The former sysadmin for a Florida-based charity stands accused of ransacking the organization's servers and phone systems last Christmas eve, more than a year after his employment there ended. Luis Robert Altamarino, who had been given administrator access to the computer network of United Way Miami-Dade, breached the systems on …
"The former IT admin for a Florida-based charity stands accused of ransacking the organization's servers and phone systems last Christmas eve, more than a year after his employment there ended."
More then a year after his employment ended? Why weren't the passwords changed no more then 5 minutes after his employment ended? Seriously, shit like that is why these companies keep getting smacked by former admins. I agree he should pay but there should also be a fine involved for those companies too stupid to do normal security related stuff.....LIKE CHANGING THE BLOODY PASSWORDS AFTER SOMEONE LEAVES!!!!!
On a side though what I would like to know is why he did this. What was his reasoning to be so pissed off about it for over a year that he finally decided to do something? What were his terms of discharge?
I'm not 100% certain they've got the right guy.
Given that his old credentials were still active more than a year after he left, what are the odds that the current sysadmins did a good job of preserving the evidence for a really solid investigation?
Innocent until proven guilty and all that.
I used to drive one of those...
@ blah 5 - point of order
"Innocent until proven guilty and all that."
Er, innocent unless proven guilty, please.
Innocent until proven guilty
If you are innocent until proven guilty why do they slap handcuffs on you and toss ya in the clink?!?
Re: Excuse me?
>> More then a year after his employment ended? Why weren't the passwords changed no more then 5 minutes after his employment ended? Seriously, shit like that is why these companies keep getting smacked by former admins.
What makes you think that his passwords weren't changed? It doesn't say that in the article. How do you know he didn't physically break into the building - most technical measures are easily bypassed when you have physical access?
>> On a side though what I would like to know is why he did this. What was his reasoning to be so pissed off about it for over a year that he finally decided to do something?
Perhaps the system was so secure or his skills so limited that it took him a year to figure how to gain access after his access was revoked?
I suppose your systems are 100% secure, so that when someone compromises your systems you are completely blameless - but then if they were totally secure then no-one could crack them. By your reasoning it is always the current admin's fault for only making the system 99.999999999999999999999999999% secure - even though you can never guarantee 100% security. I suppose if the previous owner decides to break into my house, after I have changed the locks (or not), it will be my fault for not laying enough land mines in the back garden and on the stairs?
How much damage?
So, he ransacked the servers, Blackberry System, Voice Mail, phone system and caused over $5,000 of damage. I think we can assume that this is the most that charity can identify as actual damage.
Compare to Gary McKinnon, who goes looking for UFO files and evidence of anti-gravity and is accused of causing $700,000 of damage, without actually appearing to hurt any server at all (assuming we can take the embarrassment of the NASA SysAdmin as read).
Sounds a touch like double standards being applied here. Or is it post code justice (oh, you have a UK post code, welcome to Guantamano).
"Why weren't the passwords changed no more then 5 minutes after his employment ended?"
Read again - it's a charity, not Black Mesa Research Facilities.
I've yet to see an account of this story that specifies the guy's method of intrusion, so although an unrevoked account is a likely culprit it's perhaps a bit early to be blaming the current admin(s). It's also possible he used a backdoor, leveraged another user's credentials through social engineering, guessed another users account details using knowledge of the employees, or used an unpatched exploit still present on the system (although the latter scenario does tend to point the finger of blame back at whoever is the current admin).
As others have already advised, it is quite unbelievable that someone who had trusted privileges to any aspect of their former employers systems can still find his account enabled on those systems 12 months after he departed.
Paris because I fancy checking out her security.
in many cases you need to blame the management ...
I am careful not to judge people for IT mistakes until I find out if their working condition make doing quality work remotely possible.
To be fair to the company...
...sound like a little org where they get a jack of all trades to do everyting. If he's doing server work, heldesk, fixing pc's and looking after the phones sytem, sound likes a one or two man band job. Therefore, the guy that took over, also probebrly has little or no clue about about locking down a network.
It makes you wonder
What on earth prompted this attack, a full year after working for the company?
Either the actions of the the organisation, or a member of the organisation are the only logical catalyst for such a premeditated onslaught.
After all, he had little to gain from this - financially or otherwise.
Revenge is Biter sweet
I have to admit there have been a number of occasions where I've considered it. Its normally with organisations that have a total lack of respect for IT staff and IT itself. My view is always that I have more integrity than them and more respect for my professional reputation. And I always have the joy of knmowing that their lacklustre approach to IT will end up with collapsing, trojan-ridden systems anyway.
did it years ago
Was summoned into the office on a Wed afternoon to be told that I was "leaving" the company (later took an out of court settlement due to illegal firing) - escorted to desk to empty it. Left at about 11am and went to pub with mate.
At 2am (15 hours later)I logged onto one of the remote modems and used my hidden username and password and re-created a fault I'd had just a few days before - A real b'stard that took me a few hours to fix. I met up with one of the guys about 6 years later and asked him if he'd had any problems in the days after I left - his immediate response was "you b'stard, that was you wasn't it, took us 5 days to fix it and the customer was not happy" - Had a good laugh about it.
@did it years ago
should say I was much younger in those days - very young to be running such a large network (at that time, barely past the birth of the "www" bit of the internet)
It's definitely innocent *until* proven guilty, usually by press, speculation on CNN and hearsay. That's why they'll never create laws like you have in Britain, banning the news media from convicting the accused by press while the trial is ongoing. If that happened, the entertainment news industry that has taken the place of real news would lose at least 3/4s of it's content.
And who is to say that he *did* use any old usernames/passwords to get in at all? All he needed to do was leave a scheduled task on a server for that day to go off. If he was still employed, it would be reset to the next year, etc.
Advance Retroactive Revenge?