Slashdot Mirror
Rogue System Administrator Faces 10 Years In Prison For Shutting Down Servers, Deleting Core Files On the Day He Was Fired (techspot.com)
Joe Venzor, a former employee at boot manufacturer Lucchese, had a near total meltdown after he got fired from his IT system administrator position. According to TechSpot, he shut down the company's email and application servers and deleted the core system files. Venzor now faces up to 10 years in prison and a $250,000 fine. From the report: Venzor was let go from his position at the company's help desk and immediately turned volatile. He left the building at 10:30AM and by 11:30, the company's email and application servers had been shut down. Because of this, all activities ground to a halt at the factory and employees had to be sent home. When the remaining IT staff tried to restart them, they discovered the core system files had been deleted and their account permissions had been demoted. Eventually the company was forced to hire a contractor to clean up all of the damage, but this resulted in weeks of backlog and lost orders. While recovering from the attack was difficult, finding out who did it was simple. Venzor was clearly the prime suspect given the timing of the incident, so they checked his account history. They discovered he had collected usernames and passwords of his IT colleagues, created a backdoor account disguised as an office printer, and used that account from his official work computer.
it keeps one person from gathering other people's accounts.
Also, accounts need to be reviewed and any unexpected accounts need to be investigated.
He certainly justified the decision to fire his ass.
I guess he did not like getting the boot.
What a coincidence! When I deleted core files from our servers that ended up being the same day I was fired too.
That's the wrong way to go about that. If you're going to go to that length you might as well make it a subtle surprise for the future. And think about it, if you're really such a good employee that a company would be devastated to lose you it should be evident when you leave by the fact that you're no longer doing the job.
Do the best job you can. Sometimes that works out to be unappreciated, but then you get to move on to a more lucrative position and the company gets to try to find someone to fill your shoes.
.....find someone to fill your shoes...
I see what you did there
Why did he still have access to his official work computer after he was fired?
It all happened so fast, officer. He ran that way. He was short, beige and had a tattoo that said Lexmark.
Have gnu, will travel.
Anyone remember the dude that got the axe at PG&E a few years back??? Didn't he kill power to the datacenter or something like that???
Those core files were probably stale anyway.
Are we supposed to be outraged or something? It sure sounds like the guy deserved to be fired - and, based on the actions he took after being fired, he deserves prison time and a significant financial penalty.
#DeleteChrome
He said PC TRAY LOAD LETTER!
Most co-workers did not get the obscure reference
Nerd humor, they thought, when it was actually nerd rage.
We had a programmer in out Dept that got the can a few years back. He wrote some production jobs that ran as root on many servers. We discovered a subroutine in the code that would 'rm -rf /' if his account was removed or went dormant for more than 90-days. Luckily we found it before the 90-day timer kicked in. We (as a group) decided to keep it to ourselves since we didn't want to see the guy get into any trouble...
gave him a cold boot?
It's 2017. Everything should be running in VMs, and snapshots of those VMs should've been backed up. Guess the IT department wasn't up to scratch.
They are a bloody nuisance and just take up disk space.
This is the thoroughness expected of a well-planned attack, though it was obvious who did it in this case the actions remained effective. The cost of the lost business exceeds the potential gains from firing this man. His next career move is to investigate jobs at Mosad and other agencies for similar electronic attack roles.
Why the fuck would they care if he deleted core files? I mean, unless like... they were some sort of vital core files from crashes of products or something they were analyzing and debugging? But surely they have some sort of a backup system for diagnostic data they're working on like core files?
http://www.kvia.com/crime/fbi-...
Karma: Bad
Come on, people, if you are going to get revenge on the company that canned you, you're supposed to set up a daemon on day one that checks to see if you have logged in the last month and then begins corrupting backups as they are made for the next 5 months, at which time it will execute a total system meltdown that results in total data loss! I swear, you youngin's know nothin' about properly destroying the lives of those who have wronged you! ;)
Anons need not reply. Questions end with a question mark.
Don't get me wrong, this guy certainly deserves punishment if guilty, but 10 years? Did any CEOs or politicians get 1 day of jail time for the 2008 financial crisis?
