back to article Rogue IT admin goes off the rails, shuts down Canadian train switches

A former IT administrator at the Canadian Pacific Railway has been jailed for 366 days for sabotaging the organization's computer network. Christopher Victor Grupe, 46, had a rocky relationship with his employers: in December 2015, he was suspended for 12 days for insubordination and just not making the grade as a sysadmin. …

  1. Boohoo4u

    Normally you disabