Slashdot Mirror
IT Admin Trashes Railroad Company's Network Before He Leaves (bleepingcomputer.com)
Catalin Cimpanu, writing for BleepingComputer: A federal jury in Minneapolis, Minnesota found a local man guilty of intentionally damaging his former employer's network before leaving the company. The man's name is Christopher Victor Grupe, 46, and from September 2013 until December 2015 he worked as an IT professional for the Canadian Pacific Railway (CPR), a transcontinental railroad based in Alberta, Canada. Things went sideways in December 2015 when CPR suspended Grupe for 12 days for yelling and using inadequate language with his boss. When the man returned to work following his suspension on December 15, management told Grupe they were going to fire him for insubordination. According to court documents obtained by Bleeping Computer, Grupe asked management to resign, effective immediately. He promised to come back the following days and return company property such as his laptop, remote access device, and access badges. He did return the items, as promised, but not before taking the laptop for a last spin inside CPR's network. Court documents show Grupe accessed the company's switches and removed admin accounts, changed passwords for other admin accounts, and deleted log files. When done, Grupe wiped his laptop and returned it to CPR's Minnesota office on December 17, two days after he resigned.
Why do you leave somsone's access privileges in place when you're in the middle of firing them?
IMHO, they deserved what they got.
*before* you tell someone you're going to fire them.
"According to court documents obtained by Bleeping Computer, Grupe asked management to resign..." What was management's answer when asked to resign? Did they?
This is just preliminaery
phone.display.poop_emoji
vr_subsystem.aroma.disperse('hydrogen_sulfide')
phone.vibrate
"...using inadequate language..."
ITYM "inappropriate."
"National Security is the chief cause of national insecurity." - Celine's First Law
IMHO, they deserved what they got.
At least he did not mess with the other switches.
Grupe asked management to resign, effective immediately
Well, did management resign then??
"...using inadequate language..."
I never realized it before now, but I have exactly that problem, inadequate language to deal with my boss
only $30,000 ?? sounds like the upgrade cost to get new hardware but it's not Millions from something derailing
So reading through the article, it looks like he was smart enough to get rid of the records of his access on the logging servers, but got caught because he forgot to clear the logging buffers on the network gear.
Hope it was worth it!
"We've found you SO insubordinate that we have to FIRE you from the company. But yes, we trust you Mr NetAdmin, to take your company laptop home with you."
Jesus. He's in trouble, but I hope for humanity's sake THEY didn't reproduce.
-Styopa
That takes balls, balls the size of Trump's balls. When told you're going to be let go, you ask management if they will resign. You negotiate from there.
I have a friend on the West Coast who is an expert at cleaning out IT closets. He would be perfect for the job.
Every month there's a story like this. It's like the world is full of dumb sysadmins that can't keep it together when they get fired.
Really ? They call him a "Professional" ? On what basis ? Professionals do not scream at other people and use profanity, let alone to their bosses. And when professionals understand that their services are not wanted, they just leave quietly unless their opinions are explicitly wanted, at which point they can criticize their superiors skills or lack there of, using a proper language. Trashing an ex-employer's equipment is childish at best. Far from being a professional. Regarless how bad your management may be. Definitely in the list of "Absolute no-no's" of a professional.
__________
The more I know people, the more I love animals
Before you fire the guys in IT, change the passwords yourself and protect the network.
... suspended Grupe for 12 days for yelling and using inadequate language with his boss.
So, he wasn't rude enough?
It must have been something you assimilated. . . .
The company deserved everything it got. This person should be viewed as a hero by all of us.
Support your local school shooter, give them your firearms.
I think this was probably supposed to be "inappropriate" language, rather than "inadequate"
That he was arguing over their shoddy security practices and management didn't care. /s
First off they didn't revoke his access keys immediately after firing him/letting him resign - for INSUBORDINATION of all things
Then it took them 3 weeks to figure out anything had been done, almost a day to figure out they just had to reboot the switches and then they had to call in specialists to figure out how to check the switch logs.
