back to article Fired Toyota coder trashes systems, steals data

A fired former IT contractor for Toyota's US manufacturing wing has been ordered not to leave the country after allegedly accessing the company's servers, downloading proprietary information, and sabotaging its systems. The automaker accuses Ibrahimshah Shahulhameed, who was dismissed from his contract programming job on …

COMMENTS

This topic is closed for new posts.

Page:

  1. petur
    FAIL

    Toyota FAIL

    Seriously... firing a worker but not revoking his login? Unless he used that of a coworker of course...

    1. Anonymous Coward
      Anonymous Coward

      Re: Toyota FAIL

      Doesn't this company supposedly have a bit of a "reputation", in terms of work conditions, not agreeing with what the allegedly dodgy dude allegedly did of course, but.....

  2. Mark Wilson
    FAIL

    Common sense says disable their login before you even fire them. Pretty stupid for him to do though, doesn't he realise people go to prison for such things?

    1. Steve Taylor 3
      Unhappy

      Common sense not common...

      I once quit a job under very antagonistic conditions: I believed my boss owed me a substantial amount of money, he believed I owed him a substantial amount of money, and we were a long way from being best pals. We were at the stage of threatening each other with lawyers.

      Imagine my surprise when after handing in my resignation I got to work out my notice period, dealing with servers responsible for processing large amounts of mobile phone based commerce in a number of countries. I didn't - and wouldn't - sabotage them, but I sure had been looking forward to being told 'get the hell out', and walking out into the sunshine and fresh spring breeze, instead of going back to my dungeon and doing some more coding :(

      1. Anonymous Coward
        Anonymous Coward

        Re: Common sense not common...

        You were owed a substantial sum and you worked out your notice? Why would you do that unless you were using their phone and web access to find a new job? (Or just sabotaging them?)

        1. Steve Taylor 3
          Meh

          Re: Common sense not common...

          Didn't feel much sense of obligation to my evil boss (Hi Richard) but knew that anything I didn't do or did wrong would have to be fixed by my co-workers who are good guys. Also it's uncool - leave the being evil to the actual evil people.

      2. Fatman

        Re: Quitting a job

        It has been my experience that when you are working for a douche bag employer, and you are leaving to accept another position, you must do the following:

        1) hand over any and all keys to the premises,

        2) in front of the douche bag, and in the presence of witnesses, force the douche bag to change your password immediately,

        3) inform the douche bag that you want your final paychecks sent to your residence,

        4) inform the douche bag that they are NOT to contact you for ANY reason, what ever problems they were having are no longer your problem,

        5) collect your possessions and leave immediately, and if the relationship is that strained, have a police officer present to insure a peaceful departure.

        Then be very glad to be rid of those douche bags. Refuse to help in any way former colleagues from that place. You do not know if you are being "set up". The fact that you left under adverse conditions is fair warning that they can not be trusted. Lastly, do not bother with "exit interviews", they don't give a fuck as to why you left, and they are probably looking for some excuse to disparage you.

        1. Anonymous Coward
          Anonymous Coward

          Re: Quitting a job

          I too follow this sort of procedure at the end of every contract - I always insist that all passwords and procedures that would allow me remote access are changed on the day I leave and that my accounts are deleted.

          Why? Because many years after leaving Barclays were I worked for a few months I bumped into someone who worked there at the same time in a different department, we got chatting and it turned out I had been suspected of trying to hack in shortly after leaving, it turned out it was someone else within Barclays who had moved companies within Barclays was trying to log in using his old details to fix an issue.

          Problem is how many people were left thinking ot believeing I had done it. I would never had known had I not bumped into that person. Those people of course move on and so word is incorrectly spread that you are to be avoided.

          So best advise is whether you are sacked, leave or just finish a contract ensure that you insist all password are changed and that your accounts are deleted.

          As an employer you should be doing this anyway.

        2. ByeLaw101
          Stop

          Re: Quitting a job

          @:Fatman: "collect your possessions and leave immediately"

          You have a contract of employment, if you go against that and don't work your statutory notice then you will be in breach of contract. If you do end up in breach, then you are giving your douche bag employer even more ammo. Not good advice... and brach of contracts can be a serious issue.

          1. Fatman

            Re: You have a contract of employment,

            NO, sorry, I don't. I live in one of those USA "at will" states. Which simply means that if your employer says "Goodbye", then you are out. Unless you are in a sensitive role, most douche bag employers do not want a contract, as it could be used against them. Now, when dealing with a more reputable employer, things may be different.

