A Florida woman who believed she was about to get fired has been accused of deleting $2.5m worth of computer files to seek revenge on her employer. Jacksonville Sheriff's officials say Marie Lupe Cooley, 41, used her own account credentials to access the server of Steven E. Hutchins Architects and delete seven years' worth of …
wot, no backups?
How can a business have such a high value of assets unprotected (from hardware failure) by keeping them on just a single server?
What if they had a fire, or disk failure, or someone nicked the whole damn box. It amazes me just how irresponsible businesses still are, even after decades of banging on about security and backups and redundant copies we still get businesss who rely on the pure dumb luck that theor box won't fry itself, or some trainee won't accidentally reformat something.
If your data is worth $2.5m, you would have a good backup. Don't you?
May be more than one, if they are really critical.
"He declined to say if he had stored backups of the files"
So in other words they didn't have any. Who would they be blaming if they'd had a hard drive die on them? Strikes me that this employee maliciously wiping the data is somewhat incidental.
backups or no she's still a crazy cow who tried to inflict criminal damage on her employer.
The guy probably doesn't know what a hard disk is.
@ all of you crying "backups" / Darren Coleman
Maybe they didn't. Maybe they did, and he doesn't want to reveal that. Maybe the backups were a little old, and the latest versions were made of blood, sweat and tears. Either way, it still doesn't excuse the deliberate deletion of them on nothing more than a vague guess. "Incidental" my arse.
Regardless of the firm's data backup policy, she was still a paranoid, disrespectful cow. I think you're all rather missng the point somewhat.
c:\freezta\dllbackup.16\43677aebcdd887621\ibmdos\undelete.com c:\lastus~1\mydo~1.5* /s /yes
Re: Anonymous Coward
Don't think anyone is saying that she isn't fully to blame for this incident, nor that she shouldn't face the full legal consequences. However, whether she maliciously wiped the data or a vital component on the server died of its own volition (which if anything is more likely to happen than scenario) - the result would be the same.
I have little sympathy for companies who don't operate backup policies commensurate with the value of the data they are looking to protect. I also don't see why a company would necessarily be clandestine about whether they had backups or not, unless of course they didn't have any.
Sounds like an **AA calculator...
..though it is missing a few zeros for that..
Backup... We don't need no stinkin' backups...
We just found out that our company doesn't backup our engineering servers. Luckily for me, I keep a duplicate copy on my workstation due to people screwing up files on the server. No use putting myself through the hassle of working harder due to someone else's problems.
Of course, I would have been cheaper to pay me the same as our I.T. guys and just have me stand around and back up the systems.
Now, I don't know the cirmcumstances, but if the work environment resembled the one that I work in, I could understand it. I don't really care for the 'she should have just quit' argument, because that's a cop-out for dealing with the fact that something was really wrong between her and the company. That kind of attitude just doesn't magically appear.
An architect valuing stuff at 2.5 million is probably a couple of orders of magnitude out added with a dash of exaggeration (fee payers doncha know?)
Hasn't anyone told the architect of Time Machine?
There data was not "worth 2.5 million". The projects the data were for might have been worth that much at one point, but I really doubt that if the data itself was really worth that much that they would not have any backups whatsoever. Sounds like something a lawyer, system admin or manager would come up in order to qualify for a better insurance payout in this case. Hell, I've assigned such fake values to data myself in order to qualify for a better backup budget. I can see why they did it, but in this case they are lying to the court.
Maybe she killed the backups too?
If she's the sysadmin, she's presumably in charge of the backups. If she's going on a deletion rampage, why not send the backups for a dip in the Atlantic while she's at it?
Fire them all!
(Probably no off-site backup for the backup either.)
The data could easily have been worth that much. How many hours of work? How many people working? How much per hour?
It stacks up pretty quickly.
"It was not a sensationalistic amount of money," he told El Reg, referring to the fee he paid a consultant to dredge up the discarded architectural drawings.
I can see this conversation quite clearly in my head.
- Help! I have 2.5Bn USD worth of data DESTROID *cries*
- Err, ok, it will cost you 1m USD
- TAKE TWO! Just recover my data
A quick recovery with *any recovery program on the market* and, “where do I get my 2m USD?”
What can a consultant possibly do... unless she physically took the hard drives out of the severs, and through them from the 20th floor, or whipped the hard drives several times (unlikely) any bloody child can recover the data.
P.S. why am I never around when such morons are looking for a “consultant” I can even make it look good, by running cmd.exe full screen, and typing stuff just like in the movies...
