Rogue IT employees - give us the down and dirty
The Reg has compiled a league table of the 10 baddest IT employees - but we are probably only scratching the surface. Tell us about the most dishonest, vengeful IT pro you have worked with...
This topic was created by Drewc .
The Reg has compiled a league table of the 10 baddest IT employees - but we are probably only scratching the surface. Tell us about the most dishonest, vengeful IT pro you have worked with...
... a scarier thought is the most dishonest, vengeful IT pro I may be working with NOT YET caught in the act of doing somethi
I worked at a Mental Health Insurance company (now dead) and the CFO was in charge of the data base. It was a NOVEL 3.11 server and I never ever EVER had any training on ANY novell training so I knew NEVER to touch it and I did not.
In the room was also tape backups that I was required to change time to time.
One day the CFO wanted me in that room for whatever reason regarding the tapes and then He blamed me for losing the entire databse that everyone got locked out of.
Also the IT manager had no certification in IT and I knew more than him but he wanted me to build a few servers using existing pc cases. I built them just fine and compplained the cases were too tight thus making the motherboards bluescreen on boot.
I had a MSCE confirm my findings and the manager did not care and wanted us to make them work anyway.
If you have a CFO that looks like a weirdo on drugs with super messy grey hair and running around with his dress shirt not ironed and always sweaty fire him ASAP! You will thank me in the end. For payment I just ask you give me a beer.
Stories like this make me afraid to rely on IT guys at all, except for phone support every so often. Then again, I don't have any advanced technical needs for my business at this point. I may have to hire someone eventually, though, so I'll have to be thorough about screening them.
That sounds more like a "bad boss expecting the impossible and IT guy acting within the limits of his expertise" story than a "misbehaving/rogue IT guy" story to me.
A peeved off ex-employee from a company I worked at, logged in to an account that should have been disabled and deleted all our logins from the main server, then changed all the admin passwords.
I took us minutes to figure out a way to gain control of the systems again. No action against her though!!
Jason Cornish, ex employee of a pharmaceutical operation in New Jersey.
And the best quote in the article about his arrest is:
"Using vSphere, he deleted 88 company servers from the VMware host systems, one by one."
Probably because he didn't realize he could delete them all in one fell swoop. (or more depending on the number of disk arrays.)
The guy was planning on starting up his own consultancy and taking the highest-value customers from our employer. It wasn't until after he left that he realized he had used the VOIP system to make some of the calls to set this thing up, and every call was recorded for legal purposes.
So, he used a hidden account on the box to log in, a setuid program to get root, and systematically wiped every call recording for his extension from the server, and then wiped the local access logs.
He didn't know, however, I'd set up a central syslog server in the wake of his departure.
So, red lights start flashing in my head when I review the overnight security logs. No charges were pressed, and we could never prove anything (at least he was smart enough to use an overseas proxy, but who else would wipe only one employee's call records?) so it was just entered into the list of "well, guess we won't make *that* mistake again".
Admin in charge of the network at college a year or two ago. Left the active directory searchable by everyone. Passwords in the description field of accounts. Basically, anyone who could log on to a computer on the college network had unbound access to _everything_.
He was quite adamant about getting me expelled until I dropped the words "data protection act".
It's a shame the college management will never realise his true incompetence. Who would have listened to a 17 year old student over an experienced admin who'd been there a while? I remember walking into the IT office when I'd "been caught", two 21" iMacs on every desk. As far as I know he still works there and he is still in charge. I wonder if he frequents El Reg?
Many years ago I was running an IT outfit that had a few thousand computers running on NetWare. We had followed best practice in not allowing access to the root password (netware equivalent anyway). Sysadmins ran on accounts with appropriate priviledges, but the root password was sealed in an envelope in a safe. We then had an emergency break-glass account which only had permissions to change the root password which also had a password stored in a safe. My 2 sysadmins had been getting more and more BOFH like over the years (in fact they hero-worshipped BOFG in Network News). We had been training up a couple of junior sysadmins because I was concerned about the 2 senior ones. When they finally left, everything looked good, we were ready to take over. But the senior sysadmins had tried to set us up in a plausibly deniable way. The root password had been changed 3-4 months earlier, but the password not updated in the safe. At the same time they had changed the break-glass account to have expiring passwords, and the password on that account had expired, without a capability to get it back. Losing the root password on that era of NDS was a big issue, and we had no obvious way into the system. However, they had missed something really simple. When they had originally set up the backup system (which needed access to everything to run backups), they had rushed things and never changed the default password. We managed to log in through the backup account, which allowed us to change the break-glass account password which in turn allowed us to change the root password.