Remote DBAN and Bit Scrape the Drive... 8 Passes of Zeroing ought to do it... Zero Evidence. Literally! :-D
Buy him a nice bar of soap.
This guy had that kind of access, and knowledge for that matter, as a help desk employee? The article is confusing but who puts a sys admin on the help desk with any ability to access all company servers in the first place?
...and I found my answer...a company that is dumb enough to run it's entire business applications from a single server. http://www.kvia.com/crime/fbi-...
"Investigators learned that the server controlled the company's production line, warehouse, distribution center and its ability to take orders."
See, it was one of the other IT employee who wanted some easy vacation time, and now had a Patsy to pin it on. Think about it.
He had physical access. What good is a VM?
Only the State obtains its revenue by coercion. - Murray Rothbard
NIGHTLY backups.
People have been killed for doing much less that what he did.
And he did this in the USA, to a company in Texas, that was founded by Sicilians.
We should mostly agree that 'don't be stupid' is a good rule to follow. Though we man rant about having similar feelings about past employers, just not enough to take any such actions.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
I suppose the exit interview did not go well.
Curious writings though: "What happens though if the person being fired is an IT system administrator in charge of managing those accounts?" "Venzor was let go from his position at the company's help desk and immediately turned volatile."
Something's missing. They call him an IT system administrator in one sentence, then say he was a part of the company's help desk in the next. Collecting usernames and passwords, this I see, and an account 'disguised' as a printer...however, the kind of damage he has caused speaks of privilege escalation. Was he one System Administrator among many, or was he the Domain Administrator? Perhaps a Network Administrator? These types aren't typically referred to as "help desk" personnel.
And what exactly did they say to him, when they fired him? (Note the lack of the words "let go") What was the incident for which they were firing him?
As much as I think the guy deserves some jail time over it, I think a year or two, some public shaming, and cash restitution to the company covers it just fine.
How much time would he have gotten for trashing the office? Assaulting a co-worker? What about arson? If it is less than 10 years, then the 10 year sentence is too harsh.
As to this company, they deserved what they got. If a help desk guy is getting access to accounts allowing him to wipe your system, even by accident, then your in-office security is far too lax, and a number of other IT personnel need to be losing their jobs over this, because they obviously weren't doing *THEIR* jobs, or those passwords wouldn't have been collected, his work computer would have been locked out immediately upon his firing, and the server would have required a password known only by the head sysadmin and either the CEO, or his immediately junior sysadmin in case something happened to him. Anything less than those three and the company full deserved the damage they got and should use the lesson to ensure they take their infosec seriously next time, along with replicated backups and periodic (monthly or more often) restorations onto a duplicate system to verify functionality in case a catastrophic failure happens, whether manmade, electronic, or natural disaster in nature.
It seems the hype and hysteria over computer issues is still ongoing.
You can, I've been there and done that during a layoff in a place I'd never been to before. You disable all remote access until you are certain what is at the other end of each remote access method. One time the former sysadmins had VPNs to their home machines (in 2002 so not as common as today), which was totally legit when they had a job but completely undocumented, yet it still wasn't hard to stop until it was clear where everything was going.
I would like to know what the sentence would have been if he'd taken a baseball bat to the server and backup media instead of using electronic means.
That's a very 1990 way of looking at things in server space (IBM etc was doing it then). Zones (AKA containers) are a less wasteful way separate things and unlike recent VMs there is some consideration of security.
"Everything" is a bad word to use when describing something outside of your own workplace in terms of what applies inside yours.
In the MS world VMs are the bandaid solution to poor resource management by an OS. Outside of the MS world there is less need and very frequently you want a piece of hardware (or a cluster) to be dedicated to a single task - so a VM is pointless in that situation apart from convenience of backups (which once again outside of the MS world is trivially easy).
Better example - probably just a warning and good behavior bond instead of a possible ten years.
He didn't get 10 years, 10 years is the maximum he CAN get under the law. though this arsehole looks like he probably deserves the maximum
at least no one lost there lives in these type of incidents though destructive non the less.
Unless he somehow killed or permanently disabled his boss taking out their operations for several weeks did more damage and impacted more people. Our businesses and, to some extent our lives, have become so dependent on computers that even relatively simple attacks against computers can have devastating effects. For example, imagine I went into a hospital's case management system and put a trigger on the database to double all new doses on insert. It's a "simple" attack but could have very deadly consequences. I know that's in a completely different league from what happened here but it illustrates the point that you have to measure the crime by its impact, not by the level of effort (or violence) in its execution.
