back to article Disgruntled admin gets 63 months for massive data deletion

An IT manager who sought revenge for an unfavorable job evaluation was sentenced to more than five years in federal prison after being convicted of intentionally triggering a massive data collapse on his former employer's computer network. Jon Paul Oson, 38, of Chula Vista, California, was sentenced to 63 months behind bars and …

COMMENTS

This topic is closed for new posts.

Page:

Stop

Ehh...

"The court said that Oson seemed to think that he was the smartest guy around but, as often happens, he ran into someone smarter (the FBI)."

What. Ever.

0
0
Silver badge
Dead Vulture

Blame a Kiwi!

With a name like "kuku" I'd be looking for a New Zealander. I've worked at two places where the servers were named with Maori bird names. Kuku (also Kereru) is the NZ wood pigeon.

0
0
Flame

Burn the witch

Oh, wrong article. I think being in stocks and a crowd of affected patients would perhaps deal out a better punishment. Pity his family has to put up with him.

0
0
Tom

In the words of Hans Gruber

"You asked for a Miracle, I give you the F B I"

Thats my Die Hard quote for the day.

0
0
Thumb Up

Nice One

*DestroysPrinter* :p

In all serious, how did they know that "A second PC happened to contain drivers for the HP 2100 and a LaserJet 4M"?

Pretty clever to figure it out using clues such as that though

0
0
Anonymous Coward

Terminal Services probably gave him away

When one connects to a windows computer using terminal services, all of his printers are helpfully connected to a remote machine and the proper drivers are installed.

This may have been the FBI's clue.

0
0
Gates Halo

How did they know about the printers?

At a guess, I'd say MS Remote Desktop. The client has a default setting that maps local printers to the terminal server. The client will advertise all of its local printers to the terminal server, and if the server has a matching driver, the printer will map. This is all recorder in the event log.

Bill, holy, because his software led to the guy being caught.

0
0
Alien

be afraid the FBI will get you

I hate these warning stories about the FBI can find data on your PC wiped 5 times,or by the printer used etc...The issue isn't if they can do this, the issue is will they? If you delete some company data the FBI will come and get you? They have better things to do, but to be safe don't open your closet, the boogie man will get you

0
0
Silver badge
Flame

Retarded Idiot, and a dangerous one at that.

Nevermind that he didn't cover his tracks well. He's all well deserving the prison time by willfully destroying patient records! He even shut down the backup systems, so it isn't like he intended to do a one-day scare; he practically slaughtered the entire hospital's record!

This guy deserves no parole, no mercy, and a really mean cellmate.

0
0
(Written by Reg staff)

@Keir Snelling

"At a guess, I'd say MS Remote Desktop. The client has a default setting that maps local printers to the terminal server. The client will advertise all of its local printers to the terminal server, and if the server has a matching driver, the printer will map. This is all recorder in the event log."

Remote Desktop is exactly correct. Should have included that detail in the story.

0
0
Anonymous Coward

What price vengeance?

It's one thing to be bitter about a job experience, especially if it ends your career and you have to take up another field. But if the guy was able to pretty quickly get another job, why bother? Chalk it up to a learning experience; it's better to be employed and outside in the real world than sitting in prison.

0
0
Silver badge

No sympathy

No sympathy for this guy. He knew he was doing something seriously wrong, to the point he tried to cover his tracks as much as he could. I'm glad they caught him.

0
0
Anonymous Coward

here's a title

Why didn't he just beat the job appraiser up instead? Silly geek! Had to try and be clever, didn't he?

0
0
Flame

This proves

that if you are going to do this kind of thing, you should use a "temporary" workstation that "lives" within a VMWare (or similar) machine, serves no other purpose, and is properly disposed of after use.

//Svien

0
0
Alien

US system

funny legal system, Oson was convicted back in August last year.

BTW kuku was his sons nickname.

0
0
Stop

are you all missing something here?....

if any admin leaves for whatever reason you lockdown the system, password changes etc, even if it does cause issues with users or apps not running. Its always been the first role when I have gone into a new client.

I think the new admin person is obviously lazy

0
0
Paris Hilton

access?

Why did he still have access after being terminated? Let me guess.... the administrator account had the "default password syndrome"?

I know a company that have the administrator password as blank on every desktop, incase the user wanted to "install something". And the server administrator password was the company's name! And this is because the idiots in the IT department didn't want to get off their fat behinds to help the users!.

Regards the 63 months... if it was bank records then I understand... but these were medical records, he could have killed someone indirectly. Give him few more months.

