Slashdot Mirror

← Back to Stories (view on slashdot.org)

IT Admin Trashes Railroad Company's Network Before He Leaves (bleepingcomputer.com)

Posted by msmash on from the stranger-things dept.

Catalin Cimpanu, writing for BleepingComputer: A federal jury in Minneapolis, Minnesota found a local man guilty of intentionally damaging his former employer's network before leaving the company. The man's name is Christopher Victor Grupe, 46, and from September 2013 until December 2015 he worked as an IT professional for the Canadian Pacific Railway (CPR), a transcontinental railroad based in Alberta, Canada. Things went sideways in December 2015 when CPR suspended Grupe for 12 days for yelling and using inadequate language with his boss. When the man returned to work following his suspension on December 15, management told Grupe they were going to fire him for insubordination. According to court documents obtained by Bleeping Computer, Grupe asked management to resign, effective immediately. He promised to come back the following days and return company property such as his laptop, remote access device, and access badges. He did return the items, as promised, but not before taking the laptop for a last spin inside CPR's network. Court documents show Grupe accessed the company's switches and removed admin accounts, changed passwords for other admin accounts, and deleted log files. When done, Grupe wiped his laptop and returned it to CPR's Minnesota office on December 17, two days after he resigned.

38 of 212 comments (clear)

  1. What an Idiotic Company by Anonymous Coward · · Score: 4, Insightful

    Why do you leave somsone's access privileges in place when you're in the middle of firing them?

    IMHO, they deserved what they got.

  2. And this is why you disable accesss..... by Drakonblayde · · Score: 5, Insightful

    *before* you tell someone you're going to fire them.

    1. Re:And this is why you disable accesss..... by Anonymous Coward · · Score: 5, Informative

      That assumes competent people, in HR as well as in IT. Competent people cost money, "management" does not want to spend money, obviously, if "management" tells an admin with full network access, they are going to fire him...

    2. Re: And this is why you disable accesss..... by K.+S.+Kyosuke · · Score: 2

      This may be problematic if you're going to fire the very person that would be performing said actions. In a perfect world, you'd perhaps contract someone in a hurry. Maybe we're living in an imperfect world, though.

      --
      Ezekiel 23:20
    3. Re: And this is why you disable accesss..... by JohnFen · · Score: 5, Interesting

      This may be problematic if you're going to fire the very person that would be performing said actions.

      Who has only one person that has admin access to their systems?? What if that person gets hit by a car or quits without notice or something? Shit happen, after all.

      That's as insane as telling someone they're being let go before you remove their credentials.

    4. Re: And this is why you disable accesss..... by K.+S.+Kyosuke · · Score: 3, Insightful

      It's almost as if they were incompetent in general...

      --
      Ezekiel 23:20
    5. Re: And this is why you disable accesss..... by Chris+Mattern · · Score: 3, Insightful

      This may be problematic if you're going to fire the very person that would be performing said actions

      If you've only got one person who can do this, then you already have a very large problem.

    6. Re: And this is why you disable accesss..... by jordanjay29 · · Score: 4, Insightful

      Or if fellow IT members don't agree with firing them. Or they give fired employee a heads up before the meeting. "Hey Chris, they just asked me to remove your access, something's up."

      You basically need the IT head (who, if they can't be objective, can at least be counted on to be professional) in HR's office or on the phone before the fired employee leaves the room and make sure it's done.

    7. Re: And this is why you disable accesss..... by decep · · Score: 5, Funny

      What if that person gets hit by a car

      Or a train...

    8. Re:And this is why you disable accesss..... by sexconker · · Score: 2

      It also assumes you CAN disable access on everything the person has access to.

      There's plenty of gear, often at the critical infrastructure level (be it network, power, building monitoring, fire suppression, alarm systems, etc.) that would need a manual touch to change out the lowest level password. Not everything integrates into AD or some management portal, and even the stuff that does usually has a lower-level mode of access.

    9. Re:And this is why you disable accesss..... by Snotnose · · Score: 4, Interesting

      *before* you tell someone you're going to fire them.

      CSB. One morning some 20 years ago I was in the sysadmin's office talking to him when some guy popped his head in and said he couldn't log in. Sysadmin said "damn, that wasn't supposed to happen until next week".

      Sure enough, next week there was a layoff and the guy who couldn't log in was one of the head reductees.

  3. Well... did they? by rfengineer · · Score: 5, Funny

    "According to court documents obtained by Bleeping Computer, Grupe asked management to resign..." What was management's answer when asked to resign? Did they?

