Slashdot Mirror

← Back to Stories (view on slashdot.org)

IT Admin Trashes Railroad Company's Network Before He Leaves (bleepingcomputer.com)

Posted by msmash on from the stranger-things dept.

Catalin Cimpanu, writing for BleepingComputer: A federal jury in Minneapolis, Minnesota found a local man guilty of intentionally damaging his former employer's network before leaving the company. The man's name is Christopher Victor Grupe, 46, and from September 2013 until December 2015 he worked as an IT professional for the Canadian Pacific Railway (CPR), a transcontinental railroad based in Alberta, Canada. Things went sideways in December 2015 when CPR suspended Grupe for 12 days for yelling and using inadequate language with his boss. When the man returned to work following his suspension on December 15, management told Grupe they were going to fire him for insubordination. According to court documents obtained by Bleeping Computer, Grupe asked management to resign, effective immediately. He promised to come back the following days and return company property such as his laptop, remote access device, and access badges. He did return the items, as promised, but not before taking the laptop for a last spin inside CPR's network. Court documents show Grupe accessed the company's switches and removed admin accounts, changed passwords for other admin accounts, and deleted log files. When done, Grupe wiped his laptop and returned it to CPR's Minnesota office on December 17, two days after he resigned.

121 of 212 comments (clear)

  1. What an Idiotic Company by Anonymous Coward · · Score: 4, Insightful

    Why do you leave somsone's access privileges in place when you're in the middle of firing them?

    IMHO, they deserved what they got.

  2. And this is why you disable accesss..... by Drakonblayde · · Score: 5, Insightful

    *before* you tell someone you're going to fire them.

    1. Re:And this is why you disable accesss..... by Anonymous Coward · · Score: 5, Informative

      That assumes competent people, in HR as well as in IT. Competent people cost money, "management" does not want to spend money, obviously, if "management" tells an admin with full network access, they are going to fire him...

    2. Re: And this is why you disable accesss..... by K.+S.+Kyosuke · · Score: 2

      This may be problematic if you're going to fire the very person that would be performing said actions. In a perfect world, you'd perhaps contract someone in a hurry. Maybe we're living in an imperfect world, though.

      --
      Ezekiel 23:20
    3. Re: And this is why you disable accesss..... by JohnFen · · Score: 5, Interesting

      This may be problematic if you're going to fire the very person that would be performing said actions.

      Who has only one person that has admin access to their systems?? What if that person gets hit by a car or quits without notice or something? Shit happen, after all.

      That's as insane as telling someone they're being let go before you remove their credentials.

    4. Re: And this is why you disable accesss..... by K.+S.+Kyosuke · · Score: 3, Insightful

      It's almost as if they were incompetent in general...

      --
      Ezekiel 23:20
    5. Re: And this is why you disable accesss..... by Chris+Mattern · · Score: 3, Insightful

      This may be problematic if you're going to fire the very person that would be performing said actions

      If you've only got one person who can do this, then you already have a very large problem.

    6. Re: And this is why you disable accesss..... by jordanjay29 · · Score: 4, Insightful

      Or if fellow IT members don't agree with firing them. Or they give fired employee a heads up before the meeting. "Hey Chris, they just asked me to remove your access, something's up."

      You basically need the IT head (who, if they can't be objective, can at least be counted on to be professional) in HR's office or on the phone before the fired employee leaves the room and make sure it's done.

    7. Re: And this is why you disable accesss..... by decep · · Score: 5, Funny

      What if that person gets hit by a car

      Or a train...

    8. Re: And this is why you disable accesss..... by HideyoshiJP · · Score: 1

      Yeah, haven't they heard of the Bus factor?

    9. Re:And this is why you disable accesss..... by sexconker · · Score: 2

      It also assumes you CAN disable access on everything the person has access to.

      There's plenty of gear, often at the critical infrastructure level (be it network, power, building monitoring, fire suppression, alarm systems, etc.) that would need a manual touch to change out the lowest level password. Not everything integrates into AD or some management portal, and even the stuff that does usually has a lower-level mode of access.

    10. Re:And this is why you disable accesss..... by aix+tom · · Score: 1

      Of course, the problem is, the people who DO the firing have no clue how to disable access most of the time.

      Only the person they are firing has that knowledge in most cases where management is stupid enough to "fire" them. It's like firing a pilot while the plane is still in the air, or a fire-fighter while your house is still burning.