The obvious solution to the rogue admin problem : Use Linux :)
A study has shown that when using Linux, admins are 47,5% happier on average.
By using Linux you can nearly guarantee that you will not have a sour relationship to your admin, and probably don't have to be in this situation
aaaaaaa
Bastard!
A random AC said:
It's "rouge". Rogue is what old-fashioned women apply to their faces so they'd look healthier.
Umm, no. You got it backwards, and (for once?) the Slashdot editors do it better than the random contradicting AC.
"Rouge" (French for "red", same Latin origin as "ruby") is the cosmetic, and rogue (from Latin "rogare", "ask"/"beg", same origin as "interrogate") is a excellent word to describe the guy in this story. Just because it's on Slashdot doesn't mean it's *wrong*.
I don't care about correcting AC who will probably never see this, but some poor guy might read that and believe it...
That's a very 1990 way of looking at things in server space (IBM etc was doing it then). Zones (AKA containers) are a less wasteful way separate things and unlike recent VMs there is some consideration of security. "Everything" is a bad word to use when describing something outside of your own workplace in terms of what applies inside yours. In the MS world VMs are the bandaid solution to poor resource management by an OS. Outside of the MS world there is less need and very frequently you want a piece of hardware (or a cluster) to be dedicated to a single task - so a VM is pointless in that situation apart from convenience of backups (which once again outside of the MS world is trivially easy).
A VM, is pointless?
In the real world you properly assess risk and impact, define an SLA, virtualize all critical servers in VMWare, and run encrypted snapshot backups multiple times a day, written to tape nightly and kept offline as well as offsite, away from any risk of "rouge" attack. Proper snapshots capture the entire server (including those pesky "core system files"). Had they used and protected VMs properly, it would have likely resulted in little more than getting admin rights back and restoring the entire environment within a day.
While the rogue admin deserves punishment, the real crime was this clusterfuck of a DR strategy. Whoever signed off on that shit should also be fired.
Oh, that DR solution is too expensive? I wonder how much weeks of backlog and lost business cost. Maybe they should have invested more in IT instead of their Polo team...
I used to work at a $Very Big Transportation Company from 1982 to 1998. They are now clients of our company. Earlier this year Transportation Company needed to give me access to some of their systems. My old username and account, from 1998, were still in their systems.
None of them can see the clouds; The polished wings don't care.
to society? If you just want punishment for punishment's sake I guess there's that. He's a first time offender, the damage was minimal. Nobody got hurt, and they just needed a few contractors (read: Cheap Windows guys) to sort it all out. "Core Files" here if you RTFA means he broke the OS. He should get slapped with restitution equal to lost sales and the contractor hours + a little for pain/suffering (very little) and sent on his merry way. Maybe get some court mandated therapy. By the sound of it this was a spur of the moment/rage thing. Throwing him in jail is a waste of everyone's time and money and might unnecessarily destroy his life.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
It's like 6 months old... http://www.elpasotimes.com/sto...
It is. People are still exceptionally stupid and this is one thing they understand even less (it that is possible).
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Those red attacks can be pretty devastating. Rogue. Rouge is a color.
They shouldn't have fired him. This company got what they deserved, though frankly I think it should have been worse.
From the official announcement by the Department of Justice, the guy was NOT a sysadmin. He was a help desk monkey.
Appearing before Senior United States District Judge David Briones, Venzor pleaded guilty to one count of transmission of a program to cause damage to a computer. By pleading guilty, Venzor admitted that on September 1, 2016, after being terminated from his position at the company’s help desk, he logged onto the company’s network through an administrator account and shut down the company’s email server and application server while deleting systems files essential to restoring computer operations.
All this "sysadmin gone bad" stuff is one big April Fools joke.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
Shhh - we now know that Sarah Palin posts on slashdot - "Going Rouge" :-) If she's busy here, she's not screwing things up elsewhere. Now maybe we can also get Trumputin to stop by?
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
This guy is the kind of stupid that education can't cure. I wonder how old he is?
