Lock out their accounts first...
...then fire the twat.
A former employee of Citibank has been sentenced to 21 months in prison for crippling the bank's internal network. Lennon Ray Brown was given the nearly two-year jail term – along with a $77,000 fine – by a Northern Texas District Court this week after he pleaded guilty to one count of intentional damage to a computer. Brown …
But if he hadn't bragged about it then his superiors would just assume that he'd messed up again - typical incompetent IT staff.
Whereas he wanted to show the world that while his performance might be poor he was still an important person because he could do some damage. But not too much damage, because he only wanted to give them a warning.
He wanted his masters to know that he was somebody... that he could have been a contender!
All the ethical and education issues of this individual aside,this sure seems to make the case for SDN. The idea that a single rogue administrator could wipe out 1/2 of the networking and then cause a significant amount of disruption seems like a big problem. Even though SDN is frequently sold as a cheap way to build a network on commodity gear, the real benefits are in more control of networking configurations and more automation of provisioning. Once SDN take hold, the old days of having a config file deleted from a switch and causing a major disruption will be long gone. All vendors are moving to a SDN strategy, from the smallest to the largest, because it is what the industry needs.
Not sure about that one. SDN is great for desired state config and the ability to use crappy white box switches instead of Cisco gear, but those configs live somewhere and are managed by someone. It wouldn't take much for someone with enough access to turn all of that SDN gear into a bunch of dumb, unconfigured network ports. In theory they could just melt the whole network into a pile of goo by blanking out the software configs. Granted, it's easier to get back online if you're smart and archive your configs, but network admins generally don't like sharing control of things.
On today's episode of "What to do" we will answer a question sent in by Lemmon:
Lemmon: "I'm unhappy in my job and my boss just reprimanded me. Should I burn the place down?"
Answer: "There is no need for theatrics. Anything you could possibly think to do will only cause everyone to see you in a bad light. Instead, just find another job. Preferably one that your skills are matched to. Causing intentional harm, even to computer equipment, is considered bad form and no one will sympathize with you; especially not pointy haired bosses who will make it their life mission to see you hang."
That's it for today's episode. Tune in tomorrow when we explore the downsides of time card fraud.
A BOFH wouldn't have got worked up in the first place - they'd just be slacking in the server room and blinding any manager who tried to call them on it with a barrage of technobabble and excuses the manager wasn't qualified to refute.
To do something like this person did, you actually have to care about your job.
-He overreacted to a bad review. Seriously, let them fire you then collect unemployment if you are in the right. At least cool off and then think about what you're about to do before wreaking havoc.
-He'll never find another IT job worth having.
-He bragged about it. And using poor grammar. And got caught. Unforgivable.
-What did his actions do except inconvenience a lot of people that did nothing to him? If nothing else, it now will look like his supervisor was right on the money with his review, whether or not it's true.
-What "team" did he "take one" for? All that's likely to happen from this is ridiculous security measures and scrutiny that will make it harder for his successors to do their jobs, similar to the idiocy of not being able to take nail clippers on a plane right after 9/11.
A disgrace to our profession. Perhaps he'd be better off finding a nice job in lawn care.
"Seriously, let them fire you then collect unemployment if you are in the right."
Indeed. I think it was on my third or fourth big-company job that I realized, if I wanted to, I could just stop working altogether and it would take at least a few months to get through the procedures required to get rid of me. And this is in 'Murica, working for at-will employers. The first bad review is just the first step. When you get one of those, the grown-up thing to do is to use the time you have left to find other work, since you've been targeted for termination already. The immature spoiled kid thing, obviously, is to circumvent that whole process by clumsily sabotaging your workplace.
"He'll never find another IT job worth having."
That I'm not so sure about. IT has a bit of a French Foreign Legion mystique, in that you can just run away to a new location and get a job pretty easily after screwing up badly. I've personally witnessed this -- a company I worked for hired some "rockstar" systems architect who I thought was clueless. I did a little digging and it turned out he presided over a multi-million dollar failed project somewhere else as the chief architect. Now, he's going to have a criminal record so that's going to be a problem. But if he didn't, and just got fired because he was incompetent, all he would have to do is clean up his resume and walk into the nearest technical recruiter for immediate placement. If I were king of the IT profession, that's one thing I'd want immediately -- personal responsibility for bad work and liability malpractice-style.
