Slashdot Mirror
Fired Techie Created Virtual Chaos At Pharma Co.
itwbennett writes "Using a secret vSphere console, Jason Cornish, formerly an IT staffer at the U.S. subsidiary of drug-maker Shionogi, wiped out most of the company's computer infrastructure earlier this year. Cornish, 37, pleaded guilty Tuesday to computer intrusion charges in connection with the attack."
He's facing a maximum of 10 years wen he's sentenced. I wonder if he'd still have been pissed at Shionogi 10 years after they laid him off?
I'm not blaming Shionogi, but they certainly made a poor choice to use him as a consultant after he'd resigned due to a dispute with management. I'm sure when they laid him off two months later (along with other employees) it was the tipping point for whatever was brewing inside. When an IT person who has access to everything (or even one server) leaves you need to change every password ever created, verify every account, etc, etc. It's sounds like a bit of an over reaction, but you never know who will do what. The other clown not turning over passwords probably played a role in this too.
For those wondering how he got caught, he accessed the servers from his home also for the McDonalds just before he accessed them he purchased some food using this credit card.
He could have potentially wiped out some on going expensive research while he was at it and potentially cost lives not to mention jobs at a company that obviously wasn't in the best financial health to start with. This selt centered little prick doesn't deserve any leniency.
I usually can only destroy 10 or so vm's before my vsphere client runs out of memory / handles or just segfaults for the fun of it. Needless to say, my displeasure with that vpshere client has caused me to become somewhat of a vsphere command line ninja.
Firstly, it appears this guy was treated poorly and not only is he a nitwit, it would appear that most of his coworkers/management were as well.
Secondly, it's acts of sabotage like this that make it hard for the rest of us to do our jobs.
Thirdly, on a not so serious note... wi-fi from McDonalds? vSphere console? How did he think he was NOT going to get caught? Did he even try to wipe the logs off the vsphere server? Had this guy two brain cells in his head, he could have obliterated their infrastructure and not left a trace of evidence.
Yes Francis, the world has gone crazy.
Shouldn't a "too long; didn't read" section be shorter than the rest of your comment? And it should provide a summary, rather than go off on some tangent.
which is totally what she said
What you really should care about when it comes to IT department is to keep them happy. The cost compared to what can happen when an employee is disgruntled is minor.
And even if you remove/change all passwords - are you sure that there isn't a backdoor somewhere? Especially in a system like Active Directory where login accounts can be "hidden" anywhere in the tree. Also - some accounts can't change password easily since there are services that may depend on them - or that the password also is the encryption key. It's just a ticking time bomb in some cases.
Some of you may claim "You are doing it wrong" when you depend on "unchangeable" passwords - but in some cases there are interdependencies that causes that kind of problem. And the problems can be all the way from a background task that locks the system account because it uses the old password to encryption key based on the password for the backup solution. In some cases it's caused by the third-party software that you use.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
And in case you didn't figure it out, "^" represents the CTRL key.
And oddly enough, it's not just VI - the windows command prompt works exactly the same way, open one now and hit CTRL+V (probably expecting to paste something) only to get ^V on your screen instead. But it's ok, hit CTRL+H and it'll backspace for you.
I believe its less to do with VI and it's CRAZINESS and more to do with the legacy of some keyboards not actually having a backspace key. Shock horror, I know.
(Cue the "...back in my day, we had to use TWO keys to backspace!" comments...).
+1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
I see only one problem with that, USA has laws against slavery...something about a civil war they had a while back...if I remember correctly. :)
I think that hardly that moron^H^H^H^H^Htechie will have enough resources to compensate his former employer for damages.
What damages? TFA mentions "virtual chaos" - why wouldn't this equate with "virtual damages" and "virtual prison"?
For those not fully awaken, I'm attempting some lame fun on the overuse of "virtual/virtualization". I've seen until now lots of abuses: "piracy is theft", "cloud", cyberwar/cyberterror (BTW, cybernetics doesn't have too much to do with computers) etc. The "virtual chaos" seems a new concept.
Questions raise, answers kill. Raise questions to stay alive.
I know this might not be a popular opinion, but why should a business "really care" about keeping the IT department happy over any other department? Yes, they could do a lot of damage, but so could ANY disgruntled employee who walks in with a gun and starts shooting. Companies should treat ALL employees with respect, not grudgingly cozy up to IT because they feel like IT has them backed into a corner.