    1. Re:Well... did they? by freeze128 · · Score: 4, Funny

      I had no idea I could just ask management to resign. I'm totally going to do that from now on.

    2. Re:Well... did they? by Rei · · Score: 5, Funny

      Employee: "I've been working project you assigned me last but I don't have enough to get it done."
      Boss: "Excuse me?"
      Employee: "Do you not want me to the project or should I instead?"
      Boss: "... Can you please use adequate language when speaking with me?"
      Employee: "Go yourself."

      --
      I'll BUILD someone to replace you. Some kind of gamma-powered monster, with a heart as black as coal!
  4. Huh? by msauve · · Score: 3, Informative

    "...using inadequate language..."

    ITYM "inappropriate."

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
  5. And programmer [Re:What an Idiotic Company] by XXongo · · Score: 4, Insightful
    And what an idiotic IT professional! You'd think he'd have enough sense to not leave his fingerprints all over the sabotage.

    IMHO, they deserved what they got.

    1. Re:And programmer [Re:What an Idiotic Company] by ShanghaiBill · · Score: 4, Insightful

      Anyone who plans to sabotage anything like this on the way out the door deserves everything that comes to them

      Sure, the sabotage was criminal and wrong. But leaving access enabled was still stupid, especially when they knew this guy was irrational and had anger issues.

      Burglars should go to jail, but I still lock my front door.

    2. Re:And programmer [Re:What an Idiotic Company] by bsolar · · Score: 2

      Being stupid no, but being negligent could very well be.

    3. Re:And programmer [Re:What an Idiotic Company] by Pig+Hogger · · Score: 2, Funny

      The asshole IT admin wasn't smart enough to cover his tracks.

      What the simple fuck did he think was going to happen next?

      Getting railroaded?

  6. inadequate language [Re:Huh?] by XXongo · · Score: 4, Funny

    "...using inadequate language..."

    I never realized it before now, but I have exactly that problem, inadequate language to deal with my boss

  7. Busted by the logging buffer... by Drakonblayde · · Score: 3, Informative

    So reading through the article, it looks like he was smart enough to get rid of the records of his access on the logging servers, but got caught because he forgot to clear the logging buffers on the network gear.

    Hope it was worth it!

  8. Stupidest managers ever by argStyopa · · Score: 5, Insightful

    "We've found you SO insubordinate that we have to FIRE you from the company. But yes, we trust you Mr NetAdmin, to take your company laptop home with you."

    Jesus. He's in trouble, but I hope for humanity's sake THEY didn't reproduce.

    --
    -Styopa
    1. Re:Stupidest managers ever by barc0001 · · Score: 3, Insightful

      As a Canadian who is familiar with various aspects of CP Rail, yeah, they are *that* stupid. The only reason they're profitable is inertia and little competition other than CN, who also has similar intelligence problems.

    2. Re:Stupidest managers ever by stephanruby · · Score: 2

      No, you just don't get it.

      The physical laptop is not what really matters. A laptop can be copied. Revoking the credentials is what should have been done.

      It's just like if your bag gets stolen and someone drops your credit cards and your house keys on the front porch of your house. It's nice that those items made their way back to you, but it doesn't mean it's over and you better be sure to change your locks and cancel those credit cards in case someone made copies and eventually tries them out. It's the only sensible thing to do.

      In this case, the employee probably left his laptop at home after his suspension, since he probably knew that he was going to get fired. But that still does not excuse the incompetence of his upper management. They needed to remove his access as soon as they found out he was being difficult.

  9. IT Professional ?? by nomad63 · · Score: 3, Interesting

    Really ? They call him a "Professional" ? On what basis ? Professionals do not scream at other people and use profanity, let alone to their bosses. And when professionals understand that their services are not wanted, they just leave quietly unless their opinions are explicitly wanted, at which point they can criticize their superiors skills or lack there of, using a proper language. Trashing an ex-employer's equipment is childish at best. Far from being a professional. Regarless how bad your management may be. Definitely in the list of "Absolute no-no's" of a professional.

    --

    __________
    The more I know people, the more I love animals
    1. Re:IT Professional ?? by JohnFen · · Score: 2

      They call him a "Professional" ? On what basis ?

      Technically, a "professional" is someone who gets paid for their work, nothing more or less. You're using "professional" in the slang sense.

    2. Re:IT Professional ?? by JohnFen · · Score: 2

      I replied, very politely, but in front of other people, "Do you even know how computers work?"

      "Do you even know how computers work?" is not a polite response no matter what tone of voice you used.

