won't admit it in public.

Re:He is looking at 10 years in prison.

Yeah, because posting on a message board primarily used by a terrorist organization (anonymous) is always a good idea for staying out of trouble. For added fun he could cross post on some al Qaeda boards as well.

Re:He is looking at 10 years in prison.

[dasunt]

I know this might not be a popular opinion, but why should a business "really care" about keeping the IT department happy over any other department? Yes, they could do a lot of damage, but so could ANY disgruntled employee who walks in with a gun and starts shooting

Most competent IT individuals have the skills already to do severe damage to companies.

Most disgruntled employees don't have an AK-47 waiting on their desk.

Re:He is looking at 10 years in prison.

[cusco]

Sorry, the accounting guy doesn't have access to the backups, the security system,the phone system, can't grant/revoke remote access permissions, can't control the email server, can't corrupt the database server, and can't set an SMS or Altiris job to format the hard drive of every workstation on every desk in the company. The IT guy **DOES** have access to the accounting system and its database.

So tell me again which is more dangerous?

Re:He is looking at 10 years in prison.

[cusco]

No, don't bribe them, that only works with administrative people and salescritters. Treat them with respect and manage them decently. I realize that this whole concept is abhorent to the modern MBA, but respect goes a really long way toward preventing problems and improving productivity, and a decent manager can get twice the amount of work out of half the number of employees as the standard PHB.

Re:He is looking at 10 years in prison.

[Xaedalus]

Neither. The executive with the stock options and the direct number to his peer with the competition is the most dangerous, and always will be.

Re:He is looking at 10 years in prison.

[SilentStaid]

I like the idea behind that, but realistically is it feasible to have a peer review for every rollout? Are IT departments really under-funded more often than other departments?

I doubt it.

I find it far more likely that the IT crowd is no different than any other crowd and we just like to whine when given the soapbox to do it from. That's just my two cents though.

Frankly, I'd love the capital to hire more hands - oh well. I'm sure everyone else would, too.

Re:He is looking at 10 years in prison.

[Oligonicella]

Nope. Been in IT 35+ years. He's right. IT is just another job and being 'key players' doesn't make the employee any more deserving of coddling than someone else. Especially as this observation is rather self-motivated.

A clue to all IT personnel: You are an employee hired to do a job. Act like a friggin' professional instead of trying to be the gate keeper from Tron.

"You have maybe one or two persons that do know the system thoroughly and without their knowledge you won't even be able to read back any backup of your documents, which means that your off site tape archive may be completely useless."

First, this situation means they didn't do their job correctly. Second, that sounds very much like you approve of extortion. Your statement would be true if IT guys weren't simply strewn all about the landscape. Hire another.

Re:He is looking at 10 years in prison.

[kiwimate]

No, don't bribe them, that only works with administrative people and salescritters. Treat them with respect

Mindblowing, just how oblivious you have to be to type those 1.5 sentences in succession.

I realize that this whole concept is abhorent to the modern MBA

Sigh. Yet again the MBA thing. You know, if this guy had taken the sort of ethics class that is often a core requirement in MBA classes he might have thought twice about the consequences of his actions.

Re:He is looking at 10 years in prison.

[h4rr4r]

Try hiring a good one. Been trying here for 4 weeks.
Most are the typical MSCE morons. Could not do anything that their is not a check box or radio button for.

Re:He is looking at 10 years in prison.

[h4rr4r]

So who types in the local password the day something breaks?
What happens if he remembers it?

There are always local accounts in case of oh shit situations.

Re:He is looking at 10 years in prison.

[TheCabal]

Maybe they don't want to work for someone who can't even spell "MCSE" or use the correct "there".

Re:He is looking at 10 years in prison.

[TheCabal]

I've worked in places where local accounts were not allowed. This was enforced through an automated daily check of every workstation and server. The systems engineers didn't have the root passwords. Nobody knew what they were as they were randomly generated and NOT recorded. Everything was sudo as it was auditable in the logfiles, and we couldn't sudo su - or sudo /bin/bash, etc.. as a workaround. There were procedures if we had to actually BE root, usually involving booting into single user mode.

It's not as dire as you say it is, but sometimes it was terrible inconvenient.

Re:He is looking at 10 years in prison.

[TooMuchToDo]

Only the ones who got caught were busted for it. What? You thought all crime gets reported?

Re:He is looking at 10 years in prison.

[TheCabal]

I've seen plenty of examples of MBAs who have behaved far beyond the pale, ethically. Just because it's a core requirement for a degree doesn't mean a person may actually learn anything from it. It's been my experience that MBAs behave the least ethically of all the people I've worked with.

Re:He is looking at 10 years in prison.

[TooMuchToDo]

IT people are the most self absorbed, arrogant spoiled brats I've ever seen, and there isn't a single reason for it. Just a bunch of people who think they're smarter than everyone around them because their lack of a social life let them learn a little more about Windows than others.

Righhhhhht. And that's why Apple is currently worth more than Exxon.

IT people aren't absorbed. They're just tired of being taken advantage of. IT drives most of the world now, and most in IT realize this (hence, they understand their value).

Re:He is looking at 10 years in prison.

[nabsltd]

No, IT guys aren't special, you just think you are and you're too ignorant to realize you really can't do anything more than be fucking obnoxious.

It's pretty obvious that only someone with full administrative access to every computer on your network can do the type of damage that keeps on giving, even years after they have left.

I can think of about 10 different ways to have a task run at a given time, and I'm sure there are a lot more. I can also think of about 10 different ways to make sure that the task starting code gets put where it needs to be so it can eventually be executed, some of which would be restored from backup.

If the task wasn't "erase everything" but rather "cause subtle but painful error", it could go months before people even think it's something other than "cosmic rays". Even a re-image of the machine that seemed to be the problem wouldn't help, as multiple machines would have the problem, and spread it like any other trojan. With a really determined disgruntled admin, even a simultaneous re-image of all machines wouldn't do the job, as you'd have some data somewhere, so anything that could run a script and was backed up could reinfect the network.

Re:He is looking at 10 years in prison.

[nabsltd]

You seriously need to learn how account management should be done and the tools available to help you do so. You should be using a password management system that tracks all passwords and requires all password changes go through it, then you make it policy for two factor verification of any new IT related software to verify the new software is properly linked up to the password management system, meaning not only the guy who installs it, but someone else verifies the pw management system is linked and working properly.

None of this matters if the disgruntled IT guy was able to make sure that every time any admin user logged in, a trojan ran with no effect until after his access was terminated. Then, it started doing evil things.

Also, as far as password management goes, one of the big problems with VMware vSphere is that the management server has root access to every hypervisor. So, if the disgruntled IT guy can make sure they get access to the vSphere server (again, using the trojan that runs long after they have be de-authorized), then it's pretty easy to do exactly what TFA talks about, even if you have a "password management system". But, a truly evil person would have known the backup schedule and merely added errors to the data until it was on every backup, then wiped the sources.

Re:He is looking at 10 years in prison.

[X0563511]

I think random, sparse, relatively infrequent data corruption (eg bit flips here and there) would be far less obvious and be quite annoying...

"WTF! This memory tests fine!"

Especially if the logic bomb is buried so deep that rotates through the backups as far back as would be reasonable to restore from...

Re:He is looking at 10 years in prison.

Looking for a *nix admin? Well post info dammit!

Re:He is looking at 10 years in prison.

[kmoser]

Next time they experience any computer problems they will blame you for setting up a time bomb before you were terminated. Either way, they'll point the finger at you.

Re:He is looking at 10 years in prison.

Ho ho ho, you should be the perfect management puppy.

Keep doing it, more corporate america shoved up your ass, you clearly like it.

Come to europe sometime, you might learn something. Hint: you are not there to serve companies, nor the other way around. It's a balance. Maybe you were abused in your childhood?

Re:He is looking at 10 years in prison.

Harry: What is the first rule of the code?

Dexter: "Don't kill an innocent."

Harry: No! "DON'T GET CAUGHT!"

Re:He is looking at 10 years in prison.

..... The only way this sort of shit can happen is if multiple people are slacking off or in on the scam.

I guess you're not familiar with the concept of inheriting legacy systems then.

Again, you're inexperience and lack of understanding makes you think there is some sort of acceptable situation where this can occur because of some interdependancies ... which clearly means YOU, specifically Z00L00K are doing it wrong and shouldn't be doing it at all.

BitZtream, recognize anyone in the quote from wikipedia?

In everyday speech, "narcissism" often means inflated self-importance, egotism, vanity, conceit, or simple selfishness. Applied to a social group, it is sometimes used to denote elitism or an indifference to the plight of others.

How he got caught.

[will_die]

For those wondering how he got caught, he accessed the servers from his home also for the McDonalds just before he accessed them he purchased some food using this credit card.

Re:How he got caught.

[1s44c]

For those wondering how he got caught, he accessed the servers from his home also for the McDonalds just before he accessed them he purchased some food using this credit card.

That seems amazing stupid.

Re:How he got caught.

[Hazel+Bergeron]

(1) He will not be incarcerated for anything like 10 years;

(2) Incarceration's looking like a fine alternative to the next decade in the wild. Especially in countries with more lenient prison systems (the US is bad but not as bad as the Middle/Far East; the UK is better than all of the above).

Re:How he got caught.

[JosKarith]

Unless you've been convicted of using Facebook to incite a riot that never happened...
http://www.guardian.co.uk/uk/2011/aug/17/facebook-cases-criticism-riot-sentences

Re:How he got caught.

[Hazel+Bergeron]

I agree that those sentences are absurd and were probably set as politically motivated examples (chilling effect) to spark debate[tm], debate[tm] in UK politics being where you promote one predetermined side of an argument by occupatio over your opposition, then declare consensus among common sense[tm] folk.

The sentences do not negate my suggestion that, especially in the UK, life in prison over the next decade will be preferable to life as someone on the margin's of society left to fend for himself. It has the added political protest bonus that jailtime is extremely expensive for the "taxpayer" (newspeak for "citizen", newspeak for "subject"), especially if you are sent to a privatised jail. If you're not worried about never being able to integrate in a society which hasn't welcomed you so far anyway, what do you have to lose by imprisonment?

Re:How he got caught.

That's bullshit, McDonalds doesn't sell food.

Re:How he got caught.

UK prisons aren't that great. They don't even put prisoners in different tiers, so my uncle who had a drunk driving violation -- a two month sentence -- was in with rapists and murderers. Norway is what you were looking for. If you're a criminal, you're practically an idiot for not going to Norway to torch buildings, steal, and kill people.

Re:How he got caught.

[Runaway1956]

And, did he also use his own computer, probably running Windows, which keeps logs of contacts? Or, did he use a LiveCD, do his dirty deeds, then shut down the computer?

I know for certain that if I were to do something like this, I would NOT use an installed operating system, and I would MOST CERTAINLY not use a Windows system! Not even from a public computer, from a library, or senior citizen's center!

Re:How he got caught.

[Hazel+Bergeron]

With all respect, a drunk driver is not necessarily any safer to be around than a rapist or a murderer. Indeed, an otherwise law-abiding man who murders once out of passion could be much safer than any number of people convicted of more minor offences.

Anyway, there are different prison security categories, but not based on the criteria you're implying.

Re:How he got caught.

[darkmeridian]

For those wondering how he was in a position to cause such mayhem: "Cornish had resigned from the company in July 2010 after getting into a dispute with management, but he had been kept on as a consultant for two more months." *slaps forehead* The guy had issues with management and resigned, so they let him stay on for two more months ... because?!

However, the attack did not attack "vital" systems like research lab data. It affected emails, sales systems, and the like. Sure, that's annoying, but it was "only" $800,000 in damage. Sending this dork to ten years in prison is the same as a death sentence.

As an aside, the scariest commentary I've ever heard about the US prison system was by an inmate on a documentary, who observed, "If they keep you in here for ten years, they should never let you out." *glares menacingly at camera*

Re:How he got caught.

If you're not worried about never being able to integrate in a society which hasn't welcomed you so far anyway, what do you have to lose by imprisonment?

Your cherry?

Re:How he got caught.

You fucking idiot. I bet you masturbate to MADD literature every night.

Re:How he got caught.

[Intron]

and of course you would remember to spoof your mac address? wear a mask when you pass the parking lot security camera? put stolen license plates on your car? wear gloves the whole time?

There are a lot more traces left than just Windows log files.