If the drawing were ever required during the life of the building, they would be worth a substantial amount to the architect.
It's unlikely that he would require all of the seven years worth. Any idea how many building that might entail? 7 years worth of work or 4 hours worth of deletion.
Sounds substantial either way. And CAD software isn't that cheap either. I think 2.5 M sounds fair. I would certainly press for higher damages than the cost of the IT resolution.
Pity they can't.
At least no lasting damage was done, quite the reverse. They learned a useful lesson that may stand them in good stead if they ever lose an hard drive/raid array and they got rid of a really nasty person.
No loss there. And the bill is tax deductible, I imagine.
A good result was had by all.
Maybe even a party after her sentence.
> If she's the sysadmin...
And if she isn't then she shouldn't have been able to do this anyway. But, like the backup question, we can only surmise. Bet she wasn't and there were no backups, though.
The only way of really deleting data (that wasn't backed up to another location), is to delete it from the hard-drive AND afterwards fill up all the remaining space with something else - it's enough even to copy and multiply all the files that still remain on the hard-drive.
Takes a bit, but it's sure not to be recoverable without any backup to another location.
A normal delete (and i don't mean "send to Recycle Bin delete) only marks those files for deletion, and removes them from display - but there are at least a few tens of programs for every OS that can scan the hard-drives and recover files that were marked for deletion before anything is overwritten on that space.
its the cost of man hours to draw them. remaking them would cost more. I belive the owner did not have backups quote from the Jefferson himself "The lesson to be learned here is that you can't depend on having just one set of records or files and having your employees have access to them. You've got to have some kind of backup"
@ AC:Date recovery
"A normal delete (and i don't mean "send to Recycle Bin delete) only marks those files for deletion, and removes them from display"
Erm... you're posting comments like that on El Reg? The site where everybody knows an rm -rf / when it leaps up and tries to bite them? I don't think you have to insult our intelligence by explaining that the Recycle Bin doesn't actually delete files...
Personally, I'd boot Knoppix and leave it running overnight with dd if=/dev/zero of=/dev/hda bs=64M count=10000000 or something. shred -n2 /dev/hda is an option too. Honestly, there are a million ways this situation could have been a lot worse.
A note to all employers / team leaders
This is why you are ALWAYS open with your staff about ANY open positions in your company, and if it is in a different office, be specific which office! The simple fact of the matter is that employees rely on their job to feed their families and pay their rent. Without proper information about open positions (and especially one that has not been internally announced) they are likely to become paranoid and even resort to crazy acts of desperation or "revenge" in cases where they feel or indeed there job is being taken away from them...
I am not trying to justify it, I am merely saying... this is a real risk factor that employers everywhere should consider any time they advertise a job. Have an internal bulletin board, or simply mail it out to the staff - say who is doing the employing, which office they will work in, and what the job description is... Furthermore, don't go over the top with secrecy when engaging business discussions with other companies unless its absolutely necessary (if there is an NDA in place for example)... people always fear the worst when they know something is going on but the boss doesn't tell them... ironically, 90% of the time, whatever it is will not effect that person..... Avoid open plan offices as much as possible - if this is not possible, encourage employees to use a meeting room if they need to have private business discussions. Most discussions in an open plan office must be whispered, as not to disturb other employees... employees in close proximity can sometimes get the idea that it is them whom is the subject of discussion... and then of course, the ensuing paranoia.... I have seen this happen so many times..... Just sit down and think about all the times YOU have been paranoid, what caused it, and what changes you can make as a boss to prevent that from occurring in your office....
Took a long time
Either she didn't have a clue what she was doing, or in that FOUR HOURS(!) she was there, she'd have had ample time to mess with the on-site backups.
However, the interesting part is that they're probably going to try for damages at the value of the files - files that they already admit aren't lost.
In other words, the actual damages are only the actual files still lost, downtime, fee to the data recovery expert, and time to assess the restored files. I'm sure they'll pad that figure as much as possible but I'm suspecting that if it were just a basic mass file deletion the total shouldn't be over $15K or so and not knowing the circumstances, might've actually been quite a bit less (or more).
@ Data Recovery
Every OS also has a method of really removing files from the HDD instead of the normal marked for free space method done to save time the usual way. Really without knowing how she did it all talk is pointless.
Never mind this backup crap: "It was not a sensationalistic amount of money" the guy says.
Doesn't he mean 'sensational'? Surely we can count on El Reg to smooth over little linguistic cock-ups like this - unless they want us to laugh at the person involved, of course ....