"I think it was on my third or fourth big-company job that I realized, if I wanted to, I could just stop working altogether and it would take at least a few months to get through the procedures required to get rid of me."
I once worked with a guy who actively, and openly, used to do exactly that. He told me that it took on average about a year for an employer to get rid of him. He used to come in the office for about 11, take a couple of hours lunch, then leave at about 4.
He was obviously mentally ill though, the poor guy. The company never actually had to fire him as he stopped coming in after a couple of months because he reckoned another co-worker was out to kill him.
I could tell you some even more bizarre tales but it wouldn't be fair as he'd be identifiable with just a bit of Googling if I were to do that.
Now, now - gardeners have feelings too!
I reckon that twit will get the engine to drop a cam (assuming 4 stroke) or forget to add oil (2 stroke).
On another note - use SNMP to reboot the routers and wipe the config in order to circumvent TACACS+/Radius.
AC for obvious reasons.
Disclaimer - the garden behind my house either looks like a jungle or like the Goby desert ...
People who commit real (physical) crimes get probation or a slap on the wrist. This guy slowed down a network (didn't even manage to take it offline) and gets 2 years in prison. Priorities, anyone? I've had janitors accidentally cause a bigger outage than this!
He could have shot someone and would have received 6 months in the county lockup.
If he started out as a contractor (a form of job vetting) and then became full time, how did Citiwank not pick up on the fact he was slightly off the reservation?
Looks to me like a classic case of budget constrained decisions having bad repercussions.
Not to mention that his tactic was about as subtly clever as his grammar. A very low level, weak attempt at causing some damage inside a bank network. There's a reason this was not titled "Bank DBA goes postal and erases all data and backup data, then clobbers the terminals at every branch before causing all coffee machines to blow searing hot java all over the execs!"
Simply put, to be a DBA you usually need some specialized skills, the kind of skills smart people have and use to get good jobs, not shitty jobs at some crap bank where you're at best a low-level network guy. No offense to all networking folks, of course, but yes, this is a small-time lashing out of a small thinker. There's no "I'll show them by getting a better job and being successful and happy without them!" It's all self-destruction and self-pity. They probably had the network back to rights in about 8 minutes when the network guys (that don't suck at their jobs) got back from lunch. Still, one less shitty admin pretending to be a quality IT guy to deal with, so there's that.
Given what was possible, it seems unlikely he intended not to damage anything. Then too, Citi, you got remember it was Citi. They were the ones caught pushing "subprimes" and wound up losing three-quarters (or more) of the value of the stock back in the 'oughties. Performance? He might have a point about upper management.
Obvious troll is obvious.
Everyone knows network people are better paid and more respected while DBAs are rounded up in the job center with a large net.
The hierarchy goes like this:
Firewalls & Loadbalancers
Routers & Switches
"...Obvious troll is obvious.
Everyone knows network people are better paid and more respected while DBAs are rounded up in the job center with a large net.
The hierarchy goes like this:
Firewalls & Loadbalancers
Routers & Switches..."
Maybe in support terms. Dunno - have been out of it for many years.
Alternatively it goes along the lines of:
Architects (take your pick - solution, lead, techincal etc)
Site support engineers
Working in the UK for a US firm and I can see why he lost his shit. While it's inexcusable to do what he did (yes, the grammar part) American managers seem to have an uncanny ability to completely ignore any suggestions from the 'peasant classes' while simultaneously making sweeping changes to systems and processes that worked perfectly well before and are now, and shall be for evermore, fucked. He probably got chewed out for refusing to work an extra 2 hours each day...If you dont sacrifice your first born for the good of the company you are just not trying hard enough.