            Note in my comment, I used the term: douche bag employer. for me this has a special connotation - one who is sleazy, underhanded, and cares only on how much they can shaft you. I spoke to my brother who has a douche bag boss. They want him on salary, so they do not have to pay the overtime. A little math will quickly tell if that "pay raise" doesn't amount to a pay cut once you figure in the compulsory overtime.

            Try again.

    2. Anonymous Coward
      Anonymous Coward

      This depends where you are

      USA with their "frogmarch off the premises" habits - yes. Elsewhere, not so sure.

      On this side of the pond we have notice periods which can range from 1-3 months in IT in UK to 6-12 months in Scandinavia or Germany (I have seen a 12 month notice on a UK contract in biotech and 6 months in IT). You are expected to work during that period and be professional about it.

      1. toadwarrior

        Re: This depends where you are

        Yes you are expected to but that doesn't mean it happens. The cost to take someone to court over their notice period in the vast majority of cases, isn't worth it. Even if they drag you back for a month obviously you'll be annoyed (justified or not) and that's an additional risk.

        I think that's also why I've seen people have a relatively easy time talking their 3 month notice down to 1.

        It's better to have a happy person on board for a month than a grump for 3.

        1. Keith Langmead

          Re: This depends where you are

          There's definitely no excuse for not locking out a member of staff when they're fired, hell in the past I've been asked to disable / remove someone's access (but not discuss it with anyone else) while said someone's been in the meeting being fired.

          When it comes to notice periods for people in sensitive positions (for instance Sys Admins where they need elevated access just to do their jobs), a common method I've seen is garden leave, where the person is paid as normal during their notice period, is excluded from actually working at the company (since they no longer have access), but is required to be available if required during that time in case they need information / help etc since they are still technically employed during that time.

          1. Anonymous Coward
            Anonymous Coward

            Re: This depends where you are

            One place I left I was getting some work finished on my last day. I tried to log into the database to log my time but it was just after 5pm so my account was locked. That's a proper procedure.

      2. Oliver Mayes

        Re: This depends where you are

        I'm in the UK and I've seen multiple sales people marched out by security as they have a habit of trying to take customer data with them to give to their new employers. We even had a great one where an outgoing guy wanted to take 'personal' documents from his desk drawer but as there were lots of sensitive documents in there too he wasn't allowed to go through it. Ended up with them carrying his entire desk (drawers attached) down three flights of stairs to reception so he could go through with a lawyer present and remove only his property.

        1. Anonymous Coward
          Anonymous Coward

          Re: This depends where you are

          Where I work, sales people are escorted out the door but receive the full pay for their notice period.

          My old boss, she had a 6 month notice period and spent it in Monaco when she left.

          1. Anonymous Coward
            Anonymous Coward

            Re: This depends where you are

            "My old boss, she had a 6 month notice period and spent it in Monaco when she left."

            That's called 'doing it right'. I approve.

      3. Wize

        Re: This depends where you are

        "USA with their "frogmarch off the premises" habits - yes. Elsewhere, not so sure."

        I have been escorted off the premises before. A few of us called in to an office where it was explained that the company had been having problems and we were the redundancies on a last in first out basis. We were allowed to pick up our stuff from our desks under supervision. PCs reporting that they had been disconnected from the network when I got to my desk.

        Though I've heard of people being 'black bagged' before. All your stuff is waiting for you in a black bin bag outside the office.

        One company always used external meeting rooms (didn't have the space in their offices) so shuttled a whole department to the meeting room in the usual company bus. Told them they were all fired. Drove them all back to be greeted in the carpark with black bags beside their cars.

        I know logins for quite a few places that would still allow remote access to systems, but I've never been (and never will) be the type to abuse it.

      4. Anonymous Coward
        Anonymous Coward

        Re: This depends where you are

        I have to disagree with this.

        Depending on what systems you have access to and what job/company you are about to do depends entirely on you working your notice.

        As a sysadmin, you should hand in your notice, collect your belongings and be politely escorted off site and into a notice period of doing the gardening :)

        As a person who has setup and outlined leavers for companies in the past, the first thing you do is disable any remote access immediately (especially web portals), before they leave the building and change any generic passwords.

        The company I work for now has a number of disgruntled sysadmins and non technical people in charge with no real procedure for leavers other than disabling their AD account.

        Whatever comes there way is their own doing.

        AC - do you have to ask?!

        1. Anonymous Coward
          Anonymous Coward

          Re: This depends where you are

          Yup. I've always left on the day that I handed in notice or the contract ended. It's standard procedure anywhere sensitive. It's also a good demonstration of why it's better to be feared than loved by your boss.