At the same place, I had a storekeeper caught trying to sell processors to a contractors brother in the pub. This was just funny. He had stolen a PC, and then started to try to steal parts to upgrade, just breaking things in the interim because he didn't know what he was doing. When he was finally caught, he had a pile of broken computer parts in his loft!
A guy at a government department who did not get a promotion, changed to a different department and then used his old credentials to crash the main supply system. His new department circled the wagons and refused to admit my boss to allow him to show his technical evidence at the hearing. Got away scot-free.
Secondly, I wrote a C program to upload personnel files via an API to a helpdesk system. When I left the govt department, they complained they could not maintain it because they didn't have any C skillset. I pointed out that I had been telling them for months before I left to get some C skillset in (Not really BOFH but highlighted their new policy of hiring morons to keep their staff turnover figures low).
Some guy was down the pub on a Friday lunchtime. He and his colleagues from a London investment bank were all moaning about management and the possibility of forthcoming redundancies. His colleagues suggested he delete or corrupt some business critical databases, which would piss off management and give them all a load of work (protecting their jobs). After a few beers, he thought this was a good idea, went back to work and followed through with the plan. Sadly for him, his colleagues had a different plan: they had made fresh copies of everything, turned on some additional logging and when everything went bad, promptly grassed him up to management. He was fired on the spot and they all kept their jobs.
c'mon, you don't seriously expect us to self incriminate, nor to squeal on the miscreants we work with surely???
And the Reg has our IP addresses for future blackmail too...
Trust us, we're journalists ...
liked to create fake login programs on the mainframe to nick your password, or change your password to something offensive to the sysops (who could retrieve your password and read it to you) and steal the admin passwords to make annoying broadcasts on the LAN (this was the 80s). I snooped the admin password over his shoulder, took away his his superuser rights and changed the admin password and shopped him to the sysops. They pulled his diploma and he did not get to graduate.
About twenty five years ago, the test technician in charge of testing OEM parts returned by our corporate customers was busted for recommending perfectly good, but badly configured (by the customer) parts to the scrap heap. His buddy, in turn, bought the "scrap" for pennies on the dollar (or less ... ). I figured his scam out when he scrapped a perfectly good Sun 3/260 ... I had borrowed the power-supply, legally (all paperwork done), out of MRB  to test one of my test boxen that had gone tits-up. The silly twit hadn't noticed that it was in MRB simply because it was supposed to have 16 megs of RAM, not 8 megs.
We documented similar thefts for a week or so, and called in the cops. They got a warrant, and searched his house ... finding over 1.5 million US$ in perfectly good hardware. He was arrested, and released on his own recognition a couple days later, pending trial.
A couple days later, he wandered onto our campus "after hours", calmly ::snipped:: the ground wire to the 400amp service providing power to the building he had worked out of, opened the electrical panel, removed the safety panel, used an insulated screwdriver to loosen the neutral wire from the bus, and linesman's pliers to pull the neutral, instantly sending 240 Volts through any 120V kit that was plugged in and powered up. Killed coffee pots, microwaves, fridges, radios on desks, lights, desktop computers ... and the security cameras. He's lucky he didn't burn the place down. Fortunately, the VCR tape containing the video was undamaged.
He didn't know that I had fixed the security cameras that he had disabled (probably, I don't know for a fact, but he smirked at the camera above the service panel ...).
He did roughly $325,000 damage in a couple seconds. And 2 years inside, with 5 years probation. He never worked in the high-tech world again, to the best of my knowledge.
 "Original Equipment Manufacturer" ... kit built by other corporations that we configured & resold alongside our own home-built kit.