That's why, if you want to make sure something is deleted, you should first keep saving junk data until the drive is full (high DPI scans in .bmp format, and recordings of static in .wav format, are particularly good wastes of space), *then* delete it. Now the only free space to save anything, is where you just deleted your unwanted files from. Keep saving more junk (smaller files this time) till the drive is full again. This means the space formerly occupied by your unwanted files must have been overwritten. Then remove all the junk and finally, defragmentate the disk.
Evil penguin-shagging communists (TM), of course, can just use `dd if=/dev/zero of=/path/to/foo` to overwrite a file with zeros.
"In other words, the actual damages are only the actual files still lost, downtime, fee to the data recovery expert, and time to assess the restored files."
How about that awful, head spinning, stomach churning moment when you first access the file server and THERE'S NOTHING THERE!? - That sudden injection of adrenaline has got to shorten the operator's life span by at least an hour. Must be worth a few quid, surely?
No languange massacre..
Nope, think he meant sensationalistic. I.e. the figure given wasn't meant to stir up the media. It was believed to be a realistic figure.
Given fines for not being able to produce those, cost to redo them if necessary, so on, so forth, 2.5m is not a very high figure for several years of commercial data.
@ Stephen Jackson
Well, I can agree with what you wrote, generally. But here the advertised job was at another company.
I'm sorry, but I don't think every boss in a company has some duty to call a meeting and announce that his wife's small company is hiring a sysadmin. Heck, as an employee, I don't even want to know that kind of stuff.
And if anyone did, it would just look to a lot of people (myself included) like he's maybe trying to recruit from our company. Now that's a recipe for paranoia. I mean, does he know something we don't, if he's trying to transfer (only) some people to his wife's company? Is ours going under, or about to be sold, or what?
Finally, just to chime in the chorus, that still doesn't excuse such actions. Even seen strictly through the glasses of "employees rely on their job to feed their families and pay their rent"... guess what? So do her co-workers. Trying to get the company into trouble will affect those too, you know?
She tried too hard.
Any BOfH knows that a rubber mallet to the side of the HDD caddy is the way to go. Try recovering data when you've got a 1mm scratch across 60% of the platters from panel-beating the casing until the server drops a brick!
5 mins tops. 2 for Server 2003.
Re: fake value
We don't have enough data to make that kind of a judgment.
E.g., I happen to know first hand that here in Germany (but probably in the UK and USA too) there's a _legal_ obligation to keep any business-relevant documents for a number of years. If anything on that server fell into that category, the company could easily end up paying that much just in fines.
We also don't know such details as what contracts they had with their clients. _If_ any contractual obligations required them to keep that data, breech of contract fines are again routinely measured in millions.
We also don't know how those related to their current business plans. I can imagine they would reuse some of that stuff in newer contracts. Either ending up having to hire more people to redo those from scratch, or ending up unable to finish a current project on time, _do_ cost money.
Basically just because you don't understand business and pulled numbers out of the rear end, it doesn't mean that everyone else is, you know?
A.J.Stiles are you insane, why not just let a free programme like eraser do it for you. Press one button and go for lunch, job done.
I thought Lindsay Anderson decided that 'if' had to be followed by four dots....
Don't shit on your IT staff
All employers should remember this. My last firm decided to outsource the IT dept. The fools gave us a weeks advance warning of what was about to happen. In that time I hid an account with full administrator priveledges. I never actually used it but their so-called IT experts never found it before I left.
heh heh, a better way to screw with the company
I wonder what the legal status would be if she hadn't deleted the files, just encrypted them?
The data's still there, so nothing's been stolen. Yo umight argue "criminal damage", but if she could demonstrate that when restored, they hadn't been damaged, woudl that argument hold up?
So long as she didn't ask for money for the encryption key, there's no extortion angle.
4 Hours?!? Not only that, but the data was recoverable! This is why professionals are required in IT, and it must be why people keep talking about a skills crisis.
At one job I had when everybody was being made redundant around us I remember having a semi joking discussion about how much we could write off quickly when they came and told us we were redundant.
We would have needed no more than a few minutes to inflict quite serious damage, Hard drives and the backup tapes would have been floating down the river flowing just past the building to take care of the data, and to make things a little more interesting we could have taken wire cutters to the fiber cables delivering the isdn30, main net connection and the backup ADSL.
Oh, and pulling every cable out of the patch cabinet, and bottles of any random fizzy drink could have gone over the boards in the telephone switch and servers. At the most that would have taken 15 minutes with a good part of the time walking the drives to the river. I don't think anybody would get that system back up in operating condition very quickly.