P/H, she must have learned to change the admin password, after firing someone in IT, by now.... hopefully

0
0
Anonymous Coward

I think this happens all the time

When I go for a medical related appointments, I often get the feeling they are seeing me for the first time ever - particularly for follow up appointments. Maybe they just keep losing data but disgruntled* staff actions and are too embarrassed to admit it.

*why are people never 'gruntled'?

0
0
Silver badge

Just deserts

This spiteful moron got away pretty lightly when you consider that, with a little less luck for the victim, he may have killed someone. If that had happened he would now be facing the needle, as his actions were premeditated it would be murder, as it is, he can now look forward to being somebody's bitch and learning to lift weights. In this case 63 months is a bitch not life. Couldn't happen to a nicer guy!

0
0
Linux

covered his tracks all the way to his front door...

the funny thing is, it seems the job evaluation was correct, there was obviously some personal conflict going on... enough that he went on a rampage.

linux, because he should have at least used a usb bootable (thus disposable) system? then he wouldn't need to wipe any home computers... case closed.

*FBI knocks on door, "hi boys! want to take my computers? cool, just ignore the barry white mp3's ok!"

0
0

Also sue the incompetent

Sue those responsible for letting it happen, as well.

And then maybe, maybe, people paid to secure sytems will do what their pay is for ?

And in case those paid to secure the system left a note to higher hierarchy to say they aren't given the right needs to secure it, sue the higher hierarchy, etc...

0
0
Alert

The real cost?

We will all go back to our jobs on Monday, the company security officer and CTO's will pick up this story, watered-down to idiot level of course, and next thing you're audited to death, have all but the bare essential rights taken away from you and you need 17 extra levels of paperwork to clear your change requests, all because some arrogant pr**k, with admin passwords considered himself godlike in the IT infrastructure. I just f**king hate these retarded dicks, that make the rest of us trustworthy IT people look as bad as them.

0
0
Stop

@Tezfair

No, you're missing that once someone has been sysadmin on your network, they are sysadmin forever. Change the passwords all you like, but you can never be sure they haven't added some kind of backdoor.

0
0

Clever hacker? That's a joke right?

How stupid was this guy? Overlooking the fact he caused grief to innocent 3rd parties instead of directly picking on the people he feels aggrieved him he was a total amateur.

Forget the technical aspects for now - what;s the first question the FBI ask the organisation when they come looking for clues? "Any disgruntled former employees?" Ooops. A quick scan of the logs sees he logged in with a valid account, confirming he was the attacker, so they just need a bit more evidence to strengthen the case and voila. Case closed.

He had to know he was the first guy they'd check out. What he should have done was cracked the network instead of using a valid account. He could even have weakened the network security whilst on the job without it looking too obvious.

Then he should have scoped out some unprotected wifi, dropped off a fully charged laptop nearby with the attack on a cron job. Finally, go someplace about 50 miles away with lots of ppl and CCTV, spend some money on your credit card and you have a lovely alibi, so even when they do come calling they don't find your scrubbed laptop, and they see you have a very strong alibi.

Bloody amateurs...

0
0
Thumb Down

Smarter?

Smarter and FBI haven't been in a sentence together in a long, long time. This guy was caught being a douche, plain and simple. Bad job review -> Let me hurt people and families which have nothing to do with the firing! Then using M$ products cover (more like illuminate!) his trail, what a genius. The FBI can hardly catch a cold, but this guy was begging for a stint at Club Fed.

Thumbs Down x2 - Boo for dumbassed lame quasi-hackers that think NO ONE has ever used a comercially available software tool.

0
0

Backups?

So he disabled the backups and waited 6 days before deleting the data?

I am assuming that rather than disabling the backups he actually modified them to exclude the important data so that the tapes would then get overwritten...

My point?

A company holding medical records for 17 health centers seems to have only had a 5 tape rotation which was being overwritten the next week! Why on earth didn't they have end of week and end of month tapes?!?

0
0

Interpersonal Relations

A significant proportion of the Federal prison system population is made up of inmates from 'low income' backgrounds so I expect he'll be getting more than a few lessons in 'Interpersonal Relations' over the next few years.

No sympathy whatsoever.

0
0
Gates Horns

Asking the Obvious...

@ Ross 14th June 2008 13:27 GMT

My, but you've given this sort of rampage quite alot of thought, haven't you...

My first question is why isn't his IP address mentioned? I'm assuming he used a backdoor as any idiot knows he can be IDed through acount, but surely he also obscured his IP? If so, how?

0
0
Alert

Where is the COMPANIES responsbility here?

Um - Where's THERE responsbilty

Posted Saturday 14th June 2008 18:43 GMT

Ok - Yes- the guy was dumb, didn't cover his tracks and had it coming.

However - the points the story DID NOT cover and the points the comments did:

1) Where is there "terminated employee policy"

2) "they- the provider" are responsible for HIPPA - again - policies?