    11. Re:And this is why you disable accesss..... by Darinbob · · Score: 1

      These sorts of actions are the reason why more and more companies treat anyone being laid off as a hostile entity. Perp walked out the door, can't take person items with you (but with vague hopes that they will be mailed later). Then someone dumb in IT attempts to wipe their laptops soon, and someone in facilities starts to box everything up and put it into storage, leaving whatever project they were on in shambles.

      I had three reports laid off in the past, two were out of the building before I even showed up in the morning and the third was in progress. No chance to talk to them, get any status of ongoing work, or even say goodbye.

    12. Re: And this is why you disable accesss..... by Darinbob · · Score: 1

      Our bus factor is 0.

    13. Re:And this is why you disable accesss..... by pnutjam · · Score: 1

      It can easily be put behind a VPN where you can control such access.

      --
      Cheap storage VM.
    14. Re: And this is why you disable accesss..... by thegarbz · · Score: 1

      Maybe we're living in an imperfect world, though.

      We are. And companies without a business continuity plan such as "what happens if my admin gets hit by a bus" deserve everything they get.

      Mind you I doubt this was actually the case and the result was far more likely HR incompetence than anything else.

    15. Re:And this is why you disable accesss..... by leonbev · · Score: 1

      Yeah... what a dumbass. Everyone knows that you remote into an unliked coworkers PC's with admin rights and make it look like they did the sabotage!

      Geez... doesn't anyone read BOFH on The Register anymore?

    16. Re:And this is why you disable accesss..... by Snotnose · · Score: 4, Interesting

      *before* you tell someone you're going to fire them.

      CSB. One morning some 20 years ago I was in the sysadmin's office talking to him when some guy popped his head in and said he couldn't log in. Sysadmin said "damn, that wasn't supposed to happen until next week".

      Sure enough, next week there was a layoff and the guy who couldn't log in was one of the head reductees.

    17. Re: And this is why you disable accesss..... by nnet · · Score: 1

      yeah, pretty good Lazarus impression huh?

    18. Re:And this is why you disable accesss..... by afidel · · Score: 1

      Exactly, any life safety system that needed to be network accessible was on its own private vlan with a bastion host used for access, remove network account and you can't access the bastion host. For networking gear you set it up for AAA authentication and make it so local accounts can only be used if the AAA server can't be reached. That plus network monitoring to tell if the device is offline should mean there's no way to use a local login without it being known that it is happening. My goal has always been to create a network that even I can't hack with the root level account without leaving a trail.

      --
      There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
    19. Re: And this is why you disable accesss..... by antdude · · Score: 1

      Or a plane, boulder, tree, etc.

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
    20. Re: And this is why you disable accesss..... by mysidia · · Score: 1

      Who has only one person that has admin access to their systems?? What if that person gets hit by a car or quits

      It's not a big deal. That is why equipment and servers provide procedures that can be used to utilize physical access to reset the admin password without knowing the admin password.

      Ideally you require all admin passwords be filed in a password management system, so when the admin is done, they hand over the keys to the password vault, and that is that.

    21. Re:And this is why you disable accesss..... by phorm · · Score: 1

      It also assumes no back-doors by an already unhinged SysAdmin...

  3. Well... did they? by rfengineer · · Score: 5, Funny

    "According to court documents obtained by Bleeping Computer, Grupe asked management to resign..." What was management's answer when asked to resign? Did they?

    1. Re:Well... did they? by freeze128 · · Score: 4, Funny

      I had no idea I could just ask management to resign. I'm totally going to do that from now on.

    2. Re:Well... did they? by clodney · · Score: 1

      "According to court documents obtained by Bleeping Computer, Grupe asked management to resign..." What was management's answer when asked to resign? Did they?

      Well, after they had had to deal with "inadequate language", how could they not resign?

      I did not RTFA, but the language in the summary is rather tortured.

    3. Re:Well... did they? by dgatwood · · Score: 1

      I did not RTFA, but the language in the summary is rather tortured.

      Inadequate language, indeed. Case in point.

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

    4. Re:Well... did they? by Rei · · Score: 5, Funny

      Employee: "I've been working project you assigned me last but I don't have enough to get it done."
      Boss: "Excuse me?"
      Employee: "Do you not want me to the project or should I instead?"
      Boss: "... Can you please use adequate language when speaking with me?"
      Employee: "Go yourself."

      --
      I'll BUILD someone to replace you. Some kind of gamma-powered monster, with a heart as black as coal!
    5. Re:Well... did they? by olsmeister · · Score: 1

      I laughed out loud at this!

    6. Re:Well... did they? by Rick+Zeman · · Score: 1

      LOL, I was thinking "leaving the --ing off of verbs" and things like that, but your example is better!