Re:How he got caught.

[bsDaemon]

Unfortunately, if there are vSphere clients that run on something other than Windows, I am apparently incapable of finding them on VMWare's website. I think vSphere 5 will have a Linux client though. So, the best he could hope for it using a VM and then resetting it back to a snapshot after use.

Re:How he got caught.

[Dog-Cow]

MADD is simply mad, but a drunk driver who kills should be treated as a first-degree murderer.

I know that the uncle mentioned above did not harm anyone while driving drunk, but it is a serious problem. When you drive drunk, you are basically showing the world that you don't give a shit about anyone else's life.

Re:How he got caught.

[Dog-Cow]

A big problem with the US prison system is that it's supposed to be punishment, but the punishment is only beginning. It's practically impossible to get a good job after being in prison. You lose many fundamental rights after being imprisoned. We have the utterly unconstitutional (cruel and unusual punishment) sex-offenders registry.

Once a sentence has been served, the public record should be expunged so employers can't see it on a background check.

Re:How he got caught.

[mallyn]

"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it."

Luv it. Never heard that one. How true!

Re:How he got caught.

[xenobyte]

That was more than stupid...

1) Log on directly into one of the virtual servers.
2) Log on from there to the main server.
3) Delete the storage for the other virtual servers on that main server. Use a security wipe if possible.
4) Delete the server you're logged in through using a security wipe. That will also remove any information about where you came from. The main server will only have information on you logging in from the now securely deleted server.

Arguments about a perimeter firewall logs revealing where you came from - highly unlikely. No company I know of (except perhaps NSA) logs everything. If you've hidden your access using a standard port, odds are that access is not logged.

Oh, and for maximum damage sabotage the backup as well. Set it to backup something of no importance for a few weeks (long enough to make sure all valid backups are rotated off) so that a restore is impossible. Just stopping the job might raise an alarm (backup failed) revealing the server and what you've done.

Re:How he got caught.

[networkBoy]

Re-install windows, preferably onto a different filesystem.
-nB

Re:How he got caught.

What credit card? What are you trying to say? Did he access the vSphere servers to get to McDonalds? This makes no sense, please clarify.

Re:How he got caught.

i would just buy a second hand laptop, would drive the streets until i find a free wireless (and would change places all the time), and after the dirty deeds, i would destroy the laptop, literally. Why most of the criminals are so stupid!!!

Re:How he got caught.

[swb]

Well, from experience, it was one of two situations:

1) Guy was smart, but hard to get along with and generally not well liked. He was offered a package to resign which included two months of consulting both as a sweetener and to aid in a more orderly transition to a replacement. His entitlement, lack of people skills and resentment finally boiled over.

2) Guy was smart, but ultimately grew tired of a management team that was cheap, expected too much work and treated IT as if it was a service on par with the janitorial staff. Quits unexpectedly and management's disconnect with IT rears its ugly head as a system crisis occurs and nobody can deal with it. Employee agrees to come back on lucrative consulting terms and wreaks havoc.

Now with option 2, you have two other possibilities -- havoc wreaked was intended to be permanent, a "fuck you" revenge, OR havoc wreaked was intended to be temporary, designed to get management's attention and reclaim his resigned position at an increased salary/title/etc by heroically fixing the problems that he inflicted.

Re:How he got caught.

[BitZtream]

Can we please stop putting rape in the same category as murder.

Rape is assault, nothing more. Sure there are differing degrees of assault, but thats where it ends.

Re:How he got caught.

[BitZtream]

Sending this dork to ten years in prison is the same as a death sentence.

And I care not one bit.

800K in damages? Fuck him, he knew what he was doing. Maybe next time whiney little bitches who think they are bad ass in the IT department will think twice before being such douche bags.

"If they keep you in here for ten years, they should never let you out."

I saw that show too, the guy was a fucking murder, he isn't exactly your best example to use there, as he shouldn't be let out either way.

Re:How he got caught.

[BitZtream]

It's practically impossible to get a good job after being in prison.

Yes, thats part of the point. If you're in prison you clearly can't play be the same rules as everyone else, why the fuck would anyone want to hire you?

We have the utterly unconstitutional (cruel and unusual punishment) sex-offenders registry.

Would you rather be on the sex offenders registry ... or in jail for raping a little girl?

Let me give you a hint, axe murders even have standards that result in the rapest not lasting so long in prison.

The really simple solution to the entire problem is to simply not do bad shit.

Once a sentence has been served, the public record should be expunged so employers can't see it on a background check.

Right because they'll never commit crime again, of course, thats the exact opposite of what every statistic on the planet shows, but hey, in your fantasy world maybe its true.

If you proposed that employers could only discriminate against criminal histories that might affect their job, I'd agree with you since most of the hard core crimes still cover every job and the lighter stuff doesn't matter as much. But you didn't, you made an ignorant and irrational statement that everything should be 'Ok' after its done which is just about as naive as it gets.

Note: yes, I recognize the possibility that someone may be found guilty of a crime they didn't commit. Having been in the situation myself, I know EXACTLY how much it sucks, but you can't let the criminals continue to be criminals just because an occasional mistake is made. There is PLENTY I would change about our justice system, but NONE of it would involve making it easier on convicted criminals.

Re:How he got caught.

People like you are probably habitual drunk drivers, child molesters, closet homosexuals and drug addicts. The same as the anti-gay politicians and preachers who get caught having gay sex. Or the guys who are caught up in saving kids from child abuse who get caught humping kids or having CP.

A drunk driver should be treated as a first-degree murder? Really? I'm going to plan your death and put it into action vs I have a few drinks too many but I don't live _that_ far from the bar. Yes, pretty much the same thing. I shall vote for you in the next election!

Re:How he got caught.

[walshy007]

You can get on the sex offenders list for pissing on a tree... still think they should serve life for that?

Right because they'll never commit crime again, of course, thats the exact opposite of what every statistic on the planet shows, but hey, in your fantasy world maybe its true.

So.. you want a permanent punishment for anyone who does anything which could land them in jail... why not just kill them in that instance? The whole basis of the system is to attempt to get criminals to wish to never do such things again, what incentive do they have to do that if they are already being permanently punished regardless?

But you didn't, you made an ignorant and irrational statement that everything should be 'Ok' after its done which is just about as naive as it gets.

Permanently punishing people is cruel and unusual punishment. Should that 18 year old guy whose 17 year old girlfriends parents didn't like him shagging her have the rest of his life ruined from the resulting charges?

People need to be able to at least hold on to the idea they can have a normal life at some point, if you won't grant that, it would almost be more humane to kill them instead of permanent torture.

Re:How he got caught.

[cusco]

It never happened to you or anyone that you know, did it? Rape is not the same as assault (or battery, which is probably what you meant). A rape starts with an assault, proceeds to battery, then unlawful restraint, and generally kidnapping, before anyone's clothes are even removed. Then it gets worse. The rapist's intent is not to get laid, it's to destroy the other person.

Re:How he got caught.

[gorzek]

Mod parent up! And fuck the GP. I have never driven drunk (nor would I) and I support harsh punishments for drunk drivers as much as the next guy, but to call it first degree murder betrays such an ignorance of even basic criminal law that I question Dog-Cow's competence to do much of anything.

I would find it acceptable to treat drunk driving thusly:

1. Your first offense is a misdemeanor, assuming no one gets hurt. This is your one and only "freebie." You will also have to go to AA or a similar substance abuse group.
2. If anyone got hurt or this is not your first offense, you lose your license. Period. For good. Enjoy using public transit. (Fines and jail time can go on top of this, too, depending on severity of the incident.)
3. Caught driving drunk yet again, even having had your license revoked? Time for much harsher jail sentences. I would say if you've killed someone by this stage then you should never be let out of prison as you are clearly too dangerous to be allowed among decent folk.

I think the above is a pretty reasonable balance between giving people a chance to rehabilitate themselves and just writing them off immediately. Right now, it seems to me that people get too many chances as it is, and nothing serious is done until someone gets killed.

But to treat it like first degree murder is just beyond the pale.

Re:How he got caught.

[archen]

Considering they brought him back as a consultant, it seems he did play a key role. Seeing as how he was deleting servers, I doubt the damage was intended to be temporary.

Basically it seems like he was very much needed to keep things up and running so the correct course of action if he wanted revenge was to simply leave and not look back, and let the place crash and burn on its own. The loss in productivity and the cost of the scramble to salvage stuff that he's one of the few who knows how to fix would probably hit the company hard enough. By coming back as a consultant he only proves he's greedy, and by incurring damages directly he only proves he's an idiot.

Re:How he got caught.

[TooMuchToDo]

Dump /dev/random to the backup files; have any restore verification utilities report AOK when it reads the file. Just sayin'.

Re:How he got caught.

[swb]

What's surprising is that you CAN wreak havoc with VMware environments pretty easily in ways that junior admin staff might not be able to fix but that seasoned people could fix trivially.

You COULD remove a VM from inventory (not delete it, just make it appear gone), rename a .vmdk or edit the text .vmdk file so that the actual disk container wasn't pointed at right and appeared corrupted. With either of these, VMs give weird errors, don't start or aren't even there.

It'd be trivial to fix all of these issues if you knew what you did. Instant hero.

Even more surprising is that he was able to permanently delete anything. Most places I work with have pretty extensive VM backups and offsite VM backup repositories regularly. Entire system restores aren't complicated at all.

Re:How he got caught.

[maxume]

Right, because when shit goes sideways, the first thing the guards will do is come unlock the doors.

Re:How he got caught.

[deets52]

I know for certain that if I were to do something like this, I would NOT use an installed operating system, and I would MOST CERTAINLY not use a Windows system! Not even from a public computer, from a library, or senior citizen's center!

Why not?
1. Use a Windows system
2. Do something like that
3. Boot up to DBAN
4. ???
5. Profit!

Re:How he got caught.

[eharvill]

ssh directly to the ESX hosts or use the Live CD for VPN, rdesktop or whatever. There shouldn't have been traces on his local system.

Re:How he got caught.

[KingBenny]

please don't say that, i am guessing you have never been 'incarcerated' (sounds so civilized) , not even in the more lenient countries, so please don't say that it is a fine alternative to anything, please

Re:How he got caught.

[Hazel+Bergeron]

Insight?

Re:How he got caught.

[KingBenny]

experience ? nothing to brag about :)

Who will pay the damages? Compensation?

[aglider]

I think that hardly that moron^H^H^H^H^Htechie will have enough resources to compensate his former employer for damages.
However long his imprisonment will be, that idiot^H^H^H^H^Hpoor company will pay.
This should make it very clear than too many companies use IT just like fridges: push the plug in the socket, put a warm bottle in, wait, get a cool bottle out.
IT is not really that way. And Mr. Jason knows that very well.
Mr Jason should be hired for free as the CTO of that company and get his payroll only once the damages have been paid back.

Re:Who will pay the damages? Compensation?

[gandhi_2]

the ctrl-H thing isn't as funny or neat as you seem to think it is.

Re:Who will pay the damages? Compensation?

Oh wow.

And this was the moment I realised Slashdot was no longer for nerds.

Re:Who will pay the damages? Compensation?

[Canazza]

or modern nerds have moved on from VIM

Re:Who will pay the damages? Compensation?

Really^H^H^H^H^H^H^HWhy?

Re:Who will pay the damages? Compensation?

http://rule6.info/vi-short.html

"Ctrl-H erase last character"

HTH

Re:Who will pay the damages? Compensation?

30 years ago it was how a backspace was represented over a terminal screen. It's a reference that dates the user as an old fart who hasn't kept up with technology for decades and still secretly hopes for an Amiga comeback.

I'm sorry if this sounds harsh but GP should stop sniggering over the Jargon File and keep up with the times.

Re:Who will pay the damages? Compensation?

[neokushan]

And in case you didn't figure it out, "^" represents the CTRL key.

And oddly enough, it's not just VI - the windows command prompt works exactly the same way, open one now and hit CTRL+V (probably expecting to paste something) only to get ^V on your screen instead. But it's ok, hit CTRL+H and it'll backspace for you.

I believe its less to do with VI and it's CRAZINESS and more to do with the legacy of some keyboards not actually having a backspace key. Shock horror, I know.

(Cue the "...back in my day, we had to use TWO keys to backspace!" comments...).

Re:Who will pay the damages? Compensation?

It's hard to read through. ^HH^HT^HH^H^H.