And boy howdy he sure showed them!
Choo Choo Motherfucker!
Seriously, if you have suspended/fired/asked someone to resign, Why on Earth would you not either take their security token, or revoke it?
They didn't immediately turn off his access??
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
I mean, I've been in I.T. for about 30 years now and I know there's really nothing "good" that will come of trying to mess up the corporate networks or computers on your way out the door if you're let go.
But that said? This article really doesn't tell us anything about what the guy was angry about? If you're screaming at your boss, that tells me one of two basic things. Either A) you're just that unprofessional and have anger issues, or B) the company is doing something SO wrong, internally, that they've created a situation where YOU could become the "fall guy" for major problems set up to happen, and you have reason to confront them angrily.
(Even if option B is true? This assumes you've already exhausted other avenues to get your message across.)
I agree though. This railroad obviously has shoddy H.R. policies for handling terminations, in any case. Why would you let someone back onto your network once you terminated them?
"worked as an IT professional "
I don't think that word means what you think it means.
And then you get mad that we hire folks from India and Pakistan. When is the last time one of them did something like this?
Yea, we had a senior DBA way back in the late 80's who quit in a fit of rage, but first formatted his DOS drive. It took me a few minutes to bring up Norton Utilities and undelete everything. A year later, he tried to come back and we declined to even interview him.
[John]
Shit better not happen!
Equifax
People who are somewhat career-minded in the IT field should take this as a "what not to do when you're fired" lesson. Our field is surprisingly small, more so once you get into a specialized industry. Nothing good will ever come of some stupid revenge you get on a bad employer...walking away and getting another job is the mature, grown-up thing to do.
If a doctor got fired from a hospital, would his last action be to order a fatal dose of medication for all his patients? Probably not, if he didn't want to get buried in malpractice suits and criminal charges. Incidents like this in IT are pretty common...a company close to where I live got all of its VMs and backups deleted when the admin found out they had offshored the IT department. He was caught and ended up in jail, but it just goes to show you that people trusted with IT systems are often not professional. The problem with that is that executives see stories like this, and are told by the offshore IT firms that their companies are vulnerable to "evil rogue admins" -- and their company's admins would never do anything like that!
Sure, it might be nice to live out the BOFH fantasy, especially if your company is treating you like garbage up to the point they fire you, but shouldn't professionals realize they'll be caught and also realize they probably won't get a job if anyone finds out?
One of the things I really dislike about IT is that people can just go from place to place, screw up, and walk into their next employer as if nothing happened. It's the equivalent of joining the French Foreign Legion, fighting for a few years and receiving a new identity on the other end. No one in IT would ever agree to a licensed profession, so how do we prevent this from happening?
The rail road should consider itself lucky it got off with just this much damage. It could have been a lot worse.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
âoeHelluva way to run a railroadâ
It's on the company to establish security policies to protect themselves.
First he wrecked the entire IT system of Air Canada and completely deleted the company’s customer service capability, but found that nobody noticed, because AC always runs that way.
Look at the posts on Glassdoor from IT people that left the company. Clearly they are going to be hyperbolic but thereâ(TM)s a clear pattern of anger and burnout. Iâ(TM)m not defending this person in any way but thd company clearly has or has had lots of pissed off it people.
Most admins can use service accounts that have much too much power.
It takes two to make a squabble. If you're the company and you're going to fire someone that has access to critical network and server infrastructure, you cancel all of their access and security privileges immediately - it's never a good idea to practically allow the terminated employee to royally fuck things up for you. If you're the IT pro, you don't use access IDs and tokens with your name attached to them - that's just like robbing a bank, calling the cops with your own personal cell phone, and telling the cops that show up that you're guilty.
Aside from the things the company did wrong (and firing network admins is always difficult), the real stupid move in this story is the sabotage.
This guy will likely never get hired as an IT staffer again. Sure the company was going to fire him, but in the modern world of "All we can confirm is that he was employed here from X to Y" his reason for departure was going to be an interview question, not something that was going to come up in reference checks. Now even ignoring that searching for his name is going to bring this up, he can't network for jobs with anyone he worked with, anyone who know those folks, and probably out to the second degree.