3) Why did they have back doors open?

4) Disaster plan?

5) Did NNOOOO ONNNEEE note the lack of backups?

6) 5 days - yes, while bad - does not justify the $$$

6A) again - 5 days - then run your tapes from 5 days before

Overall - bust the guy - yes. Sentence too harsh? - Maybe. LIves at risk - NO.

Paper records are kept on patients.

HIPPA in this company is cleary a 5 letter acronymn

I think the company needs to go to jail as well.

0
0
Anonymous Coward

I had the sniffles

and they thought I had a cold.

Really, this just goes to show that medical records are being used more as a convenience to the ruling power then it is for the patient.

Why didn't the child receive a printout after the first examination detailing the problems, surely it would be better to have the data in the hands of the people who it is about.

And most will be told the diagnosis, hardly anything lost here whatsoever.

Just some guy going about things the wrong way, and highlighting the ineptness of that particular organization.

Oh and the comment:

"The court said that Oson seemed to think that he was the smartest guy around but, as often happens, he ran into someone smarter (the FBI)." -- now we have flaming trolling judges, only seemed did he. And the FBI really works on smarts, not guns and holding locations? They probably hired an outside consultant to do it as well, and then claim the credit. Bizarre, the prison term is too high for this, and some of the blame should have been extended to the organization as well.

0
0
Thumb Up

@Agrado

I hear what your saying, but any new admin would expressly look for backdoors. A simple look through AD etc will highlight any sysadm or higher-than-user accounts. A quick check or disable until verified should be enough to thwart any future attack.

the point is that this could have been avoided if the new admin guy wasn't lazy and took the time to lock down the system.

0
0
Pirate

The one thing i need to know is....

.....just what the hell was in that personal evaluation that set him off like that?

Did it insult his family? Skin conditions? Intelligence? Girth?

Must have been really something to make him quit a job he'd presumably been happy enough to spend 5 years in, then go completely mental and try to obliterate the company.

0
0
Thumb Up

While I think...

...Large corporations and companies are usually impersonal and at times evil... trying to get back at whomever offended this guy the way he did (if true) is far worse. There could have been other ways. Nuking the payroll computers for one. Involving innocents is totally unwarranted.

Shame on him and credit goes to the law this time. Well deserved.

0
0
Anonymous Coward

@ 5 years

Seriously. If this is how we work as a society then we may as well just put ourselves in jail. 5 years, shit man.

Speaking of that though, when does a jail become a jail? When is it any different to what we already think our freedom is? They are closing in on us. We sit here in our homes thinking we are independent of this world when really we are just in a different sized box, constrained by do gooders who do not follow what they preach.

0
0
Black Helicopters

push the button? don't push the button? push the button? don't push...

Surely the major point that everyone (besides a couple of people posting here) seems to be missing is that it's scary that this one person had so much power, so much access...

Interesting....

Instead of hijacking planes and what not, Al Qaeda should just send a couple of people to work in various IT jobs for a while. After a couple of months they are given a huge responsibility, hit delete, and the whole country goes to shit

Seriously, if random people keep being given this much access and responsibility, without being monitored, and if they are able to do it AFTER THEY LEAVE THE JOB! it's only a matter of time before someone freaks out and decides to publish everyone's medical records online or something.

Well, before the government do it 'by accident' that is...

0
0
Joke

Can't resist Point Break quote

This is your F"ing wake up call Body. I'm an FBI agent!

0
0

Why ...

No offilne backups? Anything digital is temporary data. That's the only way to think of it. One tape goes into a (fireproof) safe at the end of the week - and if its current stuff as important medical records, I'd say the IT manager should personally do it every evening.

And departing sysadmins often leave a backdoor - in case the new guy has issues, or you get a call to sort something out urgently after you have left the company.

@ AC "Surely the major point that everyone (besides a couple of people posting here) seems to be missing is that it's scary that this one person had so much power, so much access..." never been a sysadmin, AC?

0
0
D
Paris Hilton

The new sysadmin should join him in jail for criminal negligence

He/she took over the job knowing that their predecessor had been frogmarched out of the building by security. Anyone with a minimum of competence would assume the worst and lock down the system, certainly not leaving any admin accounts with their original passwords.

Paris, because she knows what it's like to do hard time.

0
0
Anonymous Coward

Call the poice, there's a mad man around

Quote 'Instead of hijacking planes and what not, Al Qaeda should just send a couple of people to work in various IT jobs for a while. After a couple of months they are given a huge responsibility, hit delete, and the whole country goes to shit'

Someone call the police, I've located an Al-Qaeda terrorist - He lives at No.10 Downing Street, London.