Re:Who will pay the damages? Compensation?

I'll presume you're a relative newbie to IT -> Read all about backspace

Re:Who will pay the damages? Compensation?

Come on, backspace always worked properly on the Amiga. However, on Unix systems a misconfigured terminal was a common occurrence, and it isn't completely unknown on linux either.

Re:Who will pay the damages? Compensation?

[petscii]

word^wforshizzle!

Re:Who will pay the damages? Compensation?

[Canazza]

What I want to know is why he didn't just ^W

Re:Who will pay the damages? Compensation?

[Kulfaangaren!]

I see only one problem with that, USA has laws against slavery...something about a civil war they had a while back...if I remember correctly. :)

Re:Who will pay the damages? Compensation?

[Cwix]

Really?
That was pathetic.

Re:Who will pay the damages? Compensation?

[ZeroExistenZ]

VIM is a bit far back. I use notepad.
As a matter of fact, I use a Unix based system (Mac) and run an emulator on it (parallells) to run notepad. Because it makes me feel right at home.

I've coded industry strength software in C# in notepad. And now I'm doing the same in an emulator.

Fluent in C,C++, ObjectiveC, Java, C# and an array of scripting languages and scripting libraries (don't make me laugh the "library solutions" to attack a basic vanilla problem by "modern nerds"...)

The "nerd" is no more, if I see what comes in from IT colleges and how hard it is to find kids with the right mindset. My experience in the industry spans only 10 years, but it's becoming an aging crowd.

Go away you "modern nerd" with cheesy vampire soap and WoW nostalgia!

Re:Who will pay the damages? Compensation?

[c0lo]

I think that hardly that moron^H^H^H^H^Htechie will have enough resources to compensate his former employer for damages.

What damages? TFA mentions "virtual chaos" - why wouldn't this equate with "virtual damages" and "virtual prison"?

For those not fully awaken, I'm attempting some lame fun on the overuse of "virtual/virtualization". I've seen until now lots of abuses: "piracy is theft", "cloud", cyberwar/cyberterror (BTW, cybernetics doesn't have too much to do with computers) etc. The "virtual chaos" seems a new concept.

Re:Who will pay the damages? Compensation?

[epyT-R]

maybe employers should treat their employees reasonably and this would happen less often. the employer had all the cards here.. they could've played it any way they wanted, but no. they bated him and then stuck it to him when he bit.

Re:Who will pay the damages? Compensation?

[fuzzyfuzzyfungus]

Eh, I'm sure that if you give Visa's lawyers a call they can probably hook you up with the draft language for a 'Managed Freedom Debt Restructuring Settlement' which would do almost as well...

Re:Who will pay the damages? Compensation?

[murdocj]

As I recall, the old CRT keyboards did have a backspace key, it was just a lot easier to hit ctrl-H. The ctrl key was just to the left of "A" (somehow that got morphed into caps lock, which seems really stupid). So you could hit ctrl-H w/o ever leaving the home row. I think the backspace key was less conveniently located.

But this goes back a few years... it might well be that the first CRTs I used didn't have a backspace.

Re:Who will pay the damages? Compensation?

[Canazza]

Yes, but when you press CTRL+H in Notepad you get the Find+Replace popup, not ^H or backspace.

Re:Who will pay the damages? Compensation?

[AlecC]

Ctrl-H was backspace on paper tape machines. It dates back well before vim: I was using it in 1970, though you had to follow it with DEL to remove the mistype before retyping. It probably dates back to the 19th century.

Re:Who will pay the damages? Compensation?

[datapharmer]

Fail. Turn in your nerd card. Seriously though, if you really don't know then you should read up about control character mapping.

Re:Who will pay the damages? Compensation?

[cc1984_]

Ctrl-H was backspace on paper tape machines. It dates back well before vim: I was using it in 1970, though you had to follow it with DEL to remove the mistype before retyping. It probably dates back to the 19th century.

I hope you're joking.

19th century? Any self respecting geek knows that Vim was around well before that.

Re:Who will pay the damages? Compensation?

[rickb928]

More like some terminal emulations not implemented very well.

Re:Who will pay the damages? Compensation?

[TapeCutter]

It probably dates back to the 19th century.

I have a set of 19th century control characters, hand-carved in oak, great conversation piece.

Re:Who will pay the damages? Compensation?

[Intron]

If emacs was good enough for Leonardo da Vinci then it's good enough for me.

(BTW - that's a true statement!)

Re:Who will pay the damages? Compensation?

[Intron]

Caps lock was added so that enraged AOL users could conveniently type their manifestos for Usenet.

Re:Who will pay the damages? Compensation?

[Gonzoman]

Control H (0x08) is the ASCII code for backspace.

Re:Who will pay the damages? Compensation?

[maxwell+demon]

The reason why caps lock is above shift is that it's the position where it was on mechanical typewriters. And the reason it was there on mechanical typewriters is that it physically fixed the shift key, and therefore had to be on the metal bar connecting the shift key to the carriage.

Re:Who will pay the damages? Compensation?

[psmears]

some keyboards not actually having a backspace key

Close, but not quite... it's more to do with the difficulty of getting the backspace/delete/erase/etc keys to work properly on all the different varieties of terminal that Unix and other OSs used to support: it was very common to have the settings on the computer not match up with your terminal, in such a way that pressing the "delete" key would not delete but instead produce ^H or ^? or some other control sequence...

Re:Who will pay the damages? Compensation?

[Bigbutt]

That was my thought too. I guess we're the only geeks on the site any more :(

[John]

Re:Who will pay the damages? Compensation?

[Kulfaangaren!]

+1 Funny

Re:Who will pay the damages? Compensation?

...back in my day, backspace made exactly what it was meant to do....namely a BACK_SPACE_ ..no delete of characters whatsoever

Re:Who will pay the damages? Compensation?

[putaro]

What is this "vim" you guys are talking about? It's called "vi" - if you can say it, you can spell it!

Re:Who will pay the damages? Compensation?

[networkBoy]

Same exact thought here...
I tried that in a snarky e-mail to some of my younger co-workers the other day, they didn;t get it and asked why I didn't just use strikethrough font :(

Re:Who will pay the damages? Compensation?

[networkBoy]

+4 internets to this gentleman.
AND A GOLD STAR BECAUSE I CAN LOL!!1!1 (or something like that)

Re:Who will pay the damages? Compensation?

[BitZtream]

Especially when it comes from someone who probably wasn't even born when it was actually an issue.

Re:Who will pay the damages? Compensation?

[BitZtream]

It actually has nothing at all to do with vi and everything to do with terminal emulation and dumb terminals in general.

Learn what ASCII is and you'll get closer to the root, though not all the way to the beginning.

Anyone who thinks its got any relation to vi is rather clueless and probably just a Linux baby. Not as a dig on Linux, but generally the only people who think silly things like this are people who haven't used anything other than Linux and Windows and think they have a clue about where all these strange little quirks come from.

Control codes existed well before vi or emacs or any other app you know that you think makes you old school.

Re:Who will pay the damages? Compensation?

[JonJ]

You attack modern nerds and you use notepad inside a virtual machine? Get the fuck out of here.

Re:Who will pay the damages? Compensation?

[neokushan]

I would just like to stress that I in no way claimed to be "old school". In fact, I'm quite young, can't grasp Linuz for the life of me and feel much more comfortable in a GUI than the command line.

I'll go get my coat, now. My Geek pass is on your desk.

Re:Who will pay the damages? Compensation?

[GameboyRMH]

I cause virtual chaos in the GTA and Just Cause games all the time.

Re:Who will pay the damages? Compensation?

You're correct. I think ViM is vi with all of the why-in-the-hell-did-it-do-that of emacs.

One by one?

[MrQuacker]

Damn, he took his time. Musta felt good though.

But seriously, if you're smart enough and determined enough to do this, cant you foresee the outcomes?

tl;dr, Shoulda just spliced an ethernet cable into a power cord, added a "Never unplug this!!!" sticker, and left it by a power outlet. Once the blue smoke is released, the magic is lost.

Re:One by one?

You have inspired me! Glad I haven't handed in my resignation letter, yet...

Re:One by one?

[somersault]

Shouldn't a "too long; didn't read" section be shorter than the rest of your comment? And it should provide a summary, rather than go off on some tangent.

Re:One by one?

[ArsenneLupin]

I initially read this as "Never plug this in!", would have been more funny that way. Indeed if someone did plug it in (and someone would... idiots are everywhere...), Mr Cornish would have been able to share his punishment with whomever disregarded this clear instruction...

Re:One by one?

[jamesh]

Once the blue smoke is released, the magic is lost.

This is true of people and of computers... guess which one will get you longer in prison of you are found to be responsible for the release of the blue smoke?

Re:One by one?

[mehrotra.akash]

Wouldnt it just fry the NIC it is plugged into, or the motherboard at max?

Re:One by one?

Once the blue smoke is released, the magic is lost.

This is true of people and of computers... guess which one will get you longer in prison of you are found to be responsible for the release of the blue smoke?

Turns out that people smoke is more pork-like than blue. One thing you have to say for humanity: we are delicious!

Re:One by one?

[SteveFoerster]

But seriously, if you're smart enough and determined enough to do this, cant you foresee the outcomes?

Evidently not necessarily. This is why intelligence and wisdom are different ability scores.

Re:One by one?

Yes, the ethernet port is protected by a transformer that will have it's coil melted. It's much more entertaining to use an USB-connector or possibly a VGA and/or DVI-coneector if those connectors are available in the server room.

Re:One by one?

[Intron]

Most likely it would fry a switch, which would shut down the company network until it was replaced.

Back in the day of a single thick ethernet cable connected to every machine, this would have been really spectacular.

Re:One by one?

[mehrotra.akash]

Even in that case, the damage would be limited to a single system, probably covered by warranty.( Like Dell's completecover -- I guess something like that would be there for enterprises)

What he did was much more damaging -- Deleting all the company's servers is well, damaging

Re:One by one?

[Bigbutt]

I laughed. Thanks :)

[John]

Re:One by one?

Plug it into an expensive server, switch or router

Re:One by one?

[Skeesicks]

Are you serious, you don't know the infamous ETHERKILLER?!?!?!? http://www.fiftythree.org/etherkiller/

Re:One by one?

[ChumpusRex2003]

I tried this once on some old 100Base-SX stuff because, well, it was crap.

So, I spliced a power cord onto a patch cable, and plugged it in.

Goddam thing survived. It was like nothing happened. I guess they don't make things like they used to. :)

Re:One by one?

[black+soap]

For a first offense? maybe 6 years for murder, with bad behavior. second and third offenses, simultaneous? http://www.reuters.com/article/2011/08/10/us-execution-texas-idUSTRE7797BM20110810 That's when they get serious.

I hope they throw the book at him

[Viol8]

He could have potentially wiped out some on going expensive research while he was at it and potentially cost lives not to mention jobs at a company that obviously wasn't in the best financial health to start with. This selt centered little prick doesn't deserve any leniency.

Re:I hope they throw the book at him

[neokushan]

I believe you know the full story from both sides then, yes? So what was his dispute with the management that made him do this?

Re:I hope they throw the book at him

[ScentCone]

So what was his dispute with the management that made him do this?

It doesn't matter what his dispute was. There are no circumstances in which doing the equivalent of burning down your former place of employment is a legitmate move in a dispute.

Re:I hope they throw the book at him

That doesn't matter. Nothing justifies what he did. He's causing harm to others beyond whoever "wronged" him. If he was wronged in some way there are other means to gain recompense. He got fired and lashed out because he was angry, had the means to do damage, and unable to control himself. Assholes like that need to be weeded out of the gene pool as far as I'm concerned.

Re:I hope they throw the book at him

Yeah, all those poor investors with there millions...

Do you really have no idea how much a malicious employer can do to ruin you? I interviewed with one guy, just interviewed, and the moment I mentioned that I had a non-verbal learning disability he started shouting at me how I'd wasted his time and he ought to bill me, and he was going to lay a formal complaint with the firm that referred me. That firm, and several related firms have now blacklisted me because of that one malicious bastard being so biased against someone with something akin to dyslexia. Since that time, I've been unable to find work related to my degree, and I presently work for a minimum wage job that barely qualifies as full time.

So, keeping that in mind, you think it to be immoral and illegitimate for me to destroy him and his business, were I in a position to? The guy ruined me, just one fat prick who thinks he's above the law, and I've no comeback against him.

