Slashdot Mirror
Rogue System Administrator Faces 10 Years In Prison For Shutting Down Servers, Deleting Core Files On the Day He Was Fired (techspot.com)
Joe Venzor, a former employee at boot manufacturer Lucchese, had a near total meltdown after he got fired from his IT system administrator position. According to TechSpot, he shut down the company's email and application servers and deleted the core system files. Venzor now faces up to 10 years in prison and a $250,000 fine. From the report: Venzor was let go from his position at the company's help desk and immediately turned volatile. He left the building at 10:30AM and by 11:30, the company's email and application servers had been shut down. Because of this, all activities ground to a halt at the factory and employees had to be sent home. When the remaining IT staff tried to restart them, they discovered the core system files had been deleted and their account permissions had been demoted. Eventually the company was forced to hire a contractor to clean up all of the damage, but this resulted in weeks of backlog and lost orders. While recovering from the attack was difficult, finding out who did it was simple. Venzor was clearly the prime suspect given the timing of the incident, so they checked his account history. They discovered he had collected usernames and passwords of his IT colleagues, created a backdoor account disguised as an office printer, and used that account from his official work computer.
And while I know you are sarcastic, it's people that think in this manner that ruin people's lives for years. I Almost lost my company if it was not for my backup policy. I would do back-ups monthly myself on Saturday morning and retrieve the cassettes Sunday afternoon, take them home and store. an employee that I fired for doing something real bad did a time bomb on the payroll system and sent a system-wide delete. well long story short, 3 days of employee's working part time with note pads I got a basic restore done, then one system at a time did re-installs ... 2 weeks later we were back in business.
to this day I keep backup's of data, spare computer laptops just in case, and 1 month payroll and 1 month of expenses LOL never again I hope
if the business would have failed, it would have cost 38 people's employment and my business ruined.
safe to say, that I never let only 1 person handle backing up the systems ever
if you see me, smile and say hello.
That sort of canary happens by accident instead of design when systems grow "organically" with all kind of weird interdependancies, especially on very low budgets. I started work at a place like that once and my initial goal was to remove every little quirk that needed feeding every day so that I would be free to spend time at the beach every now and again.
I seem to remember some years ago stories of suppose dead man switches and sabotage would come out when the reality was fragile systems carefully looked after by people who never got to train a replacement.
This story is of course different - but ten years? Corporate crime with consequences of shutting down companies completely doesn't get ten years, serious embezzlement doesn't get ten years - why should this sort of corporate crime get ten years?
In a professional environment yes, but in some places the sysadmin would be most of the IT department, leaving nobody to shut down remote access. Many places these days rely on cloud services for B2B and retail. Shut down the internet and you stop the business. You could shut down remote VPN access but who is to say he hasn't got his own version of a daemon running somewhere?
http://michaelsmith.id.au
The answer is "small" not dumb. If there isn't a lot to do a single server can get the job done.
If I was in that situation I'd want to keep the server hardware up to date and have a working older server ready to turn on when something goes wrong, but I don't see that a single server was the problem here.
A good canary won't rely on the owner hand feeding it; but will accept food from authorized automatons.
If the user's account is closed, the canary will no longer be fed by the golems, and will peck the neener button. But the user going on vacation or to hospital won't cause the account to be closed, and the golems continue feeding the canary.