The other sense that I get from your statement was that it seemed like you were blaming management here. It feels a bit like, "Well, they didn't keep their IT staff happy, so they brought it upon themselves!" We don't know what the disagreement was, nor who was at fault for that disagreement. People get in disagreements all the time about relatively minor issues. Perhaps Shionogi wanted him to do something one way and he wanted to do it a different way. That's certainly not worthy of revenge. Right now, we just don't know. The simple fact remains that Mr. Cornish committed an act that was unethical and illegal and did substantial damage to the business. Yes, poor management controls and practices allowed this to take place, but they weren't the ones who committed the act.
I wouldn't blame management for the damage, but it certainly is foolish to not take proper precautions when firing IT staff with administrative access. The damage a disgruntled IT employee can cause these days is akin to burning a building down 20 years ago - you could lose everything.
Get a web developer
Has anyone noticed that every system claiming "enterprise" robustness only ever protect against untrusted third parties or component failure? I think there's an enormous amount of research waiting to be done to develop systems that are robust against attacks by rogue administrators. Think about it this way: a modern distributed cluster can be made robust against nuclear warfare, but not a grumpy admin!
Technologies like the kind developed by internet pirates could be applied to enterprise systems. For example, protocols like Bittorrent are designed to be robust against malicious peers. The lessons learned by Wikipedia (where everyone is an 'admin') could be applied too, such as enforced versioning of all configuration changes.
Similarly, multi-party authentication should be an option for critical enterprise systems. It should be possible to mark objects such as VMs or service accounts as "critical", allowing configuration changes only if, say, three admins authenticate together, like in a nuclear launch. This isn't a new concept -- Certificate Authorities often require secondary approval to issue certain types of certificates.
The need will become ever greater as the trend of moving away from tape towards snapshots and replicas accelerates. Do you seriously think Google backs up to tape? Or Amazon? Or any cloud provider? They don't! They just keep two to thee copies of everything, and hope that none of their thousands of administrators ever cracks and does the equivalent of "rm -rf *" on the entire cloud all at once!
Unfortunately, a business with general purpose servers running Windows or Linux are out of luck. Even if someone were to come up with, say, a virtual hosting environment that's robust against even administrators, that wouldn't prevent other mass attacks, such as formatting the SAN (shudder), deleting every object from the Active Directory domain, or my favourite: setting an encryption key on the backups for a month before leaving, wiping the password, and then formatting every server in parallel. Just resetting every password in the system at once is enough to bring most organisations to their knees, and can be done in seconds! How long would it take your organisation to recover from that? You'll just restore the AD from tape, right? Step one: log on to the backup server... err...
Remember: Mirrors won't help. Replicas won't save you. Snapshots can be deleted just like everything else. If the business didn't have off-site tape backups of everything, it's game over.
Anyone doing this will never ever be put into a position of trust again. That is, if the potential future employer do a decent check on who's applying for the job. It doesn't matter how mad you are, you will ruin it for yourself if you do anything to harm your former employer.
I was promised a flying car. Where is my flying car?
That does not help. Honestly a highly skilled IT guy that understand virus writing can infect all the machines with a timebomb and you would never know it. IF he did it right and inserted the time bomb into a driver there is nothing you could do to stop it.
It's called paying IT people what they are worth and running background checks. This guy would not have had a squeaky clean past if he did stupid crap like this.
Finally having enough staff so that ANY changes are done with a peer review. I.E. Update XYZ needs to be applied. Sr IT guru does not apply it himself and deploy, it MUST be reviewed by 2 others and DOCUMENTED.
But corporations have no interest in properly staffed IT departments that are paid enough to hire competent and trustworthy people... You get what you pay for.
Do not look at laser with remaining good eye.
Yes... it's the "how can you get away with it?" question that boggles the mind. If you can't think at least that far ahead, then you should refrain from doing more than "wish damage." (You know, I wish something bad would happen to them because I hate them kinda thing?)
If it were me, I would do something more subtle... something based on a cron job perhaps ... something that runs, clears out logs and other things, mounts VMDKs, deletes random files, exchanges the file names of various random pairs of documents and things like that. It would be weirdness that people would dismiss at first as human error which give the trail time to grow colder and bad backup data to get worse and then at some point just go all-out, destroying itself and the systems -- preferably killing the hardware in some way. Even then the chances of getting caught are pretty good as it would be a careful balance of luck and planning to create this gradual corruption of data that wouldn't go noticed until it was too late... perhaps only corrupt files older than a certain date which are not as likely to be accessed for a long while.I suppose that would be enough to allow the corruption of backups and such along the way...