          I think I've chalked up a total of about 7 months gardening leave in total. The only place that didn't was the government, who insisted that I use my annual leave to 'pay for' my gardening leave. Tightwads.

          1. Anonymous Coward
            Anonymous Coward

            Re: This depends where you are

            Just proves the point that you shouldn't wait until the last day to do what ever you want to do. You can read that whatever way you want. That's why I usually keep all my notes on either USB keys or I'll email myself with them.

            @AC 12:12, you had a government job with annual leave? Does that mean you had a permie government job and was fired given the opportunity to experience a career transition? I didn't think that government jobs had synergy-related headcount adjustment goals.

      5. The Jase

        Re: This depends where you are

        "(I have seen a 12 month notice on a UK contract in biotech and 6 months in IT)"

        if I am worth a 6 or 12 month notice period, I'm worth being paid £100k and £200k respectively.

        Anything less and you're just the company's bitch.

    3. AndrueC Silver badge
      Joke

      This is the way to do it:

      http://dilbert.com/strips/comic/2002-04-25/

      :D

  3. Disintegrationnotallowed

    fail

    either revoke his login procedure wasnt in effect, or they are using generic passwords, or they gave him the admin domain logon, based on my experiences any of those three is likely in all the organisations i have joined, and I am a project manager (although with a tecchie background so people foolishly trust me)

  4. Eduard Coli
    FAIL

    Outsourcing and work visas really saving them money

    So much for all of that labor cost savings.

    1. Simbu
      Stop

      Re: Outsourcing and work visas really saving them money

      What has the idiot contractor's immigration status got to do with his shitting the joint up after being fired?

      1. kain preacher

        Re: Outsourcing and work visas really saving them money

        Because in the US if he is an H1-b visa worker that means automatic deportation when you leave that job.

        1. Test Man
          Stop

          Re: Outsourcing and work visas really saving them money

          Does that mean he leaves in a plane the moment he leaves the office?

          No.

          So it's got nothing to do with his immigration status, as it wouldn't have stopped him from trashing the systems as he done.

      2. Anonymous Coward
        Anonymous Coward

        Re: Outsourcing and work visas really saving them money

        You can say that, but I knew immediately before reading the story that it was likely to be a non-US national.

        And an immature one at that.

        And that's coming from me, a non-US (Euro) national, but some of us have more common-sense, i.e. we'd like to work again ;)

  5. Anonymous Coward
    Anonymous Coward

    Ibrahimshah Shahulhameed

    That is a criminally complicated looking name.

    Perhaps Toyota just got fed up with typing his name on his pay cheques.

    1. Steve Evans
      Thumb Up

      Re: Ibrahimshah Shahulhameed

      Up vote for not succumbing to political correctness and making a joke that made me chuckle.

    2. keithpeter Silver badge
      Childcatcher

      Re: Ibrahimshah Shahulhameed

      1) Try Subrahmanyan Chandrasekhar (one of my heroes)

      2) Try breaking the name into bits, each bit could be a word in the appropriate language. My full name translates as Woods Stone Brown/Small River. You can see where the Celts and Saxons were coming from...

      3) I personally have problems with 'Mindy'. Do the parents ever think what happens when the babby grows up?

      Still, whatever, if the allegations are true, this was a spectaculary stupid thing to do.

      1. Mystic Megabyte

        Re: Ibrahimshah Shahulhameed

        >>2) Try breaking the name into bits, each bit could be a word in the appropriate language. My full name >>translates as Woods Stone Brown/Small River. You can see where the Celts and Saxons were coming from...

        Or possibly........ Shitcreek Rubble

        .......WILMA!

      2. Anonymous Coward
        Anonymous Coward

        Re: I personally have problems with 'Mindy'

        Mindy is a contraction of Melinda, a perfectly reasonable name for an adult.

        1. Anonymous Coward
          Anonymous Coward

          Re: I personally have problems with 'Mindy'

          Melinda is a personally reasonable name for a "dumb"' adult or at least one with no sense of culture, history, or language origins ;)

          As it appears to be a makey-up name, like Chantelle :P

          Plus, on a not entirely unrelated note, if people are going to call their kids Chardonnay, why not Pinot Noir, Zinfandel, or being brutally honest, Buckfast? :P

      3. Vic

        Re: Ibrahimshah Shahulhameed

        > 'Mindy'. Do the parents ever think what happens when the babby grows up?