Personally, I'd take his house, his car, his boat, his clients, and his family if I could, right before I found the most expensive lawyer in the land to destroy his reputation, and then demand compensation and that he pay my legal costs for me. That'd be a start, anyway. If he could spend his retirement in poverty for what he did, I think that'd be fair.

Re:I hope they throw the book at him

[Viol8]

"Yeah, all those poor investors with there millions..."

*Yawn*. Can we skip the right-on reactionary socialist BS please?

"That firm, and several related firms have now blacklisted me"

No one gets blacklisted unless they're a total tool or they live in north korea. Perhaps you should give us the full story instead of your poor-lil-me abridged version.

Also its apparently escaped your notice that the guy had already been employed by the company so initially they obviously had no issue with him.

Re:I hope they throw the book at him

[Psychotria]

He could have potentially wiped out some on going expensive research while he was at it and potentially cost lives not to mention jobs at a company that obviously wasn't in the best financial health to start with. This selt centered little prick doesn't deserve any leniency.

English. Do you speak it? Your comment does not say what you think it does.

Re:I hope they throw the book at him

[mabhatter654]

ADA Lawsuit?
The case you just stated is EXACTLY what they're for.

Easy money for some vulture lawyer... As mich as we dint like them.

Re:I hope they throw the book at him

[Viol8]

There was no excuse for what he did. End of.

Re:I hope they throw the book at him

[ArsenneLupin]

There are no circumstances in which doing the equivalent of burning down your former place of employment is a legitmate move in a dispute.

Yes, burning down your place of employment should only be done in context of insurance fraud, or to help them save costs of properly disposing of dangerous goods. But never for petty revenge!

Re:I hope they throw the book at him

If your story has any truth to it, you're protected from discrimination under the ADA and you can take enough money out of that company to where you don't need to worry about working for a few years. If your reputation is already ruined, there's nothing to lose.

But since you haven't already done that I'm assuming that you're full of shiat.

Re:I hope they throw the book at him

the closer to corporatocracy we get, the more legitimate it becomes.

Re:I hope they throw the book at him

Unless, of course, they steal your red stapler.

Re:I hope they throw the book at him

[epyT-R]

people can and do get blacklisted for the wrong reasons all the time. in today's era of no-privacy, it's VERY easy. I'm no socialist, but it should be obvious that any entity in a position of power will abuse it eventually. whether it's corporate or government is irrelevant.

Re:I hope they throw the book at him

[epyT-R]

if he was fired legitimately, I agree. if he was fired for bs, I don't. then it's the employer's fault beacuse it placed its desire to stick it to the employee over the safety of its customers.

Re:I hope they throw the book at him

[neokushan]

I'm not debating that what he did was right or wrong (it's certainly wrong), all I'm saying is that there is a good possibility that his actions weren't entirely selfish. It wasn't just him that got laid off and we don't have any information on what his initial disagreements with the management were, for all we know they wanted to experiment on baby pandas (yes I know that's unlikely, but the point remains). Saying he doesn't deserve any leniency without knowing the full story is just wrong.

Re:I hope they throw the book at him

[hairyfish]

Or he could've prevented a new strain of pandemic virus from being released and saved billions of lives. Or he could've accidently deleted the winning lottery numbers Or if is Uncle was his Aunty...

Re:I hope they throw the book at him

[hairyfish]

Of course there is. If you were a former Al Qaeda Terrorist for example.

Re:I hope they throw the book at him

[Tim+C]

So, keeping that in mind, you think it to be immoral and illegitimate for me to destroy him and his business, were I in a position to?

Yes, absolutely:

1) There are laws in existence to prosecute exactly his type of behaviour; use them.
2) In destroying his business you are hurting his employees, their families, etc.

Re:I hope they throw the book at him

[circletimessquare]

there's no magical hollywood plotline that justifies his actions. there's no full story needed. some people are just so incredibly selfish this level of vindictiveness makes sense to them. can you imagine what any poor woman would go through/ went through after dating this guy?

Re:I hope they throw the book at him

[Bing+Tsher+E]

No, those are wrong actions, too. There actually is a right and a wrong.

Re:I hope they throw the book at him

[jamesh]

Saying he doesn't deserve any leniency without knowing the full story is just wrong.

As long as you know the full story of _what_ he did, then _why_ he did it shouldn't really matter unless it can be established that he was mentally incompetent at the time eg under duress (family being held hostage etc), having a psychotic episode, really really drunk/wired, upset because favourite TV show just got cancelled, or whatever else counts for "temporarily insane" these days.

Re:I hope they throw the book at him

So what was his dispute with the management that made him do this?

It doesn't matter what his dispute was. There are no circumstances in which doing the equivalent of burning down your former place of employment is a legitmate move in a dispute.

That's true. He's not an executive. And besides, executive only threaten to burn the place down if you don't pony up more cash/perks.

Although they can count on a nice golden parachute if they manage to burn the place down anyway.

Re:I hope they throw the book at him

[WillDraven]

That's what I was thinking. What if your former employer is planning on doing something that could kill lots of people and the regulators/police/media don't believe you or are complicit in the scheme? Never is a pretty strong word.

Re:I hope they throw the book at him

[m50d]

True enough, but it's still a relevant part of the news story.

Re:I hope they throw the book at him

or he just delayed one of many drug companies from making generic medicine.

Re:I hope they throw the book at him

Have you not seen I, Robot? The future begs to differ.

Re:I hope they throw the book at him

[iserlohn]

"Reactionary socialist BS"

Do you happen to live in a formerly socialist country (that is now capitalist and prosperous by creating millions of minimum wage jobs)?

Re:I hope they throw the book at him

[reitton]

There are no circumstances in which doing the equivalent of burning down your former place of employment is a legitmate move in a dispute.

What if they took your stapler and moved your desk in to the basement?

Re:I hope they throw the book at him

[Dog-Cow]

Two wrongs don't make a right. Most people are taught this when they are around the age of a first-grader.

I suggest you take some remedial courses.

Re:I hope they throw the book at him

Obviously there IS one... what if they took YOUR red stapler?

Re:I hope they throw the book at him

[DonDuke]

I believe you know the full story from both sides then, yes? So what was his dispute with the management that made him do this?

Whatever was "done" to him does not justify this action. Simply an emotionally bankrupt individual.

Re:I hope they throw the book at him

I fully agree that what he did was wrong, but if you're saying that we can only punish those who harm us if it causes no harm to anyone else, that pretty much undermines our entire legal system. Unless you don't think it harms the families of criminals locked up for stealing who then have no primary bread winner and get social stigma, etc. In fact I'd say part of the deterrent to crime is meant to be the affect it will have on others.

Re:I hope they throw the book at him

You clearly have never seen Office Space.

Re:I hope they throw the book at him

The ones suffering are his former colleagues. Who else do you think will clean that shit up. Of course, if they don't get fired first.

As for research, it's a pharma corp, the only benefit will be to themselves, can't really shed a tear about them losing some money. Besides, what kind of research would that be if they had no backups or better security?

Conclusion, judging by the facts, the guy is a jackass, and the company is lazy and cheap. They both got what they deserve. As a matter of fact, instead of jail time they should give him his job back, they'd go well together.

Re:I hope they throw the book at him

[MarkGriz]

There are no circumstances in which doing the equivalent of burning down your former place of employment is a legitmate move in a dispute.

What if they took your stapler?

Re:I hope they throw the book at him

[mapkinase]

"potentially cost lives " this was always a bullshit argument.

"not to mention jobs" - nice. Jobs > lives.

Re:I hope they throw the book at him

[Corbets]

people can and do get blacklisted for the wrong reasons all the time. in today's era of no-privacy, it's VERY easy. I'm no socialist, but it should be obvious that any entity in a position of power will abuse it eventually. whether it's corporate or government is irrelevant.

As evidenced by the nitwit about whom this article was written. He had power and abused it. It's wrong regardless of whether you're at the top or bottom of the food chain.

Re:I hope they throw the book at him

You don't have a Red Swingline stapler, do you!

Milton is not amused!

Re:I hope they throw the book at him

[geekoid]

Yes, but hos actions are in no way equivalent to burning down his former place of employment. There is right and wrong, but they aren't all the same.

Re:I hope they throw the book at him

[geekoid]

They conducted secret illegal experiments on him and his coworkers.
Well, no.

" Simply an emotionally bankrupt individual.
Probably not true.

Re:I hope they throw the book at him

[anagama]

In everything, the "why" is the MOST important part. For example, if "why" is not important, why haven't we imprisoned every person who ever killed anyone? Do that, and half the army would go away. Or what about imprisoning the people responsible for killing? Obama and Bush are certainly responsible for the deaths of many people, the reason they aren't in jail is because of the "why". Indeed, everyone who pays taxes in America has blood on their hands for financially enabling all the murder and mayhem our country has perpetrated in the last decade, yet we will go to jail only if we do NOT continue paying for murder. Like it or not, the why is the most important part in our system.

Re:I hope they throw the book at him

[DaveV1.0]

I see. So your argument is "It might have been OK because we don't know everything about the story"? That is called argument from ignorance and is a fallacy.

Re:I hope they throw the book at him

But, But, they took his stapler!

Re:I hope they throw the book at him

[DaveV1.0]

No. "What" is the most important part. "Why" can be a mitigating factor, but that is all. Your example is a false dichotomy.
 
Now, please explain in detail a situation where his actions are justified.

Re:I hope they throw the book at him

[neokushan]

I never said "it might have been ok", what I said was "let's not jump all over him when we only have half of the story".

I in no way defended his actions, merely the notion of "throwing the book at him" because what he did was so utterly, utterly wrong. Except what he did that we know of was cause some disruption that lost the company money. The OP's argument was "lets throw the book at him because of what he COULD have done", which isn't really any better.

Re:I hope they throw the book at him

[Viol8]

I speak it fine thanks. Your comprehension on the other hand appears to require some work.

Re:I hope they throw the book at him

[DaveV1.0]

They conducted secret illegal experiments on him and his coworkers.

Well, no, unless you have evidence to the contrary. And, assuming that occurred, the company would keep the information from the experiments, so why didn't he retrieved the information and make it public rather than simply attacking the company? You say the information was on the VMs he deleted? So, you are saying he destroyed the evidence of his abuse and thus making any claim he makes unsupportable? Great move on his part.

Please explain in detail when his actions would be acceptable and why.

Re:I hope they throw the book at him

[DaveV1.0]

Funny, but everyone making excuses for him are using similar bullshit arguments.

Re:I hope they throw the book at him

Unless they stole his stapler.

Re:I hope they throw the book at him

Unless they took your stapler.

Re:I hope they throw the book at him

[gnick]

Actually, if you RTFA or watch the documentary made about this particular case I believe that you'll sympathize with his plight and understand why he went to these extremes to exact revenge over his dispute with management.

It really was his red Swingline stapler and they never should have taken it from him.

Re:I hope they throw the book at him

[mapkinase]

I am not making excuses for him. He is a criminal. Period. It's just the exaggeration of Viol8's comment is right in your face, so it's hard to notice.

Re:I hope they throw the book at him

[DaveV1.0]

He admitted guilt. Please state an instance where his actions would be justified and explain why in detail. Please don't try, as someone has done, pulling a hollywood scenario such as "the company was going to release a deadly pathogen" claim.
 
The OP's argument is not what you have stated. His argument is that the results of his actions could have been hideous, so "let's throw the book at him", which means to punish him to the fullest extent of the law for what he has done. Someone decides to fire off an automatic rifle in the general direction of your family reunion. Do you want the book thrown at him for what he did or should he be given the benefit of the doubt?

Re:I hope they throw the book at him

[jvkjvk]

Are you insane?

You and the OP are essentially advocating that every criminal be punished to the fullest extend of the law for what could have happened.

What? Does that not occur to you that in your regime speeding becomes 1st degree murder. So executions all around.

Meanwhile, your "opponent" (since you obviously see them as that) is merely claiming that perhaps 10 years is a BIT MUCH for breaking into a computer system causing $800,000 of "damage".

The person you are arguing against has stated repeatedly that they believe what the guy did was wrong.

Therefore your shill insistent calls to somehow "Prove he was justified!!!" are just bullshit, designed to pile a little more on your pile of crap arguments.