    7. Re: Well... did they? by bestweasel · · Score: 1

      TFA has the same inadequate language including the bit about Grupe asking management to resign.

    8. Re:Well... did they? by Krishnoid · · Score: 1

      Here's hoping it goes something like this.

    9. Re:Well... did they? by Attila+Dimedici · · Score: 1

      Hey, that "Employee" went to work for the last recruiting company to contact me.

      --
      The truth is that all men having power ought to be mistrusted. James Madison
    10. Re:Well... did they? by clovis · · Score: 1

      "According to court documents obtained by Bleeping Computer, Grupe asked management to resign..." What was management's answer when asked to resign? Did they?

      It seems to me that the original article was written in Canadian and then run through Google translate to produce Slashdot English.

  4. Huh? by msauve · · Score: 3, Informative

    "...using inadequate language..."

    ITYM "inappropriate."

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
    1. Re:Huh? by 93+Escort+Wagon · · Score: 1

      It was also pretty cheeky of him to "ask management to resign, effective immediately". :-)

      --
      #DeleteChrome
    2. Re:Huh? by SuiteSisterMary · · Score: 1

      Adequate: satisfactory or acceptable in quality or quantity.

      --
      Vintage computer games and RPG books available. Email me if you're interested.
    3. Re:Huh? by cascadingstylesheet · · Score: 1

      "...using inadequate language..." ITYM "inappropriate."

      Yeah, I loved that ... really, most profanity outbursts probably are the result of inadequate language, IMHO.

    4. Re:Huh? by burtosis · · Score: 1

      Nah his cussing was unoriginal, not loud enough, wasn't in a public setting, and had a disturbing lack of spittle. I'd have fired him too.

    5. Re:Huh? by JonnyCalcutta · · Score: 1

      Yeah, I loved that ... really, most profanity outbursts probably are the result of inadequate language, IMHO.

      Fuck off

      https://www.sciencealert.com/s...

  5. And programmer [Re:What an Idiotic Company] by XXongo · · Score: 4, Insightful
    And what an idiotic IT professional! You'd think he'd have enough sense to not leave his fingerprints all over the sabotage.

    IMHO, they deserved what they got.

    1. Re:And programmer [Re:What an Idiotic Company] by ThePhish · · Score: 1, Insightful

      How does this get modded up?

      Anyone who plans to sabotage anything like this on the way out the door deserves everything that comes to them if they get caught.

    2. Re:And programmer [Re:What an Idiotic Company] by ShanghaiBill · · Score: 4, Insightful

      Anyone who plans to sabotage anything like this on the way out the door deserves everything that comes to them

      Sure, the sabotage was criminal and wrong. But leaving access enabled was still stupid, especially when they knew this guy was irrational and had anger issues.

      Burglars should go to jail, but I still lock my front door.

    3. Re:And programmer [Re:What an Idiotic Company] by bsolar · · Score: 2

      Being stupid no, but being negligent could very well be.

    4. Re:And programmer [Re:What an Idiotic Company] by Pig+Hogger · · Score: 2, Funny

      The asshole IT admin wasn't smart enough to cover his tracks.

      What the simple fuck did he think was going to happen next?

      Getting railroaded?

    5. Re:And programmer [Re:What an Idiotic Company] by CaptainDork · · Score: 1

      No, getting caught.

      --
      It little behooves the best of us to comment on the rest of us.
  6. At least he did not mess with the other switch by Joe_Dragon · · Score: 1

    At least he did not mess with the other switches.

  7. inadequate language [Re:Huh?] by XXongo · · Score: 4, Funny

    "...using inadequate language..."

    I never realized it before now, but I have exactly that problem, inadequate language to deal with my boss

  8. only $30,000 ?? sounds like the upgrade cost to by Joe_Dragon · · Score: 1

    only $30,000 ?? sounds like the upgrade cost to get new hardware but it's not Millions from something derailing

  9. Busted by the logging buffer... by Drakonblayde · · Score: 3, Informative

    So reading through the article, it looks like he was smart enough to get rid of the records of his access on the logging servers, but got caught because he forgot to clear the logging buffers on the network gear.

    Hope it was worth it!

    1. Re:Busted by the logging buffer... by MobyDisk · · Score: 1

      looks like he was smart enough to get rid of the records of his access

      Smaaary....Riiight... because that would totally not have been obvious. Guy with anger management issues is fired, returns his laptop 2 days later, wiped, logs are wiped, and all the passwords are changed so nobody can get in. We shouldn't need log files to see what happened.

