Obvious flaw is obvious
So, you give a contractor the keys to the kingdom. Every fscking key to every fscking one of your 4000 servers. What could possibly go wrong?
Funny how organizations which give proper jobs with proper salaries to their admins don't usually have this kind of problems...
Anyway, as stated by other(s), the endangered data are probably worth less than their weight in bog paper (given the actual weight of data, that's not much).
Also, doing it from the company-issued laptop from a company-issued IP is stupid. And instead of doing the work in the script, he should probably have added a single line calling a Perl or C routine named "correction_for_annual_inflation" -or, why not "temp_backup_in_case_something_goes_bad"- or something. Much easier to obfuscate than a UNIX script.e company's laptop indicates he was in a hurry and probably didn't premeditate it. I believe that any semi-skilled UNIX BOFH is able to come up with a script like that, able to propagate to all the servers under his juridiction (if not, fire them). Given his access level, doing that kind of stuff (with legitimate scripts) was probably part of his duties, so he probably had all the parts at hand, he just had to assemble them and add a "des-troy all hu-man" payload (not terribly hard to do!). You don't give a super-ultraviolet clearance like that to an adnim if he isn't able/allowed to roll out company-wide emergency patches. The thing is, when you do so, do it with regular employees, not contractors. Pay them decently, and if you wish to fire them, arrange the suppression of their privileges *before* telling them. Ideally, the admin should come see management saying "We have a problem, my account have been compromised I can't log in", to which the correct answer is: "Well, maybe it's 'cause you've just been fired, biatch!".
Of course, the typical BOFH will have arranged something, like planting the malicious script on his second day in, having it "validated" by management. As easy as saying:"Well, there is this script, you know, it was added in 1987* and it doesn't seem to do anything useful, should I remove it?" To which the typical boss will *always* answer "No way, it could be something important, don't touch it" -especially if it's your second day in. AT THIS POINT, KEEP A PROOF. But not too obvious. Asking by e-mail from an independant account like yahoo mail is a good strategy Then you have to fire a neutralizing prog (which needs a passphrase) each month to keep the malicious script dormant (bothersome I know, but job security has a price), and when you're fired, well, no-one knows that the neutralizing script needs to be run (and no-one has the passphrase anyway), so hell's unleashed.
Draft malicious/neutralizing coupled scripts available. Send two stamps and don't tell my boss ;-)
* If you have complete access on everything, you probably know how to make it look like it's been written in 1987 and has been untouched since. If not, your boss hired the wrong person.