back to article BANG and the server's gone: Man gets 8 months for destroying work computers

A peeved employee took revenge on his company by repeatedly spraying Cillit Bang into its servers in a three-year campaign that caused £32,000 of damage. Edward Sobolewski was convicted of criminal damage at Oxford Crown Court on Friday and sentenced to 8 months in prison for the attacks on his employer's computers. He was …

COMMENTS

This topic is closed for new posts.

Page:

  1. JimmyPage Silver badge
    FAIL

    Physical security of server room ?

    In my last office job, as a development manager, even I had no access to our server rooms. And that was in a company of over 1,000 employees. IIRC about 8 people had access - it wasn't even the entire Tech Services team. Someone pulling a stunt like this would have been rumbled in hours.

    1. Stuart Castle Silver badge

      Re: Physical security of server room ?

      You'd think they do that. Most companies don't..

      Where I work, I manage several servers (as part of my job). I can get physical access to the servers, but only if I ask very nicely, and only if accompanied by a senior system admin.

      The trouble is, a lot of small to medium sized companies don't bother with this. They might have a few servers, for various aspects of the business, but these servers would probably be stuck in a corner (probably not even in a rack) of someone's office, and that someone would be partially responsible for their maintenance as well as another, totally unrelated, job.

      1. Christine Hedley Silver badge

        Re: Physical security of server room ?

        > "Where I work, I manage several servers (as part of my job). I can get physical access to the servers, but only if I ask very nicely, and only if accompanied by a senior system admin."

        That sounds familiar. Even though a major part of my job was providing second-line support to our ops staff, gaining access was often not easy:

        Ops: "We need your help with one of the minis."

        Me: "I'll need access to it, then."

        Ops: "You can't come in."

        Me: "Then I can't assist you."

        Ops: "But we need your help with one of the minis."

        etc.

        Don't get me wrong, they were actually a really good bunch, but sometimes things could be a bit frustrating. The flip side is that we had excellent systems availability and nobody pouring cleaning fluid into the computers.

      2. Anonymous Coward
        Anonymous Coward

        Re: Physical security of server room ?

        > "Where I work, I manage several servers (as part of my job). I can get physical access to the servers, but only if I ask very nicely, and only if accompanied by a senior system admin."

        Even asking nicely shouldn't get you access to a server room no matter what your job description or how high up you are the management change. Not on the list, no access.

        Where I've worked it's been even stricter. A couple of authorised admins were fired because one loaned the other their access card. The server room was protected by a double door and in between security visually checked what was going on. In this case, although their faces would have been familiar to security they were of opposite sex, otherwise it might have gone unnoticed.

        Also between the double door the floor had a weight sensor anything over 100Kg and a voice booms out "Only one person at a time". Smile at the camera and security open the second door for you.

        1. Anonymous Coward
          Anonymous Coward

          Re: Physical security of server room ?

          >weight sensor

          What if the BOFH is a fat bastard?

    2. This post has been deleted by its author

    3. Zaphod.Beeblebrox
      Thumb Up

      Re: Physical security of server room ?

      This.

      To put it bluntly: Security - they are doing it wrong.

      Even though I work in a company of only around 100 employees, we have secured and limited access to the server room. I think 3 people have access - our BOFH, PFY and their boss.

      1. Callam McMillan
        Devil

        Re: Physical security of server room ?

        Your company is doing it wrong also! Any self respecting BOFH would never let the boss have access to the server room... Unless of course it was to eliminate him in some unplesant manner!

        1. Zaphod.Beeblebrox
          Angel

          Re: Physical security of server room ?

          @Callam McMillan - In our case (as is often the case in companies our size), boss of BOFH is former BOFH himself - they are aware of the wiles of the BOFH and know how to counter them, and (to answer another post) would know the difference between the real server room and a fake.

          1. Tom 13

            Re: former BOFH himself

            I thought the only former BOFHs were dead ones.

      2. Stoneshop

        Re: Physical security of server room ?

        I think 3 people have access - our BOFH, PFY and their boss.

        I doubt it. It's more likely what the boss has access to is a dummy room, kitted out to look quite like the live one.

        In a company that small, a missing boss will be quickly noticed.

        1. Captain Scarlet Silver badge

          Re: Physical security of server room ?

          "BOFH, PFY and their boss"

          Blimey, thats what we have although if you can't prove what you need space for the server room (Because you won't show anyone) it will be turned into a meeting room and your prep area will then become the server closest.

        2. Chicken Marengo
          Pint

          Re: Physical security of server room ?

          >>In a company that small, a missing boss will be quickly noticed.

          Yes, productivity would soar.

          Beer, cos the boss is nowhere to be seen

    4. JimmyPage Silver badge
      Stop

      Re: Physical security of server room ?