      The physical-world equivalent here is the bank fires the one person with access to the vault, and the next day the vault is empty. The former employee shows up to return a giant empty bag with dollar signs all over it. The surveillance cameras weren't working for the duration of the robbery. You don't really need the video of the robbery to see what happened.

    2. Re:Busted by the logging buffer... by iamstretchypanda · · Score: 1

      Your logic makes sense for a civil trial, but I don't think it holds up to the beyond a reasonable doubt standard without evidence. Since he didn't get rid of the network logs he left behind the evidence needed to convict criminally.

  10. Stupidest managers ever by argStyopa · · Score: 5, Insightful

    "We've found you SO insubordinate that we have to FIRE you from the company. But yes, we trust you Mr NetAdmin, to take your company laptop home with you."

    Jesus. He's in trouble, but I hope for humanity's sake THEY didn't reproduce.

    --
    -Styopa
    1. Re:Stupidest managers ever by barc0001 · · Score: 3, Insightful

      As a Canadian who is familiar with various aspects of CP Rail, yeah, they are *that* stupid. The only reason they're profitable is inertia and little competition other than CN, who also has similar intelligence problems.

    2. Re:Stupidest managers ever by Darinbob · · Score: 1

      Yup. When an employee is in a loud shouting contest with management, the person is going to be fired 99.9% of the time. Why waste 12 days of cooling off time? And why not confiscate the laptop immediately? Vaguely sounds like union rules or an overly restrictive set of procedures to follow.

      As for the employee, it seems like he expected a chance to not be retained and he got his revenge only after being officially terminated.

    3. Re:Stupidest managers ever by stephanruby · · Score: 2

      No, you just don't get it.

      The physical laptop is not what really matters. A laptop can be copied. Revoking the credentials is what should have been done.

      It's just like if your bag gets stolen and someone drops your credit cards and your house keys on the front porch of your house. It's nice that those items made their way back to you, but it doesn't mean it's over and you better be sure to change your locks and cancel those credit cards in case someone made copies and eventually tries them out. It's the only sensible thing to do.

      In this case, the employee probably left his laptop at home after his suspension, since he probably knew that he was going to get fired. But that still does not excuse the incompetence of his upper management. They needed to remove his access as soon as they found out he was being difficult.

  11. So they have an opening now? by ITapeFatCashews · · Score: 1

    I have a friend on the West Coast who is an expert at cleaning out IT closets. He would be perfect for the job.

    1. Re:So they have an opening now? by FatCashewsSlapMe · · Score: 1

      But, cousin, we're only just getting started!

  12. Every month... by ccnafr · · Score: 1

    Every month there's a story like this. It's like the world is full of dumb sysadmins that can't keep it together when they get fired.

    1. Re:Every month... by ctilsie242 · · Score: 1

      What gets me is that people remember this stuff forever. About fifteen years ago, I was hired on as a consultant to clean up after an admin was fired, and said admin left many logic bombs (custom compiled init daemons that checked files, and if the files that if were not manually touched every week or so, would start writing garbage on random drive sectors, as well as resetting encryption on backup tapes to passwords from /dev/urandom, ensuring the data backed up would be useless.) Years later, this guy came up during a job interview, and I asked him about his little tantrum and that how can I be sure that this won't happen again. His excuse was, "I was younger back then, and didn't know better." Needless to say, he didn't get past any more interview rounds.

      Even if CFAA charges or civil charges are not brought, anyone who sees the person's name will remember them and tell other people. They may wind up getting a job somewhere, but eventually will be asked by a boss, "I heard about an incident sometime way back when...", or even just put on the chopping block without a word being said.

    2. Re:Every month... by Major_Disorder · · Score: 1

      I was on friendly terms with the HR manager at a former employer. We were talking one day about the hiring process, and he told me when a CV came in. He would not even read it without first googling the persons name. Then he would look them up on Facebook (For any embarrassing posts.) About half the CVs would get circular filed before he even had to read them.
      If the CV looked good, then a check on Linkedin.
      So watch what you put on the internet people.

      --
      First law of people: People are generally stupid.
    3. Re:Every month... by mrbester · · Score: 1

      I guess I'd have been round filed then for the audacity to not be found on Google, nor have a Facebook account nor a LinkedIn profile. There aren't any pictures of me online either.

      Then again, if HR is reading my CV and judging instead of someone who knows what the technical terms contained within actually mean then I wouldn't want to work there anyway.

      --
      "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
    4. Re:Every month... by Major_Disorder · · Score: 1

      Then again, if HR is reading my CV and judging instead of someone who knows what the technical terms contained within actually mean then I wouldn't want to work there anyway.