    3. Re:IT Professional ?? by zilym · · Score: 2

      So, did everyone in the room burst out laughing? :-)

      Sometimes, a remark like that is totally justified. Unfortunately, in the corporate world and in gov't, it's the "Yes" men that are retained along with their incompetent managers. Those who dare speak the truth are doomed in such organizations.

      Fortunately, incompetent organisations usually lose out in the marketplace to more competent competitors, so it all works out in the end (eventually).

    4. Re:IT Professional ?? by afidel · · Score: 2

      There are no FC cards designed for a PC, there are only PCI, PCI-X and PCIe FC cards, the only difference between one for an HPUX box and an x86 server might be the firmware flashed on it. It's possible there were Sun specific adapters and they were still producing non-pci models in 1997 when FC first came out, but every card I've dealt with even on Solaris was just a PCI(x) card with a custom firmware image (on QLOGIC cards you can flash back and forth).

      --
      There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
  10. inadequate language? by fahrbot-bot · · Score: 4, Funny

    ... suspended Grupe for 12 days for yelling and using inadequate language with his boss.

    So, he wasn't rude enough?

    --
    It must have been something you assimilated. . . .
  11. whaddya wanna bet by the_skywise · · Score: 2

    That he was arguing over their shoddy security practices and management didn't care.
    First off they didn't revoke his access keys immediately after firing him/letting him resign - for INSUBORDINATION of all things
    Then it took them 3 weeks to figure out anything had been done, almost a day to figure out they just had to reboot the switches and then they had to call in specialists to figure out how to check the switch logs.
    And boy howdy he sure showed them! /s

  12. Not enough info here to judge him..... by King_TJ · · Score: 2

    I mean, I've been in I.T. for about 30 years now and I know there's really nothing "good" that will come of trying to mess up the corporate networks or computers on your way out the door if you're let go.

    But that said? This article really doesn't tell us anything about what the guy was angry about? If you're screaming at your boss, that tells me one of two basic things. Either A) you're just that unprofessional and have anger issues, or B) the company is doing something SO wrong, internally, that they've created a situation where YOU could become the "fall guy" for major problems set up to happen, and you have reason to confront them angrily.

    (Even if option B is true? This assumes you've already exhausted other avenues to get your message across.)

    I agree though. This railroad obviously has shoddy H.R. policies for handling terminations, in any case. Why would you let someone back onto your network once you terminated them?

  13. Re:Not guilty by deviated_prevert · · Score: 3, Funny

    Why, because of his exemplary professional behavior? Also, who would be insane enough to hire him now?

    Equifax Argentina division, he would most likely do a bang up job securing their servers. At least he knows how to effectively lock down and change admin passwords in a Windows server setup which is a skill that seems to elude Equifax IT specialists.

    --
    This message was not sent from an iPhone because Peter Sellers really was a deviated prevert without a dime for the call
  14. Idiot network admin. by 140Mandak262Jamuna · · Score: 2
    These admin passwords have lots of value in underground markets. And no one can trace the hack back to him.

    The rail road should consider itself lucky it got off with just this much damage. It could have been a lot worse.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  15. Stupidity on both sides by DaMattster · · Score: 2

    It takes two to make a squabble. If you're the company and you're going to fire someone that has access to critical network and server infrastructure, you cancel all of their access and security privileges immediately - it's never a good idea to practically allow the terminated employee to royally fuck things up for you. If you're the IT pro, you don't use access IDs and tokens with your name attached to them - that's just like robbing a bank, calling the cops with your own personal cell phone, and telling the cops that show up that you're guilty.

  16. NEVER burn your bridges by Fencepost · · Score: 3

    Aside from the things the company did wrong (and firing network admins is always difficult), the real stupid move in this story is the sabotage.

    This guy will likely never get hired as an IT staffer again. Sure the company was going to fire him, but in the modern world of "All we can confirm is that he was employed here from X to Y" his reason for departure was going to be an interview question, not something that was going to come up in reference checks. Now even ignoring that searching for his name is going to bring this up, he can't network for jobs with anyone he worked with, anyone who know those folks, and probably out to the second degree.

    I guess that's one way to make sure you follow through on your dreams of a career change.

    --
    fencepost
    just a little off
  17. Re: This is why we'll never be taken seriously by Reverend+Green · · Score: 3, Insightful

    If doctors were treated as badly as IT, a lot more people with be afraid to go to the hospital.

  18. Re:Don't Hire Americans by jpaine619 · · Score: 2

    You know you are a racist asshole, right?