Someone decides to fire off an automatic rifle in the general direction of your family reunion. Do you want the book thrown at him for what he did or should he be given the benefit of the doubt?

Yes, please go to a nice emotionally based analogy tangent, when we have a perfectly understandable situation in front of us to talk about. Doing so solves nothing, and is an indication that you agrument does not hold up.

Either you are doing so to generalize your arguments so this case falls within the boundaries, or you are tyring to sway logic through emotional appeal.

If it's the former, do YOU want the death penalty for speeders or not? If not, you are not following your own logic.

If it's the latter, while a it is a decent rhetorical trick, I find myself unswayed by the emotional argument you present.

Regards.

Re:I hope they throw the book at him

[TheCabal]

He resigned. It's sort of all on him at this point.

Re:I hope they throw the book at him

He could have potentially wiped out some on going expensive research while he was at it and potentially cost lives not to mention jobs at a company that obviously wasn't in the best financial health to start with. This selt centered little prick doesn't deserve any leniency.

Oh no the lives...the LIVES THAT MIGHT HAVE BEEN SAVED! Actions have consequences, even for big wealthy international companies.

Re:I hope they throw the book at him

[TheCabal]

Try taking a Criminal Justice 101 class, or any pre-Law class before discussing this topic again, please.

The "what" is the crime. This is the most important part. Let's take a murder since you seem so fond of it.

I've murdered you. This is the crime.

The "why" or motive, is nowhere near as important, and is generally not even considered to be an element of the crime. Nobody argues motive in a burglary, just that the burglary happened. "Why" is usually only important in murder, since we've sliced homicide into types of offenses. Why did I murder you? You posted a silly comment on Slashdot. Is this more important than the fact that I murdered you? No, but it helps dictate what crime I may be guilty of. We can use motive as a mitigating factor. Self-defense springs to mind. I had to kill you before you posted again. I'd probably walk, especially if this was Florida.

So let's look at the crime with the facts we know: Our guy here, using an account and password that he was not authorized to use, accessed a network he was not authorized to access, and proceeded to delete 15 VMWare images.

Please tell me a legally cogent "why" that can be used as a defense for these actions?

Re:I hope they throw the book at him

[TheCabal]

None of this is a mitigating factor for his actions. Even if they were experimenting on baby pandas and he disagreed with that, is it this still a valid affirmative defense? No. Feelings for cute baby pandas aside, if they were legally experimenting on these baby pandas, his actions are not defensible. There is NO possible scenario where he can assert an affirmative defense for his actions.

Oh maybe this is actually the Umbrella corporation, and they were making ready to release the T-virus? Yeah, that's the ticket.

Re:I hope they throw the book at him

F off with the morals dude.

Re:I hope they throw the book at him

[Bacon+Bits]

So what was his dispute with the management that made him do this?

It doesn't matter what his dispute was. There are no circumstances in which doing the equivalent of burning down your former place of employment is a legitmate move in a dispute.

Maybe they took his stapler.

Re:I hope they throw the book at him

So what was his dispute with the management that made him do this?

It doesn't matter what his dispute was. There are no circumstances in which doing the equivalent of burning down your former place of employment is a legitmate move in a dispute.

I would agree with you in most circumstances, but there are exceptions. I once worked for an employer who turned out be to attempting to open a wormhole to another universe where ancient, god-like beings are seeking an opportunity to break into our world and destroy us. I had to burn the place down to stop them - normally, that would be against my professional code of ethics. We (my young, female research assistant and I) barely escaped with our lives from the hordes of townspeople with strange fish-like features who serve these dark masters.

Re:I hope they throw the book at him

[Capt.DrumkenBum]

What if they took your stapler and moved your desk in to the basement?

Then you are entirely justified in burning the place to the ground.

Re:I hope they throw the book at him

But they took his stapler!

Re:I hope they throw the book at him

What if he found out they were weaponizing smallpox with the secret consent of the government?

Re:I hope they throw the book at him

Not everything you are taught is correct.

Re:I hope they throw the book at him

[anagama]

No, why is most important. If the why was unimportant, people who have been responsible for many thousands of deaths, e.g., Bush and Obama, would be locked up as dangerous individuals. Instead we lock up people or even execute them when they kill only one person. The explanation clearly resides in the "why". In the example of political leaders, the why is because they have power and can do it with impunity. The niceties of the legal system are only there for the rest of us.

Re:I hope they throw the book at him

[ScentCone]

What if they took your stapler and moved your desk in to the basement?

Acts that heinous only occur in the movies.

Re:I hope they throw the book at him

[ScentCone]

with there millions

Right, it's always important to hate the investors. You know, like the people who have shares in that company as part of the mutual fund they've been slowly buying with a bit of the paycheck they earn as a bus driver or a janitor. Eeeevil investors! Nobody who can invest $10 per paycheck towards their retirement should be allowed to do so, because they are Eeeevil Investors who also probably blacklist people!

Nice boo-hoo troll, though. What a crock.

Re:I hope they throw the book at him

[TheCabal]

Maybe we can have this conversation once you've stopped jumping up and down on your soapbox. Until you stop letting your obvious dislike for our elected officials blind your judgement, you're little more than a troll.

Re:I hope they throw the book at him

[epyT-R]

Those who've taken a reasoning 101 class in college know that sanctimonious euphemisms like that do little to explain why things happen. They're just shitty cop-outs for people who don't want to think/want to feel powerful by siding with authority/want to BE authority.

I'm impressed he could do that much damage...

[Mysticalfruit]

I usually can only destroy 10 or so vm's before my vsphere client runs out of memory / handles or just segfaults for the fun of it. Needless to say, my displeasure with that vpshere client has caused me to become somewhat of a vsphere command line ninja.

Firstly, it appears this guy was treated poorly and not only is he a nitwit, it would appear that most of his coworkers/management were as well.

Secondly, it's acts of sabotage like this that make it hard for the rest of us to do our jobs.

Thirdly, on a not so serious note... wi-fi from McDonalds? vSphere console? How did he think he was NOT going to get caught? Did he even try to wipe the logs off the vsphere server? Had this guy two brain cells in his head, he could have obliterated their infrastructure and not left a trace of evidence.

Re:I'm impressed he could do that much damage...

[chomsky68]

Firstly, it appears this guy was treated poorly

Where did ya get that one from? Coz he was laid off?

Re:I'm impressed he could do that much damage...

Violence is a sword that has no handle, you have to hold the blade.

Re:I'm impressed he could do that much damage...

[mabhatter654]

THIS is why companies "perp walk" you to the door IMMEDIATELY after you had in the letter to resign. They certainly don't let you come back as a contractor... Unless you are leaving for a scheduled retirement or something amicable.

As much as the "perp walk" seems like a bad thing, it helps make sure YOU don't get accused of crap like this later on.

Re:I'm impressed he could do that much damage...

[murdocj]

Having read the article... other than being laid off, what makes you think that the guy was treated poorly?

Re:I'm impressed he could do that much damage...

I usually can only destroy 10 or so vm's

...are you joking or what. Because I hope you're joking otherwise you just might get fucked by the law.

Re:I'm impressed he could do that much damage...

[BeShaMo]

What's to stop you from backing up their sensitive data and creating your back doors before you hand in your letter of resignation? If you treat your employees well, and create an atmosphere of mutual respect, when the time does come to part ways, the last month or two of employment can be constructively used to tie up loose ends and easing the transition to the next guy. If you, as an employer, have a policy of escorting someone from their workstation the moment they hand in their resignation, you're basically paying someone to twiddle their thumbs while your remaining employees scramble to cover for the guy who now is suddenly gone with no warning, while they must be thinking whether it's really worth it, just to get the same treatment when they are leaving. The "Perp walk" is just as petty a show of revenge as the guy in TFA and as damaging to the future your remaining employees to do their job. The only difference is that it is unfortunately not illegal.

Re:I'm impressed he could do that much damage...

[TheRaven64]

I hope you're joking, because if you can not think of a reason why you might legitimately destroy 10 VMs for your employer - especially if you're using this kind of system where you can easily be managing thousands of VMs - then you probably shouldn't be using a computer.

Re:I'm impressed he could do that much damage...

[adamofgreyskull]

I've never had it happen when handing in my resignation, or seen it happen to anyone I know, or heard about it happening to anyone I know, but perhaps it depends on the events leading up to the resignation? Some people just resign because they want to move on to bigger and better things and not because they've had a spat with management. If you had, or if you were *fired* I can understand it of course.

Is it really common for this to happen over a simple resignation?

Re:I'm impressed he could do that much damage...

[Syberz]

Had this guy had 2 brain cells in his head, he wouldn't have done anything except look at job boards... Why don't people just stick to stealing office supplies like in the good old days?

Re:I'm impressed he could do that much damage...

[Dog-Cow]

Ford does the perp-walk when letting contractors go. Not all the time, so I guess it depends on what they were working on.

Re:I'm impressed he could do that much damage...

[maxwell+demon]

Had this guy two brain cells in his head, he could have obliterated their infrastructure and not left a trace of evidence.

Maybe if he had two brain cells in his head, he would not have been fired in the first place. Who knows?

Re:I'm impressed he could do that much damage...

[mallyn]

Folks: All of my resignations had at least a three week transition; one I was allowed to stay for 1 1/2 *months* for transition.

Another time, I was told I would be laid off 1 *month* prior to the event. I still had *full* access to everything right up to the day. At the day itself, I had to all but arm twist the guy to walk me to the exit and take my badge!

I was never perp walked

Re:I'm impressed he could do that much damage...

I guess with less than 2 brain cells, he's a vsphere ninja, one less and he'd have been management!

Re:I'm impressed he could do that much damage...

I hope more of this occurs. We need to shake these companies up.

Re:I'm impressed he could do that much damage...

He worked in corporate IT. By definition, he was treated poorly.

Re:I'm impressed he could do that much damage...

[Mysticalfruit]

I was making an off color joke about the instability of the vSphere client... though now that I've had to explain the joke, it's not nearly as funny...

Re:I'm impressed he could do that much damage...

he wasn't .. it was a vendetta for someone else .. read the link to the court press release in the article (which apparently the author of the article couldn't be bothered to do) ..

"Cornish was an information technology employee at Shionogi, Inc., a United States subsidiary of a Japanese pharmaceutical company with operations in New Jersey and Georgia. In late September 2010, shortly after Cornish had resigned from Shionogi, the company announced layoffs that would affect B.N., Cornish’s close friend and former supervisor.

In the early morning hours of February 3, 2011, Cornish gained unauthorized access to Shionogi’s computer network. Cornish used a Shionogi user account to access a Shionogi server. Once he accessed the server, Cornish took control of a piece of software that he had secretly installed on the server several weeks earlier."

His bigger crime is assuming incompetence .. he would have been better off framing his friend's supervisor and implying incompetence. But - really? People store that much critical data in VMs these days? I thought the point of virt farm architectures were more for the easy bring-up or rebuild of an infrastructure - not storing critical data ..

Re:I'm impressed he could do that much damage...

[geekoid]

I've been 'perp walked' I gave a month notice. They paid me for the next month, and told me to go home. Security packed my desk, and I turned in a list of passwords.

This was SOP. I had just finished working no a project that gave me a lot of power over their business. So, understandable.

Just to be clear, security packed my desk at MY REQUEST. As a favor the complied. I don't really keep a lot of personal stuff on my desk.

Re:I'm impressed he could do that much damage...

It's quite likely that his superiors may have hurt his feelings at some point.

Re:I'm impressed he could do that much damage...

I've never understood that "perp-walk" attitude that some US companies seem to have.

I'm french, here people usually are let go after a 3 months period (one month only for "less qualified" jobs), and there are almost no real problems. The period can be negociated, but most of the time, it is not. And we certainly don't have a lot of sabotage. The fact that some companies assume that their employees will wreak havoc in the company is preposterous to me.

I know a story of a guy in the french branch of a big US software company that was -without warning- stopped at the entry of the company and forbidden to enter, he sued them and won (of course).

It's really sad to hear about such an environment...

Re:I'm impressed he could do that much damage...

[cusco]

I've had it happen exactly once, when I was a barely-above-minimum wage service writer in a garage. When I had Schema Admin permissions in AD at a Fortune 50 company they let me know over a month ahead of time that my contract wasn't going to be renewed, and I had my permissions intact until 5:00 on my last day.

Re:I'm impressed he could do that much damage...