      Nice in theory. But some of us live in the real world, and need to pay our mortgages. In the real world the HR department sees the CVs first.
      Also I never said he was nontechnical, and I am not sure what would happen if he could find no trace of a person. But the impression he gave me was that the was looking for anything that might embarrass the company in the future.

      --
      First law of people: People are generally stupid.
    5. Re:Every month... by angel'o'sphere · · Score: 1

      No need to watch, what I put on the internet.
      Forr an idiot like that I don't want to work anyway ...

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
    6. Re:Every month... by ctilsie242 · · Score: 1

      You hit the nail on the head. Last year, I had a job interview where posts I made back in the early 1990s in sci.crypt, comp.sys.mac.*, alt.sex.cthulhu, and other newsgroups actually were questioned. Thankfully I got an offer, but went with another place. The Internet does not forget.

    7. Re:Every month... by ctilsie242 · · Score: 1

      You would be surprised. The only reason I have a FB, LinkedIn, and Twitter account is that when I was interviewed and said that I didn't have one, the interview pretty much ended on the spot. To a lot of HR people, no FB or LinkedIn is like not having E-mail or a phone.

      So, I got a Twitter account, followed some random big named companies... good enough. Similar with FB, and LinkedIn has some random ramblings on it pointing to my public Git repo.

    8. Re:Every month... by mrbester · · Score: 1

      In the real real world, where IT has some autonomy, HR hands CVs to those who are qualified to vet them. That's why I was given them when I was in charge of recruiting developers at a previous company and it was my decision to round file or not. In my current company, HR hands CVs to the team leads to scrutinise.

      If / when it came to interviews, seeing as it was for a technical position, technical people took the lead as they were most qualified to judge a candidate's ability to do the job they've applied for, with HR taking a back seat until the "soft skills" part.

      --
      "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
    9. Re:Every month... by afidel · · Score: 1

      Not every places uses HR for hiring technical people, at my last two employers HR is only involved in posting the available position and filling out the HR paperwork once the candidate has been selected. It might be a bit of a self-selection process because I don't have a degree and so won't make it past the HR filter at places that use them.

      --
      There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
  13. IT Professional ?? by nomad63 · · Score: 3, Interesting

    Really ? They call him a "Professional" ? On what basis ? Professionals do not scream at other people and use profanity, let alone to their bosses. And when professionals understand that their services are not wanted, they just leave quietly unless their opinions are explicitly wanted, at which point they can criticize their superiors skills or lack there of, using a proper language. Trashing an ex-employer's equipment is childish at best. Far from being a professional. Regarless how bad your management may be. Definitely in the list of "Absolute no-no's" of a professional.

    --

    __________
    The more I know people, the more I love animals
    1. Re:IT Professional ?? by JohnFen · · Score: 2

      They call him a "Professional" ? On what basis ?

      Technically, a "professional" is someone who gets paid for their work, nothing more or less. You're using "professional" in the slang sense.

    2. Re:IT Professional ?? by fahrbot-bot · · Score: 1

      Professionals do not scream at other people and use profanity, let alone to their bosses.

      You can get into real trouble w/o doing any of those things. I once had a new manager (who was, "a quick learner") who wanted me to put a Fiber Channel card designed for a PC into a $200k HP server to, "see if it would work". I replied, very politely, but in front of other people, "Do you even know how computers work?" I got fired the next day. (Which, turns out, was for the best. I got another job within a month at the same pay. Had that one for 16 years.)

      Lesson learned: Don't let people push your buttons.

      --
      It must have been something you assimilated. . . .
    3. Re:IT Professional ?? by ArhcAngel · · Score: 1

      Professionals do not scream at other people and use profanity, let alone to their bosses.

      You sure about that? I suspect Bobby Knight would disagree

      --
      "A person is smart. People are dumb, panicky dangerous animals and you know it." - K
    4. Re:IT Professional ?? by JohnFen · · Score: 2

      I replied, very politely, but in front of other people, "Do you even know how computers work?"

      "Do you even know how computers work?" is not a polite response no matter what tone of voice you used.

    5. Re:IT Professional ?? by zilym · · Score: 2

      So, did everyone in the room burst out laughing? :-)

      Sometimes, a remark like that is totally justified. Unfortunately, in the corporate world and in gov't, it's the "Yes" men that are retained along with their incompetent managers. Those who dare speak the truth are doomed in such organizations.

      Fortunately, incompetent organisations usually lose out in the marketplace to more competent competitors, so it all works out in the end (eventually).

    6. Re:IT Professional ?? by rossz · · Score: 1

      It's polite compared to what came to my mind, "are you fucking stupid?"