 "Manufacturing Review Board" ... anything that shipped had to go through Manufacturing for final QA, even if we didn't build it. If it b0rked in the field, Manufacturing was in charge of figuring out why bad gear made it out into the field with our name on it.
I was working with a really tight team when there was a business wide IT organisation. Half the good guys left and I was stuck with a new manager who I couldn't stand (would 'forget' to sign off overtime forms for christmas or wipe of all the emergency contact numbers off a whiteboard because of 'security' - meanwhile, Rome was burning all around us).
I finally had enough and was leaving fro a new job. A week before my last day he had all my accounts suspended and had me walked out of the office.
However what he didn't know about was the PC up in the little used patch cabinet on the 6th floor. Every 4 days and 23 hours it used the account he didn't know about to send a forced shutdown to his PC.
So it would shutdown on Monday at 5, Friday at 4 then Wednesday at 3. He wasn't smart enough to realise there was a pattern. The best bit being that when the task ran on a Sunday or a Saturday, he wouldn't get a shutdown for 10 days and think the problem was gone.
Also, he would shutdown his PC every night. So as the task got earlier and earlier, he wouldn't see its effects. But slowly and surely it would be working its way round 8AM, 4AM, 10PM..... 5PM. Bingo!
I asked someone to check to see if the machine was still there three years later. Even though the manager had replaced his own machine in the meantime, he still named it the same on the network.
Three years of shutdowns. Ha, ha! Vengence is mine.
@AC 08:20 ... Quite simply, you are an asshole.
Sysadmins are capable ... but we do not do that kind of thing. It's a trust issue. Your type gives all of us a bad name. Frankly, I despise you.
Yeah, we don't do that. It's like a fireman setting fires. Or a bent copper dealing dru... oh. Or an investment banker conning massive amounts of... fuck it, I need to find some better examples.
OK, for a week or so, it could be construed as a practical joke, but 3 years is a bit OTT, IMHO.
I have had my co-workers stick a remote USB mouse in my monitor to take control and cause my cursor to zip across the screen. Took a few days to figure out. Am plotting revenge for later (hand lotion on phone earpiece, or something similar).
Try leaving a post-it with "call myra mains" and the number of the local undertakers. (oldie but a goodie).
As a prank, when someone was out of the office for an extended period (3 weeks or so), we "cressed" their keyboard.
Pry up the keys and put down a layer of cotton batting(leave openings for the keys to go back).
Sprinkle the batting with cress seeds, replace the keys.
mist with water daily until they return to find verdure growing out of the KB.
Optionally, tease them about poor desk cleaning and leaving crud in the KB.
When a previous employer decided to outsource its IT department the fools gave us a weeks advance warning of what they were about to do.
I created an administrator-level account and hid it away. It was never found before I left.
I never actually used it, but it was there if I wanted it.
I also had a spare security pass, so I could still get into the building even after I had thrown mine away onto the bosses desk.
I worked on one project where all the contractors were told that we were being replaced by permanent employees as a "cost saving" measure, and that we had to train our successors in the brief termination period we were given.
We naturally did this, and went even further by taking the new recruits on our regular "real ale and curry" nights. After a while we started getting asked about contracting. A few phone calls to our agents later, and most of these people resigned, becoming contractors themselves.
Unfortunately there was now insufficient time to train our successors' successors before our contracts ended.
"An extension? Well thank you for asking, but I've already signed a new contract."
One of my former employers had three UK data centres. Two were acquired via M&A, but the original was appallingly documented: no network diagrams, passwords static, available by "seeing someone in the NOC". It surprised me not a jot when I found out one of the network engineers had been fired for running his own porn business six months later: 100mbit/sec of traffic and ten servers had gone unnoticed all this time...
Not really someone I worked with, but in the same company. While working for a bank, during the mandatory IT security lectures they'd always bring out the story of someone who while working on a project to do data masking for IT systems (scrambling the data from the real live system, so that dev/test don't get to see the real finances, but still have useful data for testing), he decided to extract all of the data from the private banking operation in Switzerland and send it over to various governments to use in tax evasion cases.
I believe he wasn't prosecuted, but pretty sure he'll never work in the industry again.