Guy was also a bit of a noob for bragging about it, he probably would never have been caught otherwise. I have worked in places where a fee key presses would basically have ended the entire company. Obviously, we don't actually think about doing this...you know, because ethics.
There is a strange cult of the Manager in the USA and in American firms, at least in my experience. A Manager is some sort of special being, unquestioned no matter what his or her level of competence. Their main activity, as far as I can see, is to hire sub-managers and deputy managers so that they are managers of managers, and therefore doubly sacred. The opinion of the actual person doing the job weighs nothing. It's very curious. As I come in as a contractor or consultant, I tend to get paid more attention (especially as a consultant), but managers really do end up drinking their own kool-aid and believing themselves special.
I once encountered a newly hired manager of another team, a b@st@rd ... This guy really managed to get me very upset, I reported the incident ... needless to say, I was not the only one ... he eventually "left" ... before leaving, he sabotaged one of my Windows servers by removing me from local admin group.... apparently, I had been the first to complain about him... IT solved the issue in 2 minutes, so no big deal, but really, why would you do something that silly ?
"....I once encountered a newly hired manager of another team, a b@st@rd ... This guy really managed to get me very upset, I reported the incident ... needless to say, I was not the only one ... he eventually "left" ... before leaving, he sabotaged one of my Windows servers by removing me from local admin group.... apparently, I had been the first to complain about him... IT solved the issue in 2 minutes, so no big deal, but really, why would you do something that silly ?..."
You just reminded me of a time, back in the late 90's when I was fairly new to support. We had a guy who usually did hardware repair (my own background) building some servers for us from a script.
I'd moved over from being the team lead in the hardware workshops and had repeatedly had to have words with this chap because of what was basically laziness.
Anyway, he wanted to get into the projects side of things and despite various warnings he was being given bits of internal setup and support work to do.
Anyway it turned out that on each of the servers he was building for us (these few were standalone, not domain joined) he created accounts for all the necessary people except me.
It was a pain for all of a few minutes to log in as the local admin and add myself but really, all he achieved was another dressing down from his line manager for his obvious stupidity.
I'm assuming this lovely specimen worked as a NOC guy or similar -- why didn't he pull a Terry Childs and hold the network configs hostage until he got whatever satisfaction he wanted? A real BOFH would have wiped out all the network documentation, _and_ the primary and backup config files on all the equipment before casually heading off to lunch.
The thing I worry about is stories like this getting around to the executive classes and prompting more of them to consider replacing the "scary unstable neckbeards" with polite-but-incompetent offshore Tata or Infosys employees. People like this guy make the entire IT profession, including those of us who actually do a professional job, look bad in front of the decision makers. I've worked with a few people like Lennon Ray Brown (in terms of their personality, not their actions thankfully.) Let's just say some of these folks might have come back with a weapon of some sort if their boss gave them a bad review, not just wiped some router configs. IT does attract some intriguing personalities.
I've often opined that it's time for the IT and software development professions to grow up and actually establish a standard of professional work. Doctors and professional engineers do this, and the reward is a much more stable work life. Why are we still married to the romantic notion of the cowboy admin or coder doing things with no regard to how they could affect others?
If you're going to do it, do it right.
First, kill the backups. You don't even have to delete them. Just cause them to silently fail and give it a week. Any organization that lives by the data it collects daily is going to have an incredible time recovering if their primary data is scrambled and the backups are over a week old. Also, if you have the access, make sure the log files are set to delete themselves and roll over every 12 hours. If you are good then you'll figure out how to make sure those fail over drives/servers don't actually fail over correctly...
Second, remove the important bits from the documentation. Again, you don't have to delete it all. Just some of the parts that actually matter as this will cause an untold amount of running around while people figure out what's wrong. Most people don't refer to any documentation until they have to; which means you should have time before someone realizes the docs are bad.
The third part is to just wait until things crash on their own. It might take awhile but they will. Patience is key. If you happen to work in networking and want to hurry things along then all you have to do is "incorrectly" configure a router allowing certain external traffic to route to an insecure server and let the internet do the rest... Heck, how often do network admins check on router configs if everything seems to be humming along?