      --
      -- Will program for bandwidth
    7. Re:IT Professional ?? by fahrbot-bot · · Score: 1

      I replied, very politely, but in front of other people, "Do you even know how computers work?"

      "Do you even know how computers work?" is not a polite response no matter what tone of voice you used.

      I actually wasn't trying to be snarky, I was so startled by the insistence to try something so obviously stupid that I was genuinely curious. As I said, lesson learned.

      --
      It must have been something you assimilated. . . .
    8. Re:IT Professional ?? by ClickOnThis · · Score: 1

      Technically, a "professional" is someone who gets paid for their work, nothing more or less. You're using "professional" in the slang sense.

      A professional is also someone who is worth what they get paid. A professional attitude is not just about being in it for the money -- it's also about making an effort to do one's job well.

      --
      If it weren't for deadlines, nothing would be late.
    9. Re:IT Professional ?? by afidel · · Score: 2

      There are no FC cards designed for a PC, there are only PCI, PCI-X and PCIe FC cards, the only difference between one for an HPUX box and an x86 server might be the firmware flashed on it. It's possible there were Sun specific adapters and they were still producing non-pci models in 1997 when FC first came out, but every card I've dealt with even on Solaris was just a PCI(x) card with a custom firmware image (on QLOGIC cards you can flash back and forth).

      --
      There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
    10. Re:IT Professional ?? by ClickOnThis · · Score: 1

      You include management when you mention professional attitude being about more than just money and making an effort correct?

      Well sort of, but not really. Obviously management has an interest in having professionals who do their jobs well. But so do the members of a profession, because it adds to the inherent value of what they do. They can market themselves as highly competent practitioners who can be counted on to do the job right.

      Companies do not own professions. Their practitioners do.

      --
      If it weren't for deadlines, nothing would be late.
    11. Re:IT Professional ?? by JohnFen · · Score: 1

      That's what I meant by the slang sense, but isn't technically part of the what "professional" means. The only difference between a "professional" and an "amateur" is that the professional gets paid.

  14. Their Fault by Murdoch5 · · Score: 1

    Before you fire the guys in IT, change the passwords yourself and protect the network.

    1. Re:Their Fault by MichaelSmith · · Score: 1

      You need a proper organisation in place to do that. Your IT chief needs a deputy who has access to this stuff and who management can trust.

      --
      http://michaelsmith.id.au
    2. Re:Their Fault by Murdoch5 · · Score: 1

      You always have your IT guys make one account on all servers, that can't be disabled, that reports it's alive every week (or day) and whose access certs are stored out of reach of the IT group. This way when you're going to fire the IT guys, you can always get in, change passwords, lock them out and protect yourself.

      All of the servers I manage have this setup, where the owner of the server has a protected Cert kept off site, in their control and if they ever need access to the infrastructure, they can use it to login, sudo up and kick me out. No one has ever had to use it, but it is there just in case.

  15. inadequate language? by fahrbot-bot · · Score: 4, Funny

    ... suspended Grupe for 12 days for yelling and using inadequate language with his boss.

    So, he wasn't rude enough?

    --
    It must have been something you assimilated. . . .
    1. Re:inadequate language? by freeze128 · · Score: 1

      I don't know why they couldn't fire him WHILE he was suspended.

    2. Re:inadequate language? by TimMD909 · · Score: 1

      ... suspended Grupe for 12 days for yelling and using inadequate language with his boss.

      So, he wasn't rude enough?

      He was rude enough, but didn't sufficiently back up his hypothesis that his boss was a myopic, micromanaging, misanthropic asshole.

  16. Inadequate by phorm · · Score: 1

    I think this was probably supposed to be "inappropriate" language, rather than "inadequate"

  17. whaddya wanna bet by the_skywise · · Score: 2

    That he was arguing over their shoddy security practices and management didn't care.
    First off they didn't revoke his access keys immediately after firing him/letting him resign - for INSUBORDINATION of all things
    Then it took them 3 weeks to figure out anything had been done, almost a day to figure out they just had to reboot the switches and then they had to call in specialists to figure out how to check the switch logs.
    And boy howdy he sure showed them! /s

  18. Re:Not guilty by Anonymous Coward · · Score: 1

    Why, because of his exemplary professional behavior? Also, who would be insane enough to hire him now?

  19. In other words by bobstreo · · Score: 1

    Choo Choo Motherfucker!

    Seriously, if you have suspended/fired/asked someone to resign, Why on Earth would you not either take their security token, or revoke it?

  20. Wait, what?? by roc97007 · · Score: 1

    They didn't immediately turn off his access??

