Former Sysadmin Accused of Planting 'Time Bomb' In Company's Database (bleepingcomputer.com)
An anonymous reader writes: Allegro MicroSystems LLC is suing a former IT employee for sabotaging its database using a "time bomb" that deleted crucial financial data in the first week of the new fiscal year. According to court documents, after resigning from his job, a former sysadmin kept one of two laptops. On January 31, Patel entered the grounds of the Allegro headquarters in Worcester, Massachusetts, just enough to be in range of the factory's Wi-Fi network. Allegro says that Patel used the second business-use laptop to connect to the company's network using the credentials of another employee. While connected to the factory's network on January 31, Allegro claims Patel, who was one of the two people in charge of Oracle programming, uploaded a "time bomb" to the company's Oracle finance module. The code was designed to execute a few months later, on April 1, 2016, the first week of the new fiscal year, and was meant to "copy certain headers or pointers to data into a separate database table and then to purge those headers from the finance module, thereby rendering the data in the module worthless." The company says that "defendant Patel knew that his sabotage of the finance module on the first week of the new fiscal year had the maximum potential to cause Allegro to suffer damages because it would prevent Allegro from completing the prior year's fiscal year-end accounting reconciliation and financial reports."
Who in the heck was monitoring for changes to Oracle's software? Too many unanswered questions.
Of all the knocks on Oracle I have seen on Slashdot (most of which are completely valid), I have never seen an insinuation that their products are not reliable. I do not believe that is one of their weaknesses.
Oh, it's reliable alright.
You can count on being reliably fucked as as customer at any given time.
And that's just dealing with the software audit mafia. Forget actually patching the fucking thing and not breaking all kinds of shit in the process.
"This could also happen if they forgot to renew the software."
Absolutely. The biggest time bomb of all might be simply to decline to share the file of license renewals. The company starts to feel the results of *that* after the admin is long gone. And all the warning messages go to the admin's closed account, or to a service account that nobody checks since he left.
The problem is, the results are indistinguishable from the case where the admin passed the information to "transition management" prior to being outsourced, only to have them lose it, so he gives them his spare copy, and they lose that also, and then a few months down the road when appliances and software suddenly stop working, offshore management blames the former admins for the debacle(s).
Don't ask me how I know this.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
Second translation: DB admins are pretty inept at IT. It's trivial to change the Mac address.
Once again proving that those that do evil deed are typically pretty stupid and leave obvious clues.
You missed the key point too.
The anon poster before you had the right idea.
He wouldn't need to keep the laptop if all he had to do was spoof the MAC address.>
If all he needed was the mac address, then he didn't even need the laptop. He could have spoofed the Mac Address. Most likely there was additional network security which is why he needed the laptop. It could be a cert/key etc. too that was on the laptop which he couldn't spoof.
I am at loss with words...