      Now for the flipside ;)

      The physical security was mandated by a security audit (before I started). So far so good. However, there were boxes in the server room that developers *did* need access to. So we installed a KVM over IP solution, and developers could access the boxes over the network. Now this was user and password protected, but as a couple of guys pointed out, when you had to have physical access, there was at least the chance an imposter/hacker would be seen (bearing in mind they still had to get past the 3 card locks to get to the floor with the server room). Doing things over the network was *less* secure.

    5. BillG
      Thumb Up

      Re: Physical security of server room ?

      A few years ago I worked with a small company of 35 employees that had a server room the size of a common bathroom. The room was double-locked, had dedicated cameras pointed towards both side of the door, and only the CEO and the VP of Ops had keys.

      That's the way to do it.

      1. Anonymous Coward
        Anonymous Coward

        Re: Physical security of server room ?

        Pussy. Come join the big boys.

    6. El Presidente
      Devil

      Re: Physical security of server room ?

      Many years ago I did some temp work for a company. Their server rack was at the bottom of some stairs in an open top, open backed, cobbled together glass server cabinet. I often wondered how easy it would be to tip a mop bucket full of manky water into it. From the third floor.

    7. margamoniac
      Paris Hilton

      Re: Physical security of server room ?

      Yep, SME company I am working for- we lost our servers in Birmingham for a day because someone (IT helpdesk personnel) had literally switched them off, confusing power switches.

    8. Anonymous Coward
      Anonymous Coward

      Re: Physical security of server room ?

      "Someone pulling a stunt like this would have been rumbled in hours."

      $32K, over three years. Doesn't say how many servers were affected. $32K could be $31K in lost business / cost in man-hours to bring systems back online, and only $1K in physical hardware... maybe two cheap servers. Maybe $16K in costs and $16K in hardware, which could mean just three servers were destroyed.

      You're not going to suspect the first one. Server died, you get it swapped out, you don't even question why it died. The second, a year later, you *might* say "hmm, that's the second server in two years, I wonder if there's a manufacturing defect?"

      Third one in three years makes you curious so you check the video. Of course, you don't have the videos from a year ago much less two. But yes, you immediately spot someone who shouldn't be there.

      So, yeah, it's possible that you find it quickly, but only if you've got a reason to suspect that it wasn't just random hardware failure. Which depends entirely on how many servers were going down and how often.

    9. 123465789
      Facepalm

      Re: Physical security of server room ?

      Then again - a couple of years ago I was working as a subcontractor for a decent-sized company. They had some 20 racks in their server room, and installing 10 more obviously required physical access. So I went to security. Hmm. Server room... do you know someone who has access? We'll just copy ALL accesses of that person to your card ...

      1. Anonymous Coward
        Anonymous Coward

        Re: Physical security of server room ?

        I was systadmining a test network with shared physical, if not logical infrastructure, to the main network (mains power, structured cabling but my own servers and switchgear).

        I asked for access to the comms room on my floors - no problem.

        Quickly worked out I had access to every comms room in the building, and to the generator rooms, and the main feeds into the building, etc.

        Being a conscientous sort of contractor however, I asked them to set up a new profile for me. But mainly so that if something 'terroristy' happened, I could reasonably deny any responsibility and have the access (or lack thereof) to prove it.

        Pretty shoddy stuff. Caused an audit shortly afterwards and a ground up rebuild of access profiles. Probably about time given that 'temp' contractors got the same, access all areas, no questions asked profile too, which I thought was bonkers.

        Like I say, Anon....because it was a national government facility. :-$

    10. Robert Heffernan
      WTF?

      Re: Physical security of server room ?

      I just started as one of three developers for a local company. The server room is a locked room that can be opened just by giving the door a good shove.

  2. Frankee Llonnygog

    Wrong brand of cleanser

    For server storage, use Flash

    I'll get my apron

    1. nevstah
      Facepalm

      Re: Wrong brand of cleanser

      or mix the 2 and get a flashbang!

      maybe..

      sorry, couldnt resist that one

  3. Mondo the Magnificent
    Thumb Down

    Acidic revenge...

    Wow, gives new meaning to scrubbing the disks..

    Very malicious indeed and his sentence was quite light taking the damage he done over the period.

    If he was "than unhappy" why didn't he just look for another job? FFS!

    1. Annihilator
      WTF?

      Re: Acidic revenge...

      ^^ that. I can understand him being p1ssed off at missing out on a bonus, and at a stretch imagine him doing it once. But to hold a grudge for three years and keep up that level of malice?? That's bordering on, erm, "difficulties in the gray matter"!

  4. TechnicianJack
    Mushroom

    BANG! And the work is gone.

  5. Mikey
    Happy

    It might not be good for the operational aspect of the server, but I bet all the copper traces were as shiny as a newly-cleaned penny...