Evidence gathered illegally is inadmissible, isn't it?
I think I've read stories on here about people begin prosecuted because of this very data. I believe it was admissible because the evidence wasn't gathered by breaking the law on UK soil and because when it comes to money laundering and tax evasion uk.gov get to keep all the money.
Nope - *Anything* goes if the IRS gets the spoils!
Have people not noticed that in tax cases, it is the accused who has to prove innocence, not the tax people who has to prove guilt. Quite the opposite of what the Human Rights are supposed to guarantee.
Not in the UK, or at least it never used to be; evidence is evidence, period.
That's not quite true - evidence that would unfairly prejudice the fairness of a trial is routinely excluded. Evidence obtained under duress by Police would be inadmissable too.
Yes, but ILLEGALLY obtained evidence isn't automatically excluded.
Thread necromancy! Yay!
Not admin or techy or really bad, but interesting.
At my old job we handled short customer requests all day through computers. If the work was slow, many of the other employees would <strike>waste time</strike> abuse company time/internet browsing the web while we were supposed to sit idle and keep our eyes open for new requests.
One day, one of the annoying girls in the back left for lunch, but left her Facebook profile logged in and open. A team-lead along with a few others proceeded to update her status to notify all of her friends about how much she loved her job and would never waste company time.
And you resisted the temptation to post donkey pr0n? I am ashamed.
A very very large company decided to out source all IT services. One of the widow sys admin left the company a very nasty going away present. He implanted a nasty root virus in every single server, roughly 5000 machines. The virus disabled all logins to the servers. It did not stop the servers running until they were rebooted, then the only way back was a full rebuild and restore. It took about 2 months to rebuild them all.
The guy who hired me had a good little side business providing custom upgrades to the vendor's office automation suite, not within his contract but hardly criminal.
But he was a development manager and so had a bunch of programmers who knew the system well and who wouldn't think it strange to be asked to knock up a new moduie for it.
So he had the best resources possible for the job and they didn't cost him anything.
I was supposed to join his gang as my first job out of Uni and I don't suppose I'd have spotted the scam either, but he was nabbed just before I started.
The duo responsible for the Phorm scandal at BT.
Intercepted the private/confidential communications of thousands of UK internet users, and the businesses that served them, then flogged the content to a bunch of notorious foreign spyware merchants.
Can you get much worse than that?
Ian Livingston is still in his post, unbelievably.
Of course Ian Livingstone is still at BT, it takes an act of Parliament to fire a senior BT manager.
But it's not his fault.
In any firm you mostly have to go with the crowd and BT has a big crowd.
Some firms like Oracle regards its customers with contempt, but BT isn't like that, contempt requires that you actually think about your customers, BT managers don't do that, they act so as to look good to other BT managers.
One place I worked as looked after by a single BOFH, he got the bright idea that there was a better way to get rich than working for a living. For a whole month he made sure the backups didn't run, although he signed them off as successful.
Then one Saturday he came into work:-
Took a full backup to several tapes
Deleted all files on all disks (including the OS)
Took the tapes home in the back of his car.
He then made a call to his boss telling him what had happened and demanding a ransom for the backup tapes. The boss made 2 phone calls, one to the system vendor who sent a team onto site to 'undelete' all the data (If he'd been brighter he could have erased the data but as with many OS's simply deleting it left it on disk and you just had to find it to recreate the files) ; the second call was to the police. Then on the advice of the police he arranged the meet to hand over the ransom and this dimwit chose the car park of a Motorway services to do the deal, so it wasn't really difficult for the Police to cover all the exits!
The system was back up with minimal impact, although it cost a bit to pay the vendor for the consultancy.
He went down for extortion.
A few years ago, I saw an old friend of mine in the pub whom I had not seen for a couple of years. He was looking trim and a lot happier than I had seen him in many years.
Wondering why I had not seen him for so long, he explained that the manager/owner of the poxy little insurance company he was working at since leaving school had finally pushed him too far.
[name removed under legal advice] had worked his arse off for this place for several years and even took on the roll of system admin/manager because the boss was too cheap to employ one. Working constant late nights, weekends etc. and never recognised for the value he added to the company, meanwhile the nagging boss kept pushing him harder and harder.
