Disgruntled admin gets 63 months for massive data deletion
An IT manager who sought revenge for an unfavorable job evaluation was sentenced to more than five years in federal prison after being convicted of intentionally triggering a massive data collapse on his former employer's computer network. Jon Paul Oson, 38, of Chula Vista, California, was sentenced to 63 months behind bars and …
This topic is closed for new posts.
@ prosecute the new sysadmin
Firstly, as has been already mentioned if you want a backdoor there are much more subtle ways than creating a separate account called mysupersweetsecretadmin and making it a globally administrative account.
Secondly, depending on how much of his notice he ended up working (and where I come from when you sack / make redundant / accept the resignation of a [senior] sysadmin you have security immediately escort him to pick up his goods and leave the building) it is likely that IT was temporarily being done by Sonia from accounts whose IT experience consists of changing the backup tapes and resetting passwords when the sysadmin is on holiday.
What a shame !
Poor configuration brings bad habits.
If all the windows and doors were closed and fortified by Privileges then i do think, this guy of ours wouldn't have made it through. All the same is oson had had a good IT guy to sweep the change and make admendments then that wouldn't have been the case. This is a lesson to learn. We all fall prey to this kind of thing..... Most administrators would not change a single password of a retired employee, niether have they configured their AD to expire them too.
I can understand him finding/setting up a back door...
But by the dates on the story, it was 6 months between firing and taking action.
1) He had to be SERIOUSLY angry to delay revenge that long. That or deranged. I go for the latter.
2) The real crime is that in 6 months, they MUST have employed a new Sysadmin who should have checked the system for anything untoward left by the previous guy. OK he may have missed something, but then to have no security log and no back up log (or not checking either/both logs) is verging on criminal. Where did they recruit them from, the local internet cafe?
Maybe Paris found herself a 'real' job?
Criminal Stupidity
As much as what this guy did is wrong, how stupid is a company that doesn't change all the administration passwords when their sysadmin leaves?? The company deserves a solid slap across the face for their own irresponsiblity...
Where do I send my resume?
Apparently I, even with only a small amount of experience, can actually do a helluva better job than that new sysadmin!
this is just the precedent setting case
a good, clean cut case where everyone will attack the perpetrator-OMG he deleted POOR PEOPLE's data! Burn him! Kill him! give him "the needle" if someone dies!
But whenever someone actually specifically kills someone, then there's "no death penalty!" but I digress..
Now, there is a precedent for jail time and "restitution". No one questions the "Righteousness" of this case. But the next case, where someone deliberately deletes WOW game accounts, or worthless company data...the legal precedent has been set and the "criminal" gets punished. Notice the case doesn't use any sort of set "value" for amount and type of data, other than mention to get the case prosecuted.
So if your girlfriend's "rebellious" tween deletes your files, are they now a criminal? How big a company do you have to be to get criminal charges filed about "your" data?
next up, a criminal case for accidental or neglegent activities that delete data. Just like grades of Murder or Manslaughter, but for someone getting rid of ones and zeros. But only for "politically correct" deleted data. Data belonging to Big Oil companies will for some reason, not be considered "criminal", where if anyone touches Howard Dean's screaming pr0n collection, the gas chamber will be called into account.
The one thing about the "slippery slope" argument when applied to civil and legal proceedings, where the "slope" suppresses the rights and lives and freedoms of "the people" (as opposed to monied and famous elites) is that the worst case paranoid "slipperiness" almost always happens. Take copyright law for example, or "hate speech" laws, government entitled "energy programs" (ethanol) or the worst case scenarios the 2nd Amendment crowd has warned people about. The inch was given, the assurances flowed, but the mile was taken instead.
The dickhead deserved it.
Usually I would say the sentence was harsh, but given they were medical records of vulnerable patients he deserved it if the facts are as stated, and he actually was guilty.
not the brightest fellow
I'd say his actions sort of prove "interpersonal difficulties" was a right proper assessment, wouldn't you?
As for the FBI being smarter than this guy... a team of smart folks vs a single smart person and the team will probably win.
why would new guy have found unauth'd admin?
Assuming separation of duties (federal regulations and all that), the "technical services manager" shouldn't have that sort of system access.
Even if he was able to get the proper department to pull him a list of admin accounts, what if the offending account was a local account on a barely used server? It wouldn't show up on the report.
If you are trying to sneak in, putting a new admin account in the domain might set off alarms if monitoring is being done. Use an out of the way, but still accessible system instead. If you used to be the network engineer, you probably know the locations of networks that nobody else remembers.
Does the company *you* work for run full penetration testing / internal system audits every time someone leaves or is fired?
Suppose they had scheduled automated audit scans that kicked off once a week. He'd probably know that schedule, too which may explain why he waited 6 days.
We've got technical details, but nothing about the intent or the intelligence behind it.
Everything is speculation.
Eh @ the new admin is the devil
You're assuming there WAS a new admin. It's certainly appears that he left pretty aburptly, and did the damage only a short time after. They might not have hired anyone as a replacement and were skating along on skeleton staff. It happens.
Not surprised
They failed to change the network admin password after they fired him. Bad security practices.
Had the guy instead used a program on the server to remove shared printers, shred the system logs on startup, and reset the machine, he likely would have gotten away with it. Or had he used a clean system for the attack. It's practically impossible to get away with this sort of thing, though. There's always traces of some sort. The fact that all his home machines had been wiped was major evidence in itself.
Vista
I guess he was just really fed up with living in Chula Vista, California and having to put up with millions of people slating Vista on a daily basis (unless you are a Microsoft Gold Partner in which case you love Vista).
This topic is closed for new posts.