I resigned from a company and they locked themselves out of several LUKS devices. I volunteered to help them recover from backup, and a few weeks later I was arrested and jailed for supposedly logging in using the CEO's account and deleting their data, denying customers access for months and months. Eventually proved that none of it happened, but I was facing 10+ years without any evidence against me.
They've got this guy for sure.
Good job on the backups! I've worked for billion-dollar companies that didn't do backups as well as you. Seriously.
Glad I got at least the one bite! Sad for you.
This somewhat happened in the 1960's to a company I heard about. Two disgruntled employee quit at the same time. They were he only ones who knew how to run the system and how it worked. They both laughed all the way out the door. The company immediately hired a couple of programmers who came in, studied the code, and had the system running smoothly again in a few days. I knew one of the persons who had quit and he was somewhat dismayed at how quickly his deliberate damage was healed.
The "real world" has systems other than MS Windows in it.
Ah - the "real world" bit should have given me a clue - you are a student aren't you? Encrypting your backups in a vastly stupid idea since when the backups are required in the future it can never be certain that someone with the passphrase or whatever is available. Physical security is the answer with backup tapes but beyond that you want them to be as easy to restore as possible. For example, the AMANDA backup system has instructions in ASCII in the tape header of how to get files out on anything that can read the tape (so long as it has "tar" and "dd" you can eventually get everything without needing to install the AMANDA software). Of course it's much easier to use the actual software, but if you don't it's still not hard. That's how you should be doing backups, making them so a PC hooked up to a tape drive is all you need for a relative newbie to get what is needed quickly enough when nobody else is available.
Unlikely. Nurses check paperwork, which gets printed onto actual paper and they would see the previous dose. That's a system that is already has a lot of mistakes from data entry so has error checking outside of the computer system.
You do have a point, just the example doesn't quite fit.
Is why you should not fuck over people who detain the keys of the kingdom like baristas or MacDonalds employees.
Wait, "VMWare"?
Let's go back to "laughable".
VMWare markets well, but VMWare centrism leads you to some odd places⦠like thinking that only VMWare can do virtualization, or that all important things must be virtualized⦠(we're going to virtualize your hypervisors, bro!)
In the real world I'm accustomed to, you gather requirements, including SLAs, and then work on several different approaches and arrive at a selection of basic solutions on which you assess impact, risk, cost, stability, resiliency, operational effectiveness, and devise a list of pros and cons to present to the business.
The SLAs and limitations on approaches will vary with regulations, company culture and competency, and your own creativity.
Agreed that a DR solution can be used for recovery of this kind of thing⦠but more concerning is that an outside contractor had to come in to fix it. WTF? Were they firing their core administrative expertise?
I suspect a deeply fucked-up company culture. Especially since they didn't have a way to boot from clean media and un-fuck their systems, but they apparently quickly found the "forensic trail" that lead to the departing admin.
but feel sorry for the idiot. When the guys inmate number and location are found out I'd be happy to send him some money for his canteen.
Ah - semantics now. Dropping every packet at every point of ingress and egress is effectively the same as an air gap, and is the same if you do it by unplugging things.
What's with the bluster, getting personal and the need to show dominance? It's kind of pathetic the way you are big noting yourself to try to show how much better you are than someone who offered a suggestion.
If the consequence of data loss is very high you DON'T encrypt because the vastly increases the chance of loss - when shit happens your careful house of cards with the keys doesn't even have a table to sit on and is lost. A corporate restructure, let alone a buyout, is likely to lose those keys and anyone who knows where they are.
As I wrote elsewhere, I've had to have reels of tape transcribed (on well over a dozen occasions now) because the client lost their copies over time and the tape that was sent to my workplace years ago to transport the data to the people interpreting it ended up being the only one surviving. If someone in the 1980s decided to encrypt those tapes the key would be long gone with most of the other paperwork so it would mean a very expensive seismic survey to get that data again. All industries have similar situations where old information is of great value but not any sort of secret.
Accounts info - sure you don't want all that getting out, but in the general case? That is asking for trouble.
So you've marked me foe because I didn't act meek and mild after you jumped in on me stating the obvious and said I was someone you would fire? That's somewhat pathetic.