[gatkinso]

It is always smart to discreetly pack up your belonging before you give notice, and take them home the night before.

Re:I'm impressed he could do that much damage...

[dohcvtec]

Thirdly, on a not so serious note... wi-fi from McDonalds?

Yep, very poorly planned. Last I knew, McD's was part ATT's national Wifi network, which is for ATT customers only and requires some form of authentication. Plus, he didn't pay in cash, thereby leaving additional breadcrumbs.

Please set up and use a documented procedure

[mallyn]

Folks:

Please

This is one reason why we need to have a well documented and well tested procedure for the termination of an IT employee.

There need to be a group of people; not just one or two; in the company who have a *full understanding* of the network, the servers; the entire infrastructure. Those people need to get together and come up with a detail step by step procedure and then test it thoroughly.

Once they test it, they should have it reviewed by not just one, but perhaps two or three different security consultants.

This procedure needs to cover *everything*; network passwords, personal passwords, building/room access cards or keys, etc.

It should be a given that physical locks (old fashioned keys) must be changed. Assume that keys are duplicated.

It should also be a given that *all* root/system/admin passwords must be changed

If the person had any access to any private cryptographic and PKI keys, they must be revoked and replaced.

And, by the way, do you search the areas the person had access to and look for rogue modems, wireless access point, or whatever? Do you have an active inventory and configuration of your network readily available? Do you look above the false ceiling and under raised floors? Probably not. But do it. I''ve seen it all. Even a changed lock on a door that not normally used; the person put his own lock on it so he can get in after all the locks on the 'normal' doors are changed. Any extra routers on the perimeter? Yes, I have seen it. That inventory must be thorough, accurate, and periodically checked.

From experience and stories that I have seen; it is a given that if at all possible, all of the account/password/access termination must be done prior to the person knowing that they are to be terminated. I prefer to do this work over a weekend (and do thorough testing) and then formally terminate the person on the following Monday morning when the employee arrives at the building's lobby or reception.

The best places that I have seen have this procedure not only trained to several people but documented in loose leaf binders prominently on key people's desks. They also run drills periodically (with evaluation by at least one if not more external and trusted security consultants) to ensure that *every* access to the building/network/servers is secured properly.

Yes, this costs money; lots of it; but it's your darn business that's at stake

Re:Please set up and use a documented procedure

Very sound advice and this pretty much mirrors what we do in-house.

It's also worth saying that as well as daily, conventional tape backups, we take a weekly backup of all our virtual machines using the excellent (and free!) GhettoVCB script (http://communities.vmware.com/docs/DOC-8760) - it snapshots the VMs and then backs them all up (vmdk and vmx files) to a disk set in a separate server connected to the main VMWare server via NFS (takes about 3 hours to do the lot). We alternate between two destination disk sets, with one always in a fire safe on our other site, so if the primary VMs are destroyed we can eitther point the main VMware server to the copies and add them back to the inventory or, worse case, reach for the offsite backup set and a spare server.

We have simulated a major systems failure and have estimated we can get the entire VM set (12 in all, comprising Windows and Linux servers for data storage, Directory and mail services, build tools, CRM, Intranet, network monitoring etc.) up and running on a spare server within one hour and then concentrate on restoring missing data from tape. Core services (file store and email) would be up within 20 minutes.

Re:Please set up and use a documented procedure

As always, it's a balance between cost and risk. But if someone really clued happened to set out to do harm, even the commendable level of paranoia described above won't save you. What the parent describes is about the baseline level I'd expect from a medium-sized company that needs to be serious about its security, but it's not gonna happen for small businesses with only a few employees, and nor should it. After all, trying to achieve the level of precautions described here ("There needs to be a group of people; not just one or two; in the company who have a *full understanding* of the network...") is only feasible once you have a reasonably-sized pool of people who are actually capable of understanding the network in the required depth.

Re:Please set up and use a documented procedure

[jamesh]

all of the account/password/access termination must be done prior to the person knowing that they are to be terminated

That was the joke when I used to work at <big company>... if someone's swipe card didn't let them in the building in the morning someone else would ask "oh... do you still work here?". The swipe cards were just magnetic cards and they did seem to wear out quickly so it wasn't that uncommon... but you always wondered for a second when it failed to swipe first go.

Re:Please set up and use a documented procedure

From experience and stories that I have seen; it is a given that if at all possible, all of the account/password/access termination must be done prior to the person knowing that they are to be terminated. I prefer to do this work over a weekend (and do thorough testing) and then formally terminate the person on the following Monday morning when the employee arrives at the building's lobby or reception.

How often are you firing people that you have this all down pat like that?

Re:Please set up and use a documented procedure

[jlebrech]

Or set up a well documented maintenance plan as a sysadmin, and take that document with you when you leave.

Re:Please set up and use a documented procedure

You do realize that the only way to test it is fire one of those IT people.

Never publicly flame

[wiredog]

someone who has your root passwords...

Re:Never publicly flame

And is known not to be able to behave himself.

Protect systems from rogue admins too?

[bertok]

Has anyone noticed that every system claiming "enterprise" robustness only ever protect against untrusted third parties or component failure? I think there's an enormous amount of research waiting to be done to develop systems that are robust against attacks by rogue administrators. Think about it this way: a modern distributed cluster can be made robust against nuclear warfare, but not a grumpy admin!

Technologies like the kind developed by internet pirates could be applied to enterprise systems. For example, protocols like Bittorrent are designed to be robust against malicious peers. The lessons learned by Wikipedia (where everyone is an 'admin') could be applied too, such as enforced versioning of all configuration changes.

Similarly, multi-party authentication should be an option for critical enterprise systems. It should be possible to mark objects such as VMs or service accounts as "critical", allowing configuration changes only if, say, three admins authenticate together, like in a nuclear launch. This isn't a new concept -- Certificate Authorities often require secondary approval to issue certain types of certificates.

The need will become ever greater as the trend of moving away from tape towards snapshots and replicas accelerates. Do you seriously think Google backs up to tape? Or Amazon? Or any cloud provider? They don't! They just keep two to thee copies of everything, and hope that none of their thousands of administrators ever cracks and does the equivalent of "rm -rf *" on the entire cloud all at once!

Unfortunately, a business with general purpose servers running Windows or Linux are out of luck. Even if someone were to come up with, say, a virtual hosting environment that's robust against even administrators, that wouldn't prevent other mass attacks, such as formatting the SAN (shudder), deleting every object from the Active Directory domain, or my favourite: setting an encryption key on the backups for a month before leaving, wiping the password, and then formatting every server in parallel. Just resetting every password in the system at once is enough to bring most organisations to their knees, and can be done in seconds! How long would it take your organisation to recover from that? You'll just restore the AD from tape, right? Step one: log on to the backup server... err...

Remember: Mirrors won't help. Replicas won't save you. Snapshots can be deleted just like everything else. If the business didn't have off-site tape backups of everything, it's game over.

Re:Protect systems from rogue admins too?

I think there's an enormous amount of research waiting to be done to develop systems that are robust against attacks by rogue administrators.

Go read the Orange Book that the DoD published back in the 1980's along with the associated research before claiming that it's "waiting to be done".

The tl;dr bottom line is that such systems were deployed almost 20 years ago and basically died out because sys admins and users both decided they were to much of a pain to use.

For anything short of initiating nuclear war, it's just not worth it.

Re:Protect systems from rogue admins too?

Google does backup to tape. Saved their bacon too.
http://gmailblog.blogspot.com/2011/02/gmail-back-soon-for-everyone.html

Re:Protect systems from rogue admins too?

Google absolutely does backup certain systems to tape. They are smart enough to realize someone could do the equivalent of "rm -rf *" on the entire cloud all at once! Being an "offline" storage mechanism immune to accidental or malicious commands is one of tape's greatest strengths.

Re:Protect systems from rogue admins too?

[RogerWilco]

Multiple Administrators? I think most companies see IT as an expense that needs to be minimized, so you're lucky if they have one Administrator who is competent.

Re:Protect systems from rogue admins too?

[bertok]

Most of their data is pure disk. There's been several articles floating about on the internet about it. Some critical stuff is backed up, like the old-school relational databases, source code, etc... but the vast majority of their data isn't. Sure, they could reproduce their indexes by re-scanning the internet, but how long would that take?

Re:Protect systems from rogue admins too?

[mallyn]

Good advise; thanks

Here is one small step that was taken by a high end hosting provider

All the systems had locked root passwords; nobody knew the actual root passwords; and they were different for each system.

All root is done via sudo except for the system console, which is in the locked server room

To gain sudo access, this is what happens

First you go onto a secure database that is tied in with the trouble ticket system. You log in using a token. You request root access to server x. The system checks to see that you are supposed to be able to have root for server x and it checks to see that you are working on a currently open trouble ticket for an application on server x.

If the secure database is happy, it sends a message to another secure server (in a different machine room). That system, which has yet another secure database, pulls an ssh private key from the database, installs it as a ssh private key in order to do an ssh shell session with the server you want to get on. That session runs a script that changes the /etc/sudoers to add your name. Along with that, it sets off a cron job that forces the /etc/sudoers fill back to its original configuration after a set ammount of time.

You log in, do sudo, and do your stuff. All logging is done to what I call a toilet paper machine (paper log) in yet another secure room. You are through and log off. You close the ticket. The entire process as described above is done but to restore the /etc/sudoers file back to the way it was. Even if you 'forget' to close the ticket, the timer cron noted above will still revoke your access to sudo and send an email to security.

The secure database servers noted above, each located in its own secure location, require two people authentication to access root. For those machines, the root password is split in half. One half is known by each of two key people. They both need to log in at the same time.

This is about the most paranoid root access that I am aware of.

Re:Protect systems from rogue admins too?

To tack on to bertok's eloquent thoughts.

IT is more than a help desk cost center. They now run the organization. All that power needs to be tempered with controls and wisdom. Why were warnings not being sent out to senior IT management when the first VM was deleted? Companies need to start hiring CIO that actually know something about information technology. You need to have admins that know what they are doing and then augment that with consultants.

Next to the COO (the one who really runs the company) the CIO is the next most important person. You can go a day without Sales or Accounting. You cannot go a day without your systems. Operations is what you do as a company, IT is what makes that happen. CEO's and Board of Directors need to start understanding this and plan accordingly.

Re:Protect systems from rogue admins too?

What about a 2 (or N) person authentication before any major config changes? Sort of like the movie stereotype of two people turning a key simultaneously before the missile is launched,

Re:Protect systems from rogue admins too?

[geekoid]

Then they need to be aware of the risk they are undertaking by only having one admin.

Re:Protect systems from rogue admins too?

Hopefully one of the two key people doesnt wander off and leave... Or both get pissed at the same time (think union strike).

Offsite backups are the best choice. The system you described locks out the single rouge agent. But what if there are two?

Re:Protect systems from rogue admins too?

[YenTheFirst]

The need will become ever greater as the trend of moving away from tape towards snapshots and replicas accelerates. Do you seriously think Google backs up to tape? Or Amazon? Or any cloud provider? They don't! They just keep two to thee copies of everything, and hope that none of their thousands of administrators ever cracks and does the equivalent of "rm -rf *" on the entire cloud all at once!

actually . . .

To protect your information from these unusual bugs, we also back it up to tape. Since the tapes are offline, they’re protected from such software bugs.

Re:Protect systems from rogue admins too?

Has anyone noticed that every system claiming "enterprise" robustness only ever protect against untrusted third parties or component failure? I think there's an enormous amount of research waiting to be done to develop systems that are robust against attacks by rogue administrators. Think about it this way: a modern distributed cluster can be made robust against nuclear warfare, but not a grumpy admin!

Technologies like the kind developed by internet pirates could be applied to enterprise systems. For example, protocols like Bittorrent are designed to be robust against malicious peers. The lessons learned by Wikipedia (where everyone is an 'admin') could be applied too, such as enforced versioning of all configuration changes.

Similarly, multi-party authentication should be an option for critical enterprise systems. It should be possible to mark objects such as VMs or service accounts as "critical", allowing configuration changes only if, say, three admins authenticate together, like in a nuclear launch. This isn't a new concept -- Certificate Authorities often require secondary approval to issue certain types of certificates.

The need will become ever greater as the trend of moving away from tape towards snapshots and replicas accelerates. Do you seriously think Google backs up to tape? Or Amazon? Or any cloud provider? They don't! They just keep two to thee copies of everything, and hope that none of their thousands of administrators ever cracks and does the equivalent of "rm -rf *" on the entire cloud all at once!