So one night, he poured petrol through the letter box and set fire to it, eventually burning most of the building to the ground.
"How did the police know it was you?" I asked.
"I was waiting for them outside watching it burn" he replied.
I often think that 18months was probably worth the satisfaction in knowing that the boss knew not only who did it but why.
Trust me they will never figure out how to access all the remote systems I had access to!
I just revoked all access to the servers because I signed the NDAs and no-one else had the right to use them.
I was always amased that no-one higher up would sign any NDAs for remote access to government or NHS systems. Anyway, they no longer have the skillset to maintain them anyway!
I couln't change my local system logins, but there will be no data there, as all was on a memory stick encrypted.
Anon as their IT Manager is a muppet and might read El Reg
I have an uncle, who was involved with the old pirate Thameside Radio back in the day.
Quite an advanced set-up. Proper transmitters, none of this noisy, leaky circuit-board-in-a-margarine-tub nonsense. They weren't stupid enough to transmit from the studio, but instead would have a few transmitters around, with an uplink that could be pointed to any one of them.
One of these transmitters was right up at the top of Trellick Tower. Apparently these sneaky chappies had managed to get hold of a set of fireman's keys for roof access. Then they found a nice room to stick the transmitter in, disguised the antenna as a TV aerial, and built a remote electronic lock to keep the door locked from the other side.
So the DTI (this was a long while before OFCOM) would detect a transmission and go up there to have a look. They knew the signal was coming from there, but could they find the transmitter? Could they hell. Even if a tramsmitter got busted, these guys would swing the uplink antenna around and be back up in seconds. Most frustrating for the DTI, I'm sure.
Even when they decided to call it a day, they did it with a nice big middle finger in the shape of a pirate TV transmission across large swathes of London.
I feel quite inadequate in comparison!
"Apparently these sneaky chappies had managed to get hold of a set of fireman's keys for roof access."
Why bother with $UTILITY's keys for keyed locks? Just learn to pick locks. It ain't exactly rocket science. I taught my daughter how to pick her bike lock when she was about 10 years old ... And no, it isn't illegal to know how. Nor are the tools required illegal ... it's only illegal if the intent is to to do something illegal (in the US, anyway ... YMMV).
"these sneaky chappies" were obviously doing something illegal. I approve of their behavior, at least in this context :-)
Hopefully the law has been changed. But I doubt it. The law is an ass ...
Colophon: The only radio station I listened to when I was in The_British_ Isles[tm] in the mid-70s was Radio Caroline ... unless John Peel was on the air.
Jake I think you missed the point of the story.
The Firemans keys were not the technical or interesting bit!
I learned to shim a padlock a couple of years ago - but i still prefer a key
Your uncle's lot were very tame compared to many pirate radio stations. I used to work at the Radiocommunications Agency (the part of the old DTI you refer to) many years ago, and would hear horror stories from the inspection team about the booby traps some pirate stations would install to "protect" their transmitters - including some that were definitely lethal.
Oh, this I know. I've heard some stories myself, about a certain shall-not-be-named radio station that is now quite ironically legitimate. Rather than just let the coppers come, bust the gear, take it as a loss and get another transmitter, they'd be sitting at the top of the tower block ready to cob chairs, bricks and other ammunition down at them.
Gave pirate radio in general a bad name, and played right into the hands of the "hang 'em high" politicos. Fucking idiots.
Definitely not the same as getting nicked for trying to set up a radio transmitter on the tower behind Paddington Green police station. Yes, apparently the police were not convinced that the antenna was for a walkman that one of them was carrying, and the TX rig was a UFO detector. Gave up on trying to hit them with a pirate radio charge though and instead hit them with theft of electricity. By said uncle's own admission, that was a bit of a silly place to try to set a rig up.
Yes, some of the pirates were idiots. These guys though, were pioneers, doing live uplinks from a moving boat party and using Doilby noise reduction techniques before the BBC had even got its skates on. Now? It's just not worth it. Within 15 minutes of firing a rig up, the rig will most likely be located and ready to be busted.
And we're all the poorer for it, IMNSHO.