But yeah. We did get made redundant and we didn't actually do any of it.
AC, because... erm, well. Yeah.
I used to use a great little program called "Nap n Coffee", which faked a hard disk defrag and could lock out any use for the computer until it was done. Of course you could set it to last as long or as short as you liked... and nothing was changed on the computer... ideal for bumping up those 'consultant' fees.
It may have COST 2.5m to create the data, but once it's used, it's worthless. Well nearly.
I can drink £30,000 champagne. It cost that. But once I've drunk it, it's a weird person who'd pay £30,000 for the result...
READ THE FRIKKING ARTICLE
The position advertised was for an ADMINISTRATIVE ASSISTANT. A glorified secretary. NOT for a Sysadmin. She probably just "deleted" the files, rendering them invisible, but not removed, and I will bet that she didnt know how to do anything else.
From the sound of it the office is small and probably doesnt have a system/network adminitrator, the boss probably fulfils that role.
Paris because that's what most of the comments above deserve.
Who's to say that during those 4 hours, she wasn't creating her own personal set of backups for future use prior to the deletion of the data ?
Potential blackmail ????
What ever happened to innocent until proven guilty?
"Regardless of the firm's data backup policy, she was still a paranoid, disrespectful cow. I think you're all rather missng the point somewhat."
Presumably they have more evidence than "someone logged in using her username and password" because that sounds like the sort of evidence that any half competent lawyer would demolish in about ten minutes.
@-@ AC:Date recovery By Anonymous Coward
Just jump down off your horse there for a mo, and give El Reg credit for being read by, and educational for, more than just speaky in a freaky computy way people.
Having said that, your post did offer handy information, so you're almost forgiven for assuming.
Backups or no backups...
...what this shows is that a good configuration management process would simply not have allowed this to happen. Furthermore, with a full audit log of every change and modification performed to the files, she wouldn't have been able to sabotage the drawings in other ways, either.
Deleting the drawings wouldn't have been the worst thing that could have happened, by the way: She could have done something *really* nasty, like re-designing a building so it was fatally weakened - potentially costing many lives when it was completed.
I'm amazed at how many businesses (even IT businesses) do not have the faintest clue about CM, despite its importance to their continued survival. That said, many more seem not to realise the risk of hard discs crashing, data being corrupted - or even having a burglar break into their premises and nicking the lot.
Outsourcing the admins
One account of ours outsourced their admin stuff to something like Geeks. The boss deleted all admin accounts upon escorting the admins out the door. Opps. Seems like the DNS server, backups, etc were all tied to those accounts, hence no backups. 6 days later the hardware (disk drives) crashed due to power loss. The company begged the former admins to "help us out", the new outsorce admins know nothing about the system setups. Former admins suddenly had a memory loss. It took the new outsource admins 2 weeks to figure some stuff out and eventually just simply created new servers. The real problem is now anytime you call to have anything done it's always a "we don't know" answer since the marketing company is just that now--marketing and no computer knowledge at all.
If she was good enough to re-design the frigging building, would she be an admin assistant ?? Go straight to CIA, Langley, do not pass "GO", do not collect your "Get out of Gitmo,free" card !!
Anyway, why is that nosy bitch snooping around looking into things that don't concern her ?? If she hadn't been snooping around, none of this will have happened; so any other details are moot !! No lawyer can get her out of that !!
Why do you even give employees permission to delete 2.5mills worth of data?
Must've been using a windows server...
CNN said the man paid "good money" to get the data recovered. Undelete is such a good program . . . and cheaper than 2.5 million.
Anyone else note that she was looking through the help wanted ads?
would rather be in jail than on the street. Over here jobs are dear and the loss of a job can mean the end of a semi normal life. You know instead of a pay check you are looking for homeless shelters and hand outs. I live in a town of 56k and we have a 16 to 18% unemployment rate, people will kill to stay employed. Time are tough in George the younger's new Reich.
I'm sorry, but...
I'm not hanging around here if people are going to use language like "defragmentate ".
Surely we must preserve some level of decency here?
- Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
- Analysis Oh no, Joe: WinPhone users already griping over 8.1 mega-update
- Leaked pics show EMBIGGENED iPhone 6 screen
- Opportunity selfie: Martian winds have given the spunky ol' rover a spring cleaning
- OK, we get the message, Microsoft: Windows Defender splats 1000s of WinXP, Server 2k3 PCs