A former support admin was sentenced to one year in prison after admitting he shut down the servers of a large IT company a few months after his employment ended there. Lesmany Nunez, 30, was an employee at Quantum Technology Partners in Miami from August 2006 to May 2007. Amazingly, he was able to breach the company's network …
The company didn't change the administrator password, and the ex-admin used his home computer for the attack. Were they running a competition as to who could be the stupidest?
He used his home computer? No wonder they fired him he was obviously shit at security and IT in general.
Basic Rules Apply
I was under the impression that in a properly run IT environment the number of people with admin access was strictly limited to a very small number of people, and should any one of those leave then the account passwords were automatically changed.
"Gagging for it" would seem to be an appropriate term to use here. And Paris because, well you can guess the rest.
Blocking out the infrastructure for a week only caused £30K of damages?, couldn't have been much of a set-up.
Yup. Bloody amateurs these days. Use 2nd hand system procured from some bloke in a pub via an unsecured wireless LAN in a town otehr than the one you live in at the very least. ;)
Why is it
these dumb fucks dont use a net Caffee to launch their attacks
Sure, he was shit, but his replacement was just as dumb, so competence does not appear to be in their selection criteria.
Obviously not a very well thought out admin if he didn't consider that he could be tracked to his home PC.
How to do it properly!
Oh dear. If you are going to do that, the bare MINIMUM you'd do is buy the cheapest possible laptop off Ebay, do the work from a public wi-fi area then completely wreck the laptop and spread components around a 10 mile radius.
Not that I'd condone such activities.......
USD 30'000? Well, that's a reasonable price.
If that had been State or a more aggressive company. they might well have pulled the price of USD 356'789 out of their behind.
Oh come on..
It's not as it it's not something that every single network admin hasn't considered before..
@How to do it properly
a 10 mile radius offset 20 miles from your location.
do no harm
intentionally doing harm, or even trying to, is always stupid. we all get treated badly from time to time but seeking revenge is just plain idiotic and will ultimately cause nothing but trouble and heartache.
these stories are quite common, but even more common are the many unreported cases of ex staff doing damage to say just one system in a very brief and often untraced attack. so it's not such a serious cost in case they do get caught.
it's so sad how a person can spend years building a career and good reputation, only to flush it all away in a single moment of misguided anger. which is clearly not very clever.
in my eyes this type of behavior is disgusting and we should all know better, be honest, and try to do good only. thank you.
Only dumbasses seek revenge on former employers
Booo hoooo hoooo!!!! My boss is such a meanie!!!!!! Just for that I'm going to spite him and sabotage his network!! That'll show him.
Lesmany Nunez and those who follow in your footsteps are a bunch of losers. If you want to be treated well you shouldn't be working in corporate IT. Good luck finding a job after you get out of the clink. Moving back in with your mum at 31 and being part of the crew that towels off my car after it goes through car wash looks like the best future you could hope for. Don't worry Lesmany I always tip well since I notice most folks don't.
The last 2 brokerage firms I worked for BTW disabled ALL building and network access prior to notifying you of your termination. I and a few other showed up to work on a Friday and our access badges wouldn't even allow us in the building. We were later met in the lobby by our managers who informed us that we were canned. Such is life in the IT world. On to the next gig. My current manager contacted my former employers and based on their positive feedback hired me so burning bridges is fucking dumb.
I agree in principle with you. However you shouldn't be so judgmental if you don't know the exact circumstances in which the canning took place.
You think every firm terminates you in a fair way so you can collect severance?
I guess you never seen people canned because their manager didn't like them personally. Or convinced to quit with the argument that if such person needed to, they could return to a different area of the company, only to have said manager speak with HR to smear their records and making them non-rehirable.
Have you ever been terminated because some piece of dirty scum has spread lies about you and because they have a lot of pull in the company (is friends or shags with one of the high ups), the Ethics department disregards all logic and believes their ridiculous claims?
Be thankful that your country has unions that can protect you a little from unfair dismissals (if they haven't been bought by the company, that is).