    --
    Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
  21. Not enough info here to judge him..... by King_TJ · · Score: 2

    I mean, I've been in I.T. for about 30 years now and I know there's really nothing "good" that will come of trying to mess up the corporate networks or computers on your way out the door if you're let go.

    But that said? This article really doesn't tell us anything about what the guy was angry about? If you're screaming at your boss, that tells me one of two basic things. Either A) you're just that unprofessional and have anger issues, or B) the company is doing something SO wrong, internally, that they've created a situation where YOU could become the "fall guy" for major problems set up to happen, and you have reason to confront them angrily.

    (Even if option B is true? This assumes you've already exhausted other avenues to get your message across.)

    I agree though. This railroad obviously has shoddy H.R. policies for handling terminations, in any case. Why would you let someone back onto your network once you terminated them?

    1. Re:Not enough info here to judge him..... by thegarbz · · Score: 1

      Sure there's enough info. What could possibly justify him committing an illegal act of industrial sabotage?

      I will judge him. Whatever the situation he was in, he made the wrong decision. Management hurt his feelings? Management raped babies and shot his dog? Doesn't matter. Either way given what he did and what the jury found it sounds like he's up for some time to reflect on his actions.

  22. Stories by Bigbutt · · Score: 1

    Yea, we had a senior DBA way back in the late 80's who quit in a fit of rage, but first formatted his DOS drive. It took me a few minutes to bring up Norton Utilities and undelete everything. A year later, he tried to come back and we declined to even interview him.

    [John]

    --
    Shit better not happen!
  23. Re:Not guilty by deviated_prevert · · Score: 3, Funny

    Why, because of his exemplary professional behavior? Also, who would be insane enough to hire him now?

    Equifax Argentina division, he would most likely do a bang up job securing their servers. At least he knows how to effectively lock down and change admin passwords in a Windows server setup which is a skill that seems to elude Equifax IT specialists.

    --
    This message was not sent from an iPhone because Peter Sellers really was a deviated prevert without a dime for the call
  24. Re:he asked management to resign by Rick+Zeman · · Score: 1

    Little hands, little balls.

  25. This is why we'll never be taken seriously by ErichTheRed · · Score: 1

    People who are somewhat career-minded in the IT field should take this as a "what not to do when you're fired" lesson. Our field is surprisingly small, more so once you get into a specialized industry. Nothing good will ever come of some stupid revenge you get on a bad employer...walking away and getting another job is the mature, grown-up thing to do.

    If a doctor got fired from a hospital, would his last action be to order a fatal dose of medication for all his patients? Probably not, if he didn't want to get buried in malpractice suits and criminal charges. Incidents like this in IT are pretty common...a company close to where I live got all of its VMs and backups deleted when the admin found out they had offshored the IT department. He was caught and ended up in jail, but it just goes to show you that people trusted with IT systems are often not professional. The problem with that is that executives see stories like this, and are told by the offshore IT firms that their companies are vulnerable to "evil rogue admins" -- and their company's admins would never do anything like that!

    Sure, it might be nice to live out the BOFH fantasy, especially if your company is treating you like garbage up to the point they fire you, but shouldn't professionals realize they'll be caught and also realize they probably won't get a job if anyone finds out?

    One of the things I really dislike about IT is that people can just go from place to place, screw up, and walk into their next employer as if nothing happened. It's the equivalent of joining the French Foreign Legion, fighting for a few years and receiving a new identity on the other end. No one in IT would ever agree to a licensed profession, so how do we prevent this from happening?

    1. Re: This is why we'll never be taken seriously by Reverend+Green · · Score: 3, Insightful

      If doctors were treated as badly as IT, a lot more people with be afraid to go to the hospital.

  26. Idiot network admin. by 140Mandak262Jamuna · · Score: 2
    These admin passwords have lots of value in underground markets. And no one can trace the hack back to him.

    The rail road should consider itself lucky it got off with just this much damage. It could have been a lot worse.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  27. Re:Of course by Anonymous Coward · · Score: 1

    And then you get mad that we hire folks from India and Pakistan. When is the last time one of them did something like this?

    Ask House of Representative Democrats...

  28. Has to be said.... by RajagopalNarasimhan · · Score: 1

    âoeHelluva way to run a railroadâ

  29. Canadian Pacific was actually his second choice by Applehu+Akbar · · Score: 1

    First he wrecked the entire IT system of Air Canada and completely deleted the company’s customer service capability, but found that nobody noticed, because AC always runs that way.

    1. Re:Canadian Pacific was actually his second choice by ve3oat · · Score: 1

      because AC always runs that way.