Unfortunately, a business with general purpose servers running Windows or Linux are out of luck. Even if someone were to come up with, say, a virtual hosting environment that's robust against even administrators, that wouldn't prevent other mass attacks, such as formatting the SAN (shudder), deleting every object from the Active Directory domain, or my favourite: setting an encryption key on the backups for a month before leaving, wiping the password, and then formatting every server in parallel. Just resetting every password in the system at once is enough to bring most organisations to their knees, and can be done in seconds! How long would it take your organisation to recover from that? You'll just restore the AD from tape, right? Step one: log on to the backup server... err...

Remember: Mirrors won't help. Replicas won't save you. Snapshots can be deleted just like everything else. If the business didn't have off-site tape backups of everything, it's game over.

The research is being done. insider attacks or the like is what you are looking for.

Re:Protect systems from rogue admins too?

[cusco]

If by "they" you mean "management", good luck with that. Their bonuses depend on reducing headcount to an absolute minimum and and hoping that any disasters happen on the watch of the next seat-warmer in their office as they play Executive Musical Chairs. That's the same reason you have major drugs released with known lethal side effects, known defective car brakes, and the like dumped on consumers, the decision makers plan on having a new job by the time the shit hits the fan.

Re:Protect systems from rogue admins too?

You left out the part where the other half of the password is tattooed on the admin's belly, and they must be joined together to see the password in its entirety. This should be done with a flashlight in a dark server room after the security to that server room has been compromised, and the lights went out to cover the escape of the perpetrator.

Re:Protect systems from rogue admins too?

[MrSenile]

None of this would be an issue if corporations actually thought of their employees as assets.

They do not.

They treat their IT professionals like slave labor, underpaying the lot of them and overworking their hours without more than a by-your-leave. If you don't like it, well, don't let the door hit you on the ass while we get someone else who's starving on the street who most likely can do your job, even if it isn't as good. But hey, more reason to pay them less, and in doing so, lower the entire class pay for the entire group while we're at it.

It boils down to trust. The companies should be paying the employees the money their experience deserves, to support and build out the environment that these professionals know how to build.

If an IT professional wanted to damage a system, having a keyless password system like CA or RSA have for running daemon kernels (windows, linux, solaris, aix, etc), or putting in advanced API layer user control right into the kernel, or any other number of leaps and bounds is frankly ridiculous. Who do you think is IMPLEMENTING this to begin with. The same IT professionals you are knowingly trying to stop getting access to. Sounds rather hypocritical.

If you don't trust your IT professionals with access to the systems, then why the hell are you trusting them to implement the security to the systems you don't trust them with?

Either trust your IT professionals to do the job right, or hire new IT professionals. Simple as that.

I remember when company loyalty was prided. Now it's not uncommon to see people running to leave a company they work for because of bad treatment.

I think the problem is the Management, not IT.

Re:Protect systems from rogue admins too?

[bertok]

That's all fine and good, but in a large enterprise, that's just not practical.

No matter how much you pay your employees, or how nicely you treat them, you just can't be that certain about people. A substantial portion of the population has mental issues. Given enough employees, it's virtually guaranteed that you have at least a couple of psychotic or psychopathic employees. Even if your IT people are all carefully vetted, their managers need to be too, otherwise they could be mistreated until they snap. I've been to government organisations with 800+ IT employees, where the vast majority of the critical systems were a part of a single AD domain. One guy with one password can blow away a chunk of the government in about a minute!

It's like bad memory in a computer -- no matter how good your software, your hardware can cause anything to crash. Currently, organisations have to completely trust their employees, but what if they didn't have to?

My point is that if we can protect against bad memory (ECC, lockstep computing, etc...), then it ought to be possible to protect against rogue employees?

For example, turnkey, tamper-proof systems that can be installed in such a way that the corporation doesn't have to completely trust a single employee. Or systems that could be only be set up with full trust, but then could enter a "production" mode after which full trust is no longer required.

Instant career murder

[dutchwhizzman]

Anyone doing this will never ever be put into a position of trust again. That is, if the potential future employer do a decent check on who's applying for the job. It doesn't matter how mad you are, you will ruin it for yourself if you do anything to harm your former employer.

Re:Instant career murder

[gatkinso]

Getting a decent job is going to be the least of his worries.

However he will be trusted to toss that salad.

Re:Instant career murder

He'll get a job...trust me.

Re:Instant career murder

I wish this were true. I want this to be true. The fact is outside the tech field in a few months no one will remember this guy. In a year even the techies will forget. At worst you do a name change. In the states at least there is a limit to what previous employers are allowed to reveal. Where I am out unless your on something special you don't even need a background check. Spend a couple years in a place and keep your nose clean you could even leave with a glowing review. Most of the ti e employers only check past references for your last job. Ta a suddenly your back in a trusted position again. Its easier than you think.

I worked for one company that fired a guy for this kind of conduct, only to rehire him about a year later when management changed.

Re:Instant career murder

[TooMuchToDo]

You make prison sound like its worse than an IT career. You must be new to the field.

Re:Instant career murder

However he will be trusted to toss that salad.

You can find plenty of employment doing that.

Re:Instant career murder

The real issue is the criminal conviction. A guilty plea (for anything north of a traffic ticket) is an automatic red flag for employers. Even a rudimentary background check will find a criminal conviction (you can check online in some states). Avoid criminal court and might skate away from all kinds of difficult situations.

I know of a guy who was CIO of a Fortune 500 company. He was taking big kickbacks from an outsourcing vendor, and signing off on all kinds of cost overruns. Having thoroughly wildly his budget on an underachieving vendor, corporate auditors investigated and discovered the scam. He was escorted from the building by corporate security ... and hired about a month later as CIO with ANOTHER Fortune 500 company. Go figure.

Re:Instant career murder

[gatkinso]

Yeah whatever Mr 882796 ;-)

Curious your opinion about tossing salad.... ;-)

Re:Instant career murder

[TooMuchToDo]

Well played Mr. I-have-a-5-digit-UID =)

Been doing IT since 18, turning 29 this year. Owning your own business definitely helps. Definitely.

IT: Doctor pay; janitor respect.

Re:Instant career murder

[Capt.DrumkenBum]

"Tossing the salad" is a euphemism. I am not willing to explain. Perhaps the fine folks at google can tell you more.
Just to get back on topic. What an idiot! This is career suicide. I know that at my present employer they google you before you are ever contacted for an interview. If something like this were to come up attached to your name, like say in a news report, I doubt HR would be calling you in for an interview.

Re:Instant career murder

[TooMuchToDo]

Which is why you legally change your name, which you're not required to disclose in an interview.

Re:Instant career murder

[Capt.DrumkenBum]

But then you have no history. Almost as bad.

Re:Instant career murder

[TooMuchToDo]

If you can't create your history in a day or so with a resume, (fake) contacts, Facebook, etc. you have no business being in any sort of information profession.

Re:Instant career murder

[syousef]

Anyone doing this will never ever be put into a position of trust again. That is, if the potential future employer do a decent check on who's applying for the job. It doesn't matter how mad you are, you will ruin it for yourself if you do anything to harm your former employer.

I think it's a pretty safe bet you won't be progressing your career from within a prison cell anyway.

keep alive

[jlebrech]

wouldn't it be more worthwhile setting up an infrastructure which constantly needs you expertise to stay running, the day you are not there to enter the magic code then "boom". then you could successfully claim having not touched the system after your contract is up. it would have to not be a time bomb but some kind of bash commands which you enter from memory every morning.

Re:keep alive

[gatkinso]

and then one day you get a raging case of the flu..... or simply oversleep.

Re:keep alive

[Pope]

Only if you're a moron. You may want to do that with your personal machines at home, but a company's equipment is not your playground for petty revenge fantasies.

Re:keep alive

[DaveV1.0]

Or, get in a wreck.

Or, get a speeding ticket

Or, get called for jury duty

Or, get drunk.

Or, go on vacation

Or, have a meeting first thing in the morning

Or, are dealing with a critical incident

Or, have a death in the family

Or, your house burns down

Or, you get mugged and end up in the hospital

I could keep going, but I am sure everyone gets the idea.

Re:keep alive

[gatkinso]

Actually, I think they had the idea after my post.

Re:keep alive

[gatkinso]

Well now, while the OP is somewhat of a ninny, I take exception to your statement.

One does not extract revenge on themselves... usually it is in retaliation for some wrong, real or imagined.

I am so mad at my employer I am going to...

[gatkinso]

...make it impossible for some elderly people (along with some kids with cancer, and perhaps a few diabetics) to get their meds.

Oh yeah, and incidentally, cost my employer money.

Douchebag of the Year Award candidate.

Re:I am so mad at my employer I am going to...

You think this would really cause people to not get their drugs?

I work in a manufacturing environment. We are heavily reliant upon our ERP system to ensure smooth operation. But if we lost our entire datacent AND our DR syste, at the same time, we could still make product. It would be slower, but it would happen.

And that doesnt even take into account the current inventory, and other drugs which can be used as a substitute.

I am not saying this guy was not an asshat. Im saying that hyperbole when discussing such things serves no purpose except to enflame the rhetoric.

Re:I am so mad at my employer I am going to...

...make it impossible for some elderly people (along with some kids with cancer, and perhaps a few diabetics) to get their meds.

Oh yeah, and incidentally, cost my employer money.

Douchebag of the Year Award candidate.

Okay, I accept your premise.
How is this any different from wall street/big banks vaporising large numbers of pensioners life savings by screwing with the markets for personal profit like they have the last 10 years? Not to mention the predatory nature of health insurance companies when dealing with loss incurring clients (How DARE they actually get sick after they have paid us money for years that they did not collect a service for.)

What this man did was criminal, but doesn't even come close to the level of evil that my above mentioned examples illustrate.

Re:I am so mad at my employer I am going to...

As if pharma companies are responsible for all kinds of pain and suffering all in the name of continuous profit. Stop judging, it all works both ways always.

Re:I am so mad at my employer I am going to...

[gatkinso]

Well it sure as hell isn't going to streamline the ole distribution network, now is it?

Re:I am so mad at my employer I am going to...

[Darinbob]

According to their story they weren't able to ship product and order tracking was down. Probably can still make product though and end customers probably have a few days backlog of product, so it's not a complete disaster. But he's still a douchebag.

Jury will find him guilty regardless of being a douchebag or not, so the real hope is that he can convince the judge doing the sentencing that he's not a douchebag. Good luck with that.

Anarchy with a new Face

Dude is just another anarchist like all the rest of these people....... no thought to important info being destroyed nor any innocents that may be affected. Justification is their own inadequacies which they cannot face. Malicious code just puts a weapon in the hands of the emotionally bankrupt.

"I could have done it better" thread here.

[Kozz]

Seems half the comments here are people who say how stupid this guy was -- that they could have done a much more thorough job of destruction AND covered their tracks better. Shows what kind of geeks we are. ;)

Go ahead, post your "I could have done it better" comments here.

Re:"I could have done it better" thread here.

I don't know if it's human nature or if it stems from arrogance or pride, but this is a very common response to most situations people hear about, actually - whether the original acts can be labelled "good" or "bad" is less important to a lot of people than whether or not the person/people/group could have been more successful in what they did. I personally think this speaks less about the moral nature of the people who are commenting on the success or failure and more about how goal-oriented or success-driven or motivated by overcoming challenges they are.

When I was in the military, I was friends with someone on a special ops team and I very clearly remember a conversation he and I had after a shooter had opened fire on a group of innocent people from a tower far away from where we were. The entire conversation focused on how many errors the shooter had made and how many more kills my friend would have had if he had been in that tower instead. During the conversation, I got caught up in the strategy talk as well; it wasn't until later when I was back home recalling the discussion that I realized we were talking about the best strategies to kill innocent people from a tower.

Re:"I could have done it better" thread here.

[cusco]

I think it's to a great extent people thinking about how much more moral and upstanding they are than this idiot, since not only could they do it better but they also DON'T do it.

Having said that . . . people tend to forget that the RDP protocol was originally written with 28.8 modems in mind. Find the desk closest to the fax machine, double-face tape the modem to the bottom of the desk, and put it between the wall and the fax. Compromise the closest workstation with a local account and and plug in the modem. You could use an internal modem card, but people do notice when there are phone lines plugged into their PC, not so much when it's just an extra USB connector. It probably won't be found until the PC gets changed out.