Unions are few and far between in US tech. I heard a story about one back in the 2001 dot bomb, other than that, zilch.
I want a nice cushy job
"You think every firm terminates you in a fair way so you can collect severance?"
No! I know that!! Not only have I been victim of that but so have several of my colleagues! Read current IT events much (HP, EDS, IBM, et al)? Why do you think I am a career consultant?
I work in a WAN/datacomm environment which means long hours/weekends and phone calls at the most inconvenient times due to knee-jerk reactions and misperceptions from less technical, upper management types. In spite of this I consider myself lucky that I have employment, am well-compensated (thanks to the long hours ugh) and have a good team of engineers. I also live with the fact that no matter how much effort I put forth to ensure my tenure here I may come in to work tomorrow morning and find my access card won't let me in the building. There will be no ill feelings on my behalf as I consider this a business, not personal relationship. Then there's the usual flood of phone calls wishing you good luck, asking for updated project statuses and whom they need to contact for further queries. What a routine this is.
This is the way it is in corporate IT, regardless of your technical skills. Your failure to accept this means you either haven't worked in IT that long or don't have many collegues who work in IT. I in no way condone the mistreatment of employees but you really have to re-evaluate your expectations if you think any employer anywhere owes you a living.
Incidentally El Reg doesn't mention this but Mr. Nunez has to pay restitution totaling over $31,000 in addition to community service and supervised release.
If you want to wreck someone's network, don't do it from your home computer.
meh fuck it go and get another job somewhere else
its not as difficult as people make out its just that most people are bloody picky !
@Anonymous Coward Thursday 16th July 2009 05:23 GMT
Admin password a near secret? You've got to be kidding!
Many years ago I was working for a Multinational as a lowly Level 2 Support Engineer, and EVERYONE had the password, including the Helpdesk staff. Better still, the password still hadn't changed several years after I'd left. Chances are it's still the same password now.
Another interesting article on this http://www.pcauthority.com.au/News/79618,hacking-damages-routinely-overstated.aspx seems to indicate that you need $5,000 in damages to extradite, and the # for McKinnon seems to be around 5,000 per pc he affected. Either way, while I believe the damages should be closer to say $40,00 to 80,000, any way you figure it, it's way over $5,000.
From HOME? (and @ Bounty)
-not from your connection
-not from a machine you purchased (even on eBay, one never knows)
These are the 2 rules.
It's easy enough to get untraceable, dispensable machines. They abund in dumpsters, on the pavement after the neighbours moved, ...
Also, @ Ru: you're not comparing the "damages" caused by highlighting a system's poor security (the damages in the McKinnon case are *only* admin time spent plugging the holes that his intrusion highlighted, which should have been done first thing after buying the boxes, before even connecting them, and makes the case even more preposterous) with the destruction of data, locking out of the admins etc, are you?
For those of you who might be tempted to do something similar should you get axed by big bad Corporation, think at least of your former co-workers who will have to devout extra unpaid hours to clean up the mess you've made. Big bad C's losses are probably covered under some insurance and you will not be able to enjoy your moment of schadenfrude.
wreck the laptop and spread components around a 10 mile radius.
Um he is less than 5 miles from to major bridges that cross the SF bay. all he had to do is toss it off the golden gate or bay bridge .
Think it through
If you're going to do it, it is likely you are going to get caught eventually somehow.
So surely a mad rampage through the server room wildly swinging a fire-axe would
be far more tangible and satisfying revenge.
Plus it has the added advantage of getting all the legal stuff out of the way early on.
(The smiley has it's tongue-in-cheek, Trust me.)
- Nokia: Read our Maps, Samsung – we're HERE for the Gear
- Ofcom will not probe lesbian lizard snog in new Dr Who series
- Kaspersky backpedals on 'done nothing wrong, nothing to fear' blather
- Too slow with that iPhone refresh, Apple: Android is GOBBLING up US mobile market
- Episode 9 BOFH: The current value of our IT ASSets? Minus eleventy-seven...