0
0

Did they say how the old admin broke in?

A lot of posters seem to assume that it was a rogue account, which it may or may not have been, and a few even think it was just the regular old admin account. Hopefully none of these posters are administrators or security consultants.

0
0
Thumb Up

Dead Man's Handle

You don't hack in after you've left to wreak this kind of havoc. No. There should be a series of at/cron/autosys/<your scheduler here> jobs to do it IF YOU DON'T LOG IN AND TELL IT NOT TO. Much better - kind of like the inverse of a failsafe.. If you get killed by a bus you can beat karma and get your revenge from beyond the grave. Karma can't kill you for being mean enough to set it up - cos that'll set it off! The universe has to leave you alone or else.

Not AC cos no one can fire me or IT'll all break. Ha!

0
0
Flame

I think this happens all the time @anon

We used to be very gruntled. Then our company was combined with several others and we became expensive overhead and got outsourced. Then our company was bought by another company and we were insourced again. And then our company bought another company and another company and all of a sudden we weren't just expensive overhead. Hell, we were a stone around the neck of the company and they couldn't wait to oursource us all again. In fact, they've been oursourcing people and jobs as fast as they can since they can't figure out how to grow the business properly and don't want to invest any real money into infrastructure and training (you can do that yourself in the bog) . Now we'll just leave it to those other companies to screw folks out of their jobs and then eventually we'll insource the susvivors to a lower pay scall and less seniority. Oh yeah, that'll make a great big bonus for the avp's and up this year.

0
0

re:backups

he logged in five days before.maybe they used only 5 tapes ?

0
0

Ahahhahahah.....oh....it wasn't a joke?

"The court said that Oson seemed to think that he was the smartest guy around but, as often happens, he ran into someone smarter (the FBI)."

Surely this proves that the guy must have been a fuckwit, if the court terms the FBI as being "smarter"?

Seriously.....attempt to be the BOFH?........FAIL! Simon would have got away with it, and got his job back with a pay rise, as well as organising a nasty accident for the person who bad-mouthed him in the first place!

Honestly, this guy deserves what he got though. It's obvious that he willfully destroyed the data without any care for the people who owned it (the patients), out of a petty need for revenge on his former employer.

0
0
Joke

NH(?)

"When he returned a few weeks later, doctors had no record of the previous diagnosis, and they also had no idea he was due for a routine physical exam."

"Patients who visited the clinic in the weeks following .... were kept waiting hours and sometimes futilely while their charts were located and delivered to the appropriate clinic and doctor,"

Sounds like another great health service we know and love....

... answers on a postcard please

0
0

lesson to learn

data deletion should never have that bad an effect.

if you buy a car and the engine ceases, you arent going to replace the engine yourself unless you know what you are doing!

get some IT advice, and pay for it!

0
0

Yikes!

As many have said.... the scary parts are that the new Sysadmin didn't lock out the old (or any suscpicious accounts...) and also that by the sounds of it a company as large and significant as that dealing in health records appears to have a 5 day tape rotation and no online/offline storage backup*

*this may be incorrect as it does sound as though they got back up and running eventually, but still....

0
0
Thumb Up

I like the sentence

"The court said that Oson seemed to think that he was the smartest guy around but, as often happens, he ran into someone smarter (the FBI)."

I saw a program about the FBI real life cases a while ago and it stated. (by talking to the FBI agents involved.)

"The criminals left no finger prints, so the FBI surmised that they wore gloves. The ladder left against the wall leading to the roof, and the large hole they had cut into the roof, the FBI surmised this had been how they got into the buidling."

So I don't believe the FBI are that smart.

0
0
Joke

@ "I think this happens all the time @anon" AC 01:58

"We used to be very gruntled. Then our company was combined with several others and we became expensive overhead and got outsourced. Then our company was bought by another company and we were insourced again. And then our company bought another company and another company and all of a sudden we weren't just expensive overhead. Hell, we were a stone around the neck of the company and they couldn't wait to oursource us all again. In fact, they've been oursourcing people and jobs as fast as they can since they can't figure out how to grow the business properly and don't want to invest any real money into infrastructure and training (you can do that yourself in the bog) . Now we'll just leave it to those other companies to screw folks out of their jobs and then eventually we'll insource the susvivors to a lower pay scall and less seniority. Oh yeah, that'll make a great big bonus for the avp's and up this year."

You work for Capita too?

0
0

@Tezfair

If the outgoing admin is slightly more imaginative in their backdoor-creation than "add a new Administrator account" then you are going to be hard-pushed to find it. So no, this couldn't necessarily have been avoided, and "locking the system down" is not possible in the way you suggest.

0
0

Page:

This topic is closed for new posts.

Forums