    BANG! And the data is GONE!

    1. Silverburn

      If data wipe was his aim, he's start with the tapes, then the tape drive, then the NAS/SAN, before moving onto the servers last.

      However, it does look a bit like he was bored/attention-seeking, and not after serious damage.

      1. Anonymous Coward
        Anonymous Coward

        I can think of lots of interesting ways to damage servers, but then, I'm not a depressed accountant who has been passed over for promotion. Maybe there's an inverse relationship between ability and malicious motivation?

    2. This Side Up
      Headmaster

      "BANG! And the data is GONE!"

      "BANG! And the data ARE gone!

      1. Anonymous Coward
        Anonymous Coward

        Nah

        Although I'm usually a stickler for the correct use of English, I can't advocate being pedantic about that one.

        Data is equally acceptable as an indeterminate quantity as well as discrete items; it is good to have this flexibility in its application.

      2. Coldwind104

        Agree with the Anon.

        People who insist that the word 'data' be treated as a plural are confusing the English word 'data' with the Latin word it descended from.

        The English word 'data' is, as the AC said, indeterminate in number, so either "the data is" or "the data are" would be correct.

      3. Anonymous Coward
        Anonymous Coward

        "BANG! And the rice ARE gone!

        "BANG! And the bread ARE gone!

        "BANG! And the water ARE gone!

        Hmmmm?

        1. Anonymous Coward 15
          Coat

          BANG! And all your base ARE gone!

      4. Loyal Commenter Silver badge
        Headmaster

        "BANG! And the data is GONE!"

        "BANG! And the data ARE gone!

        BANG! and the word data is either a plural or mass noun depending on context, so neither is wrong.

  6. Anonymous Coward
    Anonymous Coward

    If he really wanted to cause damage...

    Then he should have just become a developer. There's much more scope to cause damage (and in much more creative ways!).

    Anon as my current employer might be alarmed by this line of thought...

    1. Crisp

      Re: If he really wanted to cause damage...

      Which is why you don't allow a programmer anywhere within flame thrower distance of a live server.

      1. Anonymous Coward
        Anonymous Coward

        Re: If he really wanted to cause damage...

        As a developer, we are allowed there all the time and it's scary to think of the damage which could be done. Most production systems I've ever seen have huge gapping holes everywhere ....

      2. Stoneshop
        FAIL

        Re: If he really wanted to cause damage...

        @Crisp

        A programmer torching a server is just one of the many problems you need to guard against. The far bigger and more insiduous sabotage options involve networks, and the programmer's actual output.

  7. LinkOfHyrule
    Coffee/keyboard

    It is not funny what this bloke did but it was very funny reading about it! Very odd, I would have used Tesco Value bog cleaner myself as its cheaper.

    1. TeeCee Gold badge
      Mushroom

      By using Cillit you avoid the possibility that the servers end up looking suspiciously clean, giving the game away.

      That'll be how he got away with it for 3 years, by using the only marketed cleaning product that's incapable of removing dirt from a smooth surface. FFS, you can impair the cleaning properties of a damp rag by spraying it with Cillit.

      1. Test Man
        WTF?

        You're talking about Flash there. Cillit ALWAYS gets things clean. Flash don't.

  8. Khaptain Silver badge
    Coat

    Where I work -

    We have a testicle weighing machine, which means that you would have to know the weight of my testicles on a given day.

    If you place your jewels on the scale and they are the wrong weight, a heavy hammer will inflict a reminder that you do not have access to the server room.

    Never had any incidents or breakins - go figure.

    1. BorkedAgain
      Paris Hilton

      Re: Where I work -

      How does this fit with equal opportunities regulations?

      1. M Gale

        Re: Where I work -

        I guess the machine also weighs chesticles?

        1. Khaptain Silver badge

          Re: Where I work -

          We also have a large pair of "damp electrical clamps" hanging from the ceiling for those that don't have testicles ( I believe that all genders have nipples). Works on the much the same principal as a taser, but with 240 volts and 13 amps, I have never seen anyone try twice.

          As Obi once said "I think the power of dissuasion is strong here Luke".

  9. Paul Johnston
    Joke

    Could be a fit up!

    I think it was actually Barry Scott who did it!

    1. This post has been deleted by its author

  10. Anonymous Coward
    Coat

    "Well, it didn't say..."

    Mike: Maybe you shouldn't have poured all of that washing-up liquid into it.

    Vyvyan: It says here "ensure machine is clean and free from dust"

    Mike: Yeah, but it don't say "ensure machine is full of washing-up liquid"

    Vyvyan: Yeah, but it doesn't say "ensure machine isn't full of washing-up liquid"

    The one with "Very Metal" on the back

Page:

This topic is closed for new posts.

Other stories you might like