Re:"I could have done it better" thread here.

[Darinbob]

Trouble is people who think they could do better are probably assuming that they'll be thinking logically. People out for revenge are driven by emotions and will make stupid mistakes. People who are smart wouldn't be doing the crime in the first place because it's a stupid thing to do.

Re:"I could have done it better" thread here.

[germansausage]

We used to idly muse about a cron job. Actually, not just a cron job, but "THE" cron job. If you didn't reset it once in a while it would go off and cause havoc. That way if they fired you while you were on vacation and cancelled your building pass while you were away, the cron job would eventually exact your grievous revenge. If they fired you in the fashion of civilized people (severance pay, good references and a going away party), you could always delete the cron job before you left. We figured subtle corruption of backups was least likely to be detected, and after 6 months or a year of that you could wipe all the live systems, and there would be no usable backup. In reality this was just idle talk, no one was really serious. Only an idiot burns bridges.

88 servers all on line?

[sgt+scrub]

I don't understand. Was this guy the head of the IT department? Did they lay off the entire IT staff? Who was in charge of the IT department? I hope it is the guy stabbing himself in the stomach. What type of moron doesn't have machines storing VM drives separated from the network just in case of catastrophic disaster or intrusion? For the love of Yoda people! Hire a Security Engineer!

Re:88 servers all on line?

lol, have you ever spoken to a businessperson? Can't waste his bonus on your silly security stuff, that's what they hired you for. Geeks are too nerdy to be as devious as salesmen so it's safe, right?

in some office buildings you do not have full cont

[Joe_Dragon]

in some office buildings you do not have full control of the keycard system / locks. That is under the buildings control and lot's of them the building maintenance guys can get in to any room with there keycards / keys.

I disagree.

[CountBrass]

I have to admit that my initial reaction was the same as yours.

And then I spent some time thinking about it.

First, riots on previous days had resulted in people being injured and even murdered, robbed and people's homes and business destroyed.

And then these guys come along and try to arrange more of the same, knowing full well the results of those riots.

Second, I got to thinking: who are the worst? The rioters who get caught up in the heat of the moment or the cowardly little turds at the back of crowd egging them on and hiding behind the masses?

My vote is the cowardly little agitators are considerably worse.

Thirdly part of the justice process -sadly too often neglected- is to protect society, punish the guilty and plain old fashioned revenge.

So on all those counts I think a custodial sentence is quite justified.

One of the 'men', Blackshaw , was obviously quite serious and even turned up for the riot- fortunately he was the only one. There was obviously serious intent there.

The other one did it as a drunken prank and took it down when he was sober the following morning- but the damage had been done. His posts had caused serious concern in Warrington and a police response. You might think being drunk is an excuse but it impacted lots of other people- and would you try the same excuse for a drunk driver?

My conclusion is that 4 years is harsh but not unreasonably so given their intent, what they did, the impact they had and the prevailing climate.

Re:I disagree.

[NatasRevol]

My vote is the cowardly little agitators are considerably worse.

I fully disagree. That's not making people take responsibility for their own actions.

Those rioting/destroying property are responsible for their actions. If they were incited by others, it's still their damn fault.

You should be punished for your actions, not words. But then, there is no freedom of speech there, or really anywhere anymore, so they may as well be punished too. Similarly, everyone who uses the 'four boxes of freedom' sig should be carted off to jail - it's promoting shooting of those in office. See where this leads?

Re:I disagree.

the cowardly little turds at the back of crowd egging them on and hiding behind the masses?

The correct term for these individuals is plain clothes policemen.

I beg to differ.

[CountBrass]

I think it quite reasonable for an employer to know whether a potential employee is a convicted thief or has a record of violence.

I do agree that these offences should become 'spent' after a period of time, for example ater 5 years of keeping out of trouble.

Re:I beg to differ.

[sorak]

I think it quite reasonable for an employer to know whether a potential employee is a convicted thief or has a record of violence.

I do agree that these offences should become 'spent' after a period of time, for example ater 5 years of keeping out of trouble.

That five year period, isn't that what probation is for?

hmm.

[CountBrass]

Modded down 2 points already.

I guess some cowardly little turds who spend their time trolling and winding other people have mod points today.

Re:hmm.

[Jah-Wren+Ryel]

Modded down 2 points already.

I guess some cowardly little turds who spend their time trolling and winding other people have mod points today.

I think this post pretty much sums up your level of clarity of thought here. Anyone up-modding your early post should see this one before nodding along in agreement.

What he should've done

Step 1: Hack into the vsphere
Step 2: Install spyeye on the network
Step 3: ???
Step 4: Profit
Step 5: Bathe in the blood of the bourgeoisie

This makes it bad for the rest of us.

[Virtucon]

Acts like this create more FUD within companies when it comes to employees. This guy was malicious and it creates more distrust between management and IT employees. I've worked in places where this kind of FUD creates the "walk you out the door" mentality when an employee or contractor even hints that they are leaving. Invariably this distrust leads to these kinds of incidents where contractors and employees are considered as a necessary evil on multiple levels by management. This isn't what we need in the industry and it merely validates all these ridiculous studies where employees are considered a bigger threat than outside entities.

  Yes, this company was stupid. It didn't disable ex-employee / contractor passwords when they were terminated, it also didn't properly audit access to the systems. Again, if somebody can get into a hidden VMWare console to do this, then there's something much worse going on within this company. If this company makes pharmaceuticals then I'm wondering why they don't have better controls on access, especially at the system admin level, for these systems?
     

Re:This makes it bad for the rest of us.

[JBMcB]

Over-specialization and compartmentalization. You need at least two people who know how to run any one system - including all the security details. He was probably the "VMWare guy," I'm guessing the company was too cheap to have another.

In my department we all have our areas of expertise, but we share with everyone else. We all check each others work, and go over what we are doing and what we plan to do. That way we can all learn, and if someone isn't available in an emergency someone else can always fill in.

Little bit of a strawman going on there.

[CountBrass]

I didn't say anything about actual rioters- they should certainly be punished.

Agitators should be punished for two offences in my opinion, firstly they should be punished as if they had committed the crim themselves plus they should be punished for corrupting the person or people who actually committed the offence.

People are influenced by other people and it's a nonsense to pretend they aren't and there and some little turds who take great delight in trolling other people and getting them to respond.

Words have power and free speach is no defence against mis-using that power.

Re:Little bit of a strawman going on there.

[NatasRevol]

they should be punished as if they had committed the crim themselves

Bullshit. Actions not done can't be punishable.

they should be punished for corrupting the person or people who actually committed the offence

Bullshit. Others are responsible for their actions. If you're an adult, you're responsible regardless of whether or not you were listening to someone else - and THEY are NOT to blame for your actions.

Re:Little bit of a strawman going on there.

[gorzek]

Really? Leveling charges against people for "corrupting" others?

You know, Socrates was also charged with "corruption of the young."

Guess we should start handing out hemlock to politicians and activists, eh?

Not a big deal for a good environment

If all the important data was saved on mounted filers rather than virtual disks and/or if the company had reasonably good backups of the VM's they should be able to get back up and running in a few hours. That is the beauty of VMware and virtual servers is that you can spin up new or recover lost VM's significantly faster than physicals.

Damage done with a vSphere console could be significant but much more limited than if someone had root/admin access via RDP or SSH consoles.

I would have to agree though that this guy made a critical mistake in his life and once the rage wears one depression will probably set in, for the rest of it. Business is business and it is cold and heartless. As IT, perform your trade well and roll with the punches of life and business.

Jason is a friend...

[clonan]

Jason and I worked at Shionogi together for 3 years. I was laid off at the same time.

Shionogi did a piss-poor job of that round of lay-offs. I completely understand his attitude.

Apparently the only reason he was caught is because he used a debit card at the Mcdonalds where he logged in...

Smart guy that did a couple of very stupid things...

Re:Jason is a friend...

[cavreader]

Lay offs suck no matter how they are implemented but this guy has pretty much guaranteed he will never work in the industry again for anyone that even does a cursory background check. It's very easy to get a hold of peoples criminal records today and pretty much SOP at most of the mid and large corporations. Employers are willing to overlook some things but any crimes related directly to the position being filled are not.

Re:Jason is a friend...

[joggle]

They don't overlook felonies, especially when there are 20 or more people applying for every job opening. This guy will be lucky finding a job at McDonalds once he gets out of prison.

Re:Jason is a friend...

[cavreader]

In the software development arena there are people with awesome skill sets that even a felony conviction would not automatically count against them out unless their conviction happens to be directly related to the position being filled or involves sex crimes and murder. They would also have a harder time obtaining any position that requires a security clearance. About 25 years ago I was charged with simple drug possession because I had half a joint. I have had no trouble getting a security clearance or working for major banking companies including the Federal Reserve.

Secret console

So basically there's nothing secret about a vSphere client and you can download it from VMWare. The issue here is that he had access to the VM hosts from outside the network AND had working credentials to logon to them and manage them with the vSphere client.

Shitty sensationalism. Unbecoming of a tech web site.

None of our VM hosts are access able from outside the LAN without a VPN connection. And passwords are changed and VPN access is revoked when people get canned around here.

Re:Secret console

[cusco]

And admins in your org don't have access to AD to create themselves a secondary account? I've accidentally dragged a user account into the wrong OU and didn't notice it for weeks, it would not be difficult at all for him to have created a valid-looking account and left it hidden for months.

Burning bridges

[phorm]

For all my complaints about goings-on at former jobs, the most I can recall doing is grousing about it with colleagues etc.
Why burn bridges? Even in jobs where I've left because of frustration with the business, I'd not publicly badmouth the company or sabotage their infrastructure.
In some cases I've had to re-contact those old employers (as a job reference, or to get some information I needed but no longer had regarding my position). They've always been polite to me, and I've been polite to them.

Being a jackass doesn't help anyone. If you really hate the job, move on, but don't leave a trail of destruction behind.
If you get canned unfairly, talk to a lawyer and build a case for wrongful dismissal or whatever. Vigilante b.s. only proves that you're a cowboy jackass, and that they were fairly justified in firing you.

Awful

Awful stuff. It does bring up the question of where their backups are.

I'm sure if they'd being doing the Right Thing (tm). They'd have off-site backups of their virtual machines and data on disk or tape to restore from....

or... not?

This guy sucks...

[choke]

... for having to use vsphere for this.

A true hacker would have used the VMWare sdk and command line tools and had a VM that later deleted itself perform this act.

Amateur.

Collar-Bomber

[Kamiza+Ikioi]

You mean to say he was also the Collar-Bomber?

Not cool man.

[JustAnotherIdiot]

Everyone knows you're supposed to replace data with porn, not flat out delete everything.

Bullshit.

[CountBrass]

By your logic Adolf Hitler was as innocent as a new born, after all he didn't personally invade France or Russia and he didn't personally kill a single Jew, Gypsy or Homosexual.

Re:Bullshit.

By your logic Adolf Hitler was as innocent as a new born,

Really? You think J Random Luser's post to facebook is the equivalent of the head of a nation exercising his powers as commander in chief? If so, it's no wonder you have a problem with proportionality.

Upside

The upside is that he'll never be hired in the IT world again.

Sooooo

[DarthVain]

They fired an employee after getting into an argument with management, didn't take away or change passwords, and also didn't backup their systems.

Sounds to me like the company should be taken to court not just the employee.

Seriously, we treat our employees poorly, we don't take security seriously, and don't believe in backup.

What could possibly go wrong?

Yeah right

Yeah right, because they don't keep backups of these things.

Not all...

[CountBrass]

Not every convicted criminal will go through probation.

I'm not surprised.....

When my IDIOT boss fired me from my IT position at one of the bigger Car Dealership Firms in West Texas, he left my work email acct live, and he left my REMOTE LOGIN FROM HOME VPN ACCESS turned on. For THREE WEEKS. I had to be the one to contact the company owner; yes, it was vindictive; and tell him that my former boss left my access turned on. So, HE CALLED ME at home, on a three way call with the company owner, and asked me to uninstall the VPN program. Never mind the fact that all he had to do was change my VPN status to disable. He had to save face and not look like a F***ING MORON in front of his boss.

Most IT Directors these days are figureheads at best. Some, though, are an anchor just waiting to sink a company.