I guess that's one way to make sure you follow through on your dreams of a career change.
fencepost
just a little off
Take your medication. Or stop. I don't know.
Also clean off your [Shift] and [1] keys, they seem to be sticking.
Yup, they actually have police powers within 500 meters of any CP property: http://www.cpr.ca/en/safety/cp-police-service
So many Canuck homes may be technically under CP authority.
How strange is that? Few private corps have direct powers like that.
...that give Canadians a bad name. Now we don't think they're all Dudley Dorights.
E
This is further proof that you should never hire an american to run your IT infrastructure. Americans, particularly the white males, have a high chance of trashing the place while throwing a tantrum because you challenged their privilege. An H1B would have been better qualified and cheaper, or a wholly offshore company to outsource to would have also been a great choice. And neither of which would have done what this guy did.
and gear like that is at level where AD should not be and for stuff like fire suppression, alarm systems the alarm place has remote and do you want them to have remote into the your AD system? the fireman may need an printed admin or full rights maybe other then (account changes) password at the local command station as well.
Sound about right.
"I'm a dirty white tomcat, enter my world..."
reboot fixed it was the plan to have stuff fail an then get his job back as being the only person who knows about the network?
Is the clanging of a steel door closing behind him as he contemplates his choice for at least 1 year.
"If more IT people realized nurses are treated as badly as IT, a lot more nerds would be properlynafraid to go to the hospital."
...it's a trainwreck.
Talk about people
Their process is faulty, whereby (as others have pointed out) his access wasn't removed or somehow limited prior to their firing.
As for others, saying they deserved what they got, that's such bullshit. His behavior was not only criminal, it was extremely unprofessional. That having been said, I sincerely hope that the company learns from this. An employment separation event like the above is simply poor and there's no excuse. Where's the risk assessment? Um, and it's a railroad which has many other vulnerabilities. They have their work cut out for them, no doubt.
In a situation like this, you offer a separate in trade for a settlement (cash, usually) WHICH ISN'T RELEASED UNTIL THE EMPLOYEE LEAVES and has met those conditions.
People like this asshole make me fuming mad. They don't deserve to be in our field.
I'm thinking too many verbs and not enough adjectives. Dangling participles might be part of it, too.
Do you think he asked them all to resign or just his immediate supervisor?
I don't believe they tell the whole story. boss asking to put unicorns onto a switch causes madness.
The value of documentation.
deleting the extra space after periods so i can stay relevant, yeah.
What do they mean by "Inadequate language"? That he should have said MORE?
C.D. Reimer is a renowned Slashdot collaborator, as he puts it himself; "Because of the quality of my posts and my article submissions, I'm a highly rated commentator and moderator."
But does anybody ever wondered what "C.D." stands for? Well, it stands for Creimy Dumpty of course!
Creimy Dumpty sat on the wall,
Creimy Dumpty had a great fall.
All the king's horses
And all the king's men
Couldn't put Creimy Dumpty
Together again.
Creimy's siblings video and theme song, very realistic, especially the pants, just like Creimy's:
https://www.youtube.com/watch?v=0oKreL1jvkg
Creimy's real pictures:
Before the sex change:
https://ibb.co/cc7Ddw
After the sex change:
https://ibb.co/gVad65
Creimy's "enterprise-level" chair, he talks about it all the time on slashdot:
http://www.keynamics.com/images/bariatric-chair.jpg
Creimy's head, while his supervisor was talking to him, not with him, since it is impossible to do with Creimy:
https://school.discoveryeducation.com/clipart/images/ani-hello.gif
Creimy acting in educational resource document, he actually confirmed himself on Slashdot that he was handled by Special Education for the Santa Clara County Office of Education! He is really a king Dumpty!:
http://www.sccoe.org/depts/students/special-education/Documents/Guide%20to%20Adult%20Agencies.pdf