Slashdot Mirror
Former Sysadmin Accused of Planting 'Time Bomb' In Company's Database (bleepingcomputer.com)
An anonymous reader writes: Allegro MicroSystems LLC is suing a former IT employee for sabotaging its database using a "time bomb" that deleted crucial financial data in the first week of the new fiscal year. According to court documents, after resigning from his job, a former sysadmin kept one of two laptops. On January 31, Patel entered the grounds of the Allegro headquarters in Worcester, Massachusetts, just enough to be in range of the factory's Wi-Fi network. Allegro says that Patel used the second business-use laptop to connect to the company's network using the credentials of another employee. While connected to the factory's network on January 31, Allegro claims Patel, who was one of the two people in charge of Oracle programming, uploaded a "time bomb" to the company's Oracle finance module. The code was designed to execute a few months later, on April 1, 2016, the first week of the new fiscal year, and was meant to "copy certain headers or pointers to data into a separate database table and then to purge those headers from the finance module, thereby rendering the data in the module worthless." The company says that "defendant Patel knew that his sabotage of the finance module on the first week of the new fiscal year had the maximum potential to cause Allegro to suffer damages because it would prevent Allegro from completing the prior year's fiscal year-end accounting reconciliation and financial reports."
Seriously, why would it even be an issue? Critical code and data, but not backed up?
They're using Oracle.
.....and, backups??! But of course, that's a silly question.
"Eventually, they traced the unauthorized access to Patel's second business laptop based on the device's "electronic fingerprint.""
Translation: Someone with a functioning braincell in the IT department googled about MAC addresses and thought maybe they should check the wifi router logs and look for unauthorised access by company issue laptops.
The article said he resigned.
In most cases of IT staff leaving a company, the word "resigned" is a euphemism, and should be written in quotes.
... for a sysadmin.
Know where the logs are and erase the goddam things.
It little behooves the best of us to comment on the rest of us.
It's not worth posting stories about these amateurs. Everyone knows you don't just delete random stuff, you introduce subtle errors that can be passed off as genuine mistakes, and which take years to fully manifest, way beyond the point where backups can help.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Judging by his name it's pretty clear this guy was a foreign worker. Getting all their data deleted is exactly what this company deserved for hiring H1-B immigrants. It's obvious these unprofessional individuals are likely to resort to these sort of time-bomb tricks after they resign or are laid off.
Of course, a professional, all-american, disgruntled IT worker would do the right thing and just break into the premises with an assault rifle instead.
The other anon is right: in the real world, unless your employer is NSA or something of comparable caliber, as an admin you have access to everything - whatever you don't have access to, you can obtain, without the employer's knowledge.
The only defenses against rogue admins companies really have is to have more loyal admins, and not to piss admins off. Plus threat of lawsuit if the admin fails to cover his traces after going rogue. Essentially, you can only try to reduce damage after the attack, you can't prevent the attack.
And to have anything "better", you have to spend so much on security, that unless security is your *product*, you'll be creating losses.
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2