Anyway, the first thing should always be to plan not to get caught or even suspected.
Yeah... nobody has ever been busted for timebombing their former employers systems.
I am very small, utmostly microscopic.
And if your employer suddenly doesn't let you access the computers again, you know that he has read your post. :-)
The Tao of math: The numbers you can count are not the real numbers.
and then one day you get a raging case of the flu..... or simply oversleep.
I am very small, utmostly microscopic.
But seriously, if you're smart enough and determined enough to do this, cant you foresee the outcomes?
Evidently not necessarily. This is why intelligence and wisdom are different ability scores.
Space game using normal deck of cards: http://BattleCards.org
...make it impossible for some elderly people (along with some kids with cancer, and perhaps a few diabetics) to get their meds.
Oh yeah, and incidentally, cost my employer money.
Douchebag of the Year Award candidate.
I am very small, utmostly microscopic.
The reason why caps lock is above shift is that it's the position where it was on mechanical typewriters. And the reason it was there on mechanical typewriters is that it physically fixed the shift key, and therefore had to be on the metal bar connecting the shift key to the carriage.
The Tao of math: The numbers you can count are not the real numbers.
But corporations have no interest in properly staffed IT departments that are paid enough to hire competent and trustworthy people... You get what you pay for.
That has got to be the best excuse I've ever seen to help justify spending large amounts of time on Slashdot while I'm at work.
Boot Windows, Linux, and ESX over the network for free.
Only if you're a moron. You may want to do that with your personal machines at home, but a company's equipment is not your playground for petty revenge fantasies.
It doesn't mean much now, it's built for the future.
Sorry but this is just another example of a company who has no idea how to properly terminate or control access. First, those service and/or other random accounts should not have the ability to remotely access systems in the first place, let alone domain admin access. Second, thanks to the miracle of PowerCLI/etc changing local passwords across all hosts (VMware in this case since it is the focus of the story) is dead simple, free, and fast. Third, if you are going to term someone with admin access you cut off their access BEFORE you tell them.
Yes changing service account passwords is difficult but it is your job as an IT staffer to let management know that downtime will be required if someone with full admin access is let go. I've been through that exercise multiple times and it took a small team of us to get it done. Once you have done it once though you know what to expect and can accurately predict how long it will take moving forward. Not only that, you can use the exercise to determine what changes to make that will simplify the process moving forward (such as less accounts with remote access rights).
Ever feel like you are driving the getaway car?
My vote is the cowardly little agitators are considerably worse.
I fully disagree. That's not making people take responsibility for their own actions.
Those rioting/destroying property are responsible for their actions. If they were incited by others, it's still their damn fault.
You should be punished for your actions, not words. But then, there is no freedom of speech there, or really anywhere anymore, so they may as well be punished too. Similarly, everyone who uses the 'four boxes of freedom' sig should be carted off to jail - it's promoting shooting of those in office. See where this leads?
There are two types of people in the world: Those who crave closure
Right, and the engineers who design your actual products ... which are the reasons the IT guys exist aren't as dangerous?
The accountants who can drain and send your entire financial portfolio to random places around the world aren't dangerous?
No, IT guys aren't special, you just think you are and you're too ignorant to realize you really can't do anything more than be fucking obnoxious. You can't do anything that someone else in the company can't do better as far as hurting the company.
It is certainly in your best interests not to try to fuck over the company on your way out the door, unless you like spending time in jail.
IT people are the most self absorbed, arrogant spoiled brats I've ever seen, and there isn't a single reason for it. Just a bunch of people who think they're smarter than everyone around them because their lack of a social life let them learn a little more about Windows than others.
Your statement on slashdot makes me realize that I probably should be okay with employers lookup up peoples online activity just so they can avoid hiring people like you and save themselves the potential of dealing with someone so disconnected from reality that they clearly don't realize what a job is.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Actually it sounds more like a stage magician asking an audience member to confirm, in fact, that there's nothing up his or her sleeves. With that much unprompted "satisfy yourself that there's nothing wrong!" going on, it sounds like he at least knows something.
Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
The first thing to do is not pull bullshit like this, if you really have to get revenge make an obscene photoshop of your boss and put it on 4chan, otherwise grow the hell up.
Snowden and Manning are heroes.
Only the ones who got caught were busted for it. What? You thought all crime gets reported?