      Now that's funny! Mod him up, please. Although the above comment was in jest (I think), I am Canadian and can completely believe that this might have happened at Air Canada. And at Rogers Cable too. It would explain so much. My god, that guy really did get around! I'm still chuckling ...

  30. Re:New killer app by xevioso · · Score: 1

    You realize that one of the iPhones first mega successful apps was a fart app, which was funded.

  31. Re:New killer app by sexconker · · Score: 1

    This is just preliminaery

    phone.display.poop_emoji

    vr_subsystem.aroma.disperse('hydrogen_sulfide')

    phone.vibrate

    I am an angel investor and would like to offer you $10,000,000 for a 51% stake.

  32. He could have just used a service account by richrz · · Score: 1

    Most admins can use service accounts that have much too much power.

  33. Stupidity on both sides by DaMattster · · Score: 2

    It takes two to make a squabble. If you're the company and you're going to fire someone that has access to critical network and server infrastructure, you cancel all of their access and security privileges immediately - it's never a good idea to practically allow the terminated employee to royally fuck things up for you. If you're the IT pro, you don't use access IDs and tokens with your name attached to them - that's just like robbing a bank, calling the cops with your own personal cell phone, and telling the cops that show up that you're guilty.

  34. NEVER burn your bridges by Fencepost · · Score: 3

    Aside from the things the company did wrong (and firing network admins is always difficult), the real stupid move in this story is the sabotage.

    This guy will likely never get hired as an IT staffer again. Sure the company was going to fire him, but in the modern world of "All we can confirm is that he was employed here from X to Y" his reason for departure was going to be an interview question, not something that was going to come up in reference checks. Now even ignoring that searching for his name is going to bring this up, he can't network for jobs with anyone he worked with, anyone who know those folks, and probably out to the second degree.

    I guess that's one way to make sure you follow through on your dreams of a career change.

    --
    fencepost
    just a little off
    1. Re: NEVER burn your bridges by Fencepost · · Score: 1

      That's reasons to quit. The bridges I'm talking about are former coworkers that you can network with, not showing up on a Google search, and simply being able to list that company on your employment history without them being able to say "oh, well, you probably need to check the criminal complaint."

      --
      fencepost
      just a little off
  35. CP has its own Police too. by Anonymous Coward · · Score: 1

    Yup, they actually have police powers within 500 meters of any CP property: http://www.cpr.ca/en/safety/cp-police-service

    So many Canuck homes may be technically under CP authority.
    How strange is that? Few private corps have direct powers like that.

  36. Re:he asked management to resign by Darinbob · · Score: 1

    Naw, you'd need bigger balls than that. Remember, any sufficiently advanced level of ignorance is indistinguishable from chutzpah.

  37. It's people like that... by gavron · · Score: 1

    ...that give Canadians a bad name. Now we don't think they're all Dudley Dorights.

    E

  38. Don't Hire Americans by Anonymous Coward · · Score: 1

    This is further proof that you should never hire an american to run your IT infrastructure. Americans, particularly the white males, have a high chance of trashing the place while throwing a tantrum because you challenged their privilege. An H1B would have been better qualified and cheaper, or a wholly offshore company to outsource to would have also been a great choice. And neither of which would have done what this guy did.

    1. Re:Don't Hire Americans by jpaine619 · · Score: 2

      You know you are a racist asshole, right?

  39. and gear like that is at level where AD should not by Joe_Dragon · · Score: 1

    and gear like that is at level where AD should not be and for stuff like fire suppression, alarm systems the alarm place has remote and do you want them to have remote into the your AD system? the fireman may need an printed admin or full rights maybe other then (account changes) password at the local command station as well.

  40. Stick it to the man, 'eh? by Chessucat · · Score: 1

    Sound about right.

    --
    "I'm a dirty white tomcat, enter my world..."
  41. reboot fixed it was the plan to have stuff fail an by Joe_Dragon · · Score: 1

    reboot fixed it was the plan to have stuff fail an then get his job back as being the only person who knows about the network?

  42. How appropriate... by XSportSeeker · · Score: 1

    ...it's a trainwreck.

  43. Inadequate language by BrianMahoney1357 · · Score: 1

    I'm thinking too many verbs and not enough adjectives. Dangling participles might be part of it, too.

  44. Asked management to resign. by BrianMahoney1357 · · Score: 1

    Do you think he asked them all to resign or just his immediate supervisor?

  45. Proving once again... by rickb928 · · Score: 1

    The value of documentation.

    --
    deleting the extra space after periods so i can stay relevant, yeah.