        She hangs out with Mork?

        Vic.

    3. Tom 38

      Re: Ibrahimshah Shahulhameed

      King Abraham King Who Is Praised. Not that complex. Shahulhameed is simply a Keralite rendering of Shah al-Hameed.

      1. Anonymous Coward
        Anonymous Coward

        Re: Ibrahimshah Shahulhameed

        Bizarre isn't it?

        Shah al-Hameed is a ton easier to read. ;)

        I don't know much about these things but it occurs to me that a lot of these anglicisations seem to contain a lot of extraneous 'h's. Is that an attempt to render the {utters mild throat clearing sound} that we don't use in English?

        1. Tom 38

          Re: Ibrahimshah Shahulhameed

          It's an Iranian name rendered into a Kerala dialect rendered into English - Chinese whispers for names :)

  6. Anonymous Coward
    Anonymous Coward

    Oh no..

    Your computerz appear to beink broken.

    Now the systemz is runnink like ze molasses in januaryz

    AC/DC and apologies to anyone who gets this reference.

    1. Anonymous Coward
      Anonymous Coward

      Re: Oh no..

      /b is that way >>>>>>

  7. IT Hack
    Pint

    So a developer, a contractor no less, has access to production systems?

    Pint coz whoever runs the devs & release management team does not deserve one

    1. Anonymous Coward
      Anonymous Coward

      "devops"

      1. Anonymous Coward
        Anonymous Coward

        It says he was a "contract programmer". The first rule of systems management should be that you never, EVER let your programmers anywhere near your production systems, not even the systems they may have created. If programmers must have access, perhaps to diagnose a fault, make sure it's read-only access that is strictly controlled and monitored (ideally, audited) and for as brief a period as possible.

        I can't remember which one it was - Sarbanes-Oxley? MORCS? - that finally mandated the total split between development staff and production support at the global investment bank where I once worked. Several systems were actually scrapped as the development teams couldn't change the production passwords without many months of costly remedial work, or even provide guarantees that developers would not have access to production systems and data.

        It was enlightening watching these systems crash and burn along with the arsehole developers that created them, for the most basic security flaws until finally the systems were beyond saving. Certainly, after the full review prompted by SOX/MORCS, the hundreds of systems at that bank were in a much healthier state - credit to that firm for taking their responsibilities seriously, if somewhat belatedly.

  8. Purlieu

    re: frogmarch off the premises

    You know you are leaving long before you tell the employer. This gives plenty of time to "back up" anything you feel might be "useful" to you. let them frogmarcj you out, safe in the knowledge that you already got what you wanted out of there 2 weeks ago. And yes, that password changing exercise is good advice, I would also add video it on your phone as well (without capturing the actual keystokes of course)

    1. Evil Auditor Silver badge

      Re: re: frogmarch off the premises

      "...2 weeks ago."? You know what we do after someone left? Go through some log files and other records to see what the person was doing in the past couple of months. My advice: collect whatever might be of interest whenever you come across it but not shortly before you leave.

      1. Purlieu

        Re: re: frogmarch off the premises

        I was referring to systems larger than PC servers. Also if he's half decent he can cover his tracks log-wise. Or not get logged in the first place.

        1. Evil Auditor Silver badge

          Re: re: frogmarch off the premises

          @Purlieu: I as well. If the person has access to the log files, ie log servers, he/she most definitely won't have access to the systems producing the logs. And vice versa. To stop logging is possible for certain people but might raise an alarm if expected logs are not received.

          I'm talking about a rather large environment in financial industry. By far it's not fail-safe (e.g. there are always things you didn't think of or are just too expensive to implement) but still rather difficult, even for very well versed techies, to do something wrong and go unnoticed.

      2. DJ Smiley
        Facepalm

        Re: re: frogmarch off the premises

        I prefer to notice this the moment they try it....

  9. MJI Silver badge

    Was sacked once

    Was classed as constructive dismissal.

    Was given shit jobs to try to get me to leave. But I wanted more experience. Did 2 years more than I wanted there.

    Got me finally on trumped up charges of insufficient testing (machine which didn't work had different graphics type to the developer computers and I didn't link in ONE lib). Oh and the site was used as our test site.

    For at least 10 seconds I thought who can look after the program, HR gave me leave now or go to meeting where sacking will happen.

    First stop was job centre, straight on to benefits, took a month to come through due to constructive dismissal.

    Happy ending.

    1) Been in current job a LONG time.

    2) That employer shut shop locally.

Page:

This topic is closed for new posts.

Other stories you might like