Of course, the problem is that people want to be the ones that push the "delete" button that causes everything to failscade. Then they want to watch it burn and finally they want to talk about it. Each of those things are exactly why people are caught.
"People like this guy make the entire IT profession, including those of us who actually do a professional job, look bad in front of the decision makers."
Perhaps he was sick of being passed over a pay rise in favour of fawning, grasping, "Look at me, Look at me!" inadequates
Unless he configured new links/routes, then the routers and switches in the network should have been run in pairs and the links should have been somewhat redundant in their design.
It appears that someone on the network team was doing a REALLY poor job if the loss of a link causes congestion. Don't get me wrong, this guy should be shot, but... I would be seriously embarrassed to publicly pronounce that the lost of a single link would cause my network to become "unusable" due to congestion in the banking industry. I know he shut down 9 routers... but unless there was a total rats nest in the infrastructure, the congestion would reoccur if a single link went down.
Sue the guy for intentionally threatening the stability of the network, don't air your dirty underwear like this.
The company I work for would just give the IDs and Passwords for both account as a time saving measure.
One manager at the company I used to work for demanded all administrative passwords I held on any machines. Even the ones belonging to an entirely different group...
 Yes, the other group should have changed those passwords when I stopped working for them. But they didn't, however often I reminded them that they should.
This sort of thing scare me - by realizing that I literally hold the future of the entire company in the palm of my hand.
Wiping out/corrupting backups, then wiping the server and skedaddling off is a sure way of crippling the company seriously...
...but because of ethics I won't. But it still scare me, and I have to fight the darkness within me every day.
Having been in a situation with 90% crap managers and HR dept (Dell), my outlet was to find another job and write honest reviews of the employer. No matter how much I was abused, I would not lower myself to abuse my position, "my work" represents "me", not those that abuse me. He deserves punishment for being a dick to his team and poor work ethics.
What you do is offer to sell that person high-priced securities built on AAA-rated but yet worthless collateralized debt obligations, then when they buy them you short those same securities yourself and wait for them to implode. Based on the experience of the last 10 years, it seems clear there's no way for someone to get in trouble for that.
I had gotten laid off from my job, partially from my own growing dissatisfaction, partially from politics and the director's nepotism. I was administrator of a call center and a hundred or so POS systems (in both senses of the acronym) Most of our systems ran on Red Hat Linux, which is inherently secure, but the company that sold our software and solutions had these set so that a number of logins could be used with no password to accomplish certain things. Like "backup", "net on", etc. What I had discovered previously was that I could use one of these little gems that didn't sanitize its input to add command line switches to one of these logins, which essentially accomplished their tasks as root on the box. I couldn't wipe a file system this way, but a bug in the way one of the switches was handled would cause the system's boot configuration to be wiped, rendering the machine unusable at the next reboot, and requiring an on-premises visit by someone who really knew Linux to fix it. I had also discovered that doing this left no meaningful trace in the logs on what had occurred.
I had thoughts of driving perhaps 100 or more miles away, using a laptop on a payphone or other anonymous line to connect to the support modems, do my deed, and watch the havoc slowly play out over the course of months, as these servers were not rebooted often, being Linux.
While I doubted that I would ever have been caught, especially with the level of competence remaining, and thoughts of punishment if I was caught did enter into my decision, in the end I just didn't want to be "that guy." It was personal ethics and realizing that while it would have certainly hurt the company and made for a lot of stress for management, really it would have caused a lot of bad days and misery for the lower-level unappreciated people that would have had to endure the chaos of trying to operate manually until things were fixed. People that liked me and greeted me by name with a smile, knowing I was there to help them. (in the past) And people that I liked and cared about as well.
Still, while I never did any harm, it was somehow comforting to know I held that remaining power as I went through the odious process of having to look for another job at a bad time in my life. Maybe similar to those that have guns in their homes that will probably never be used, but having them there gives some sense of security.
Biting the hand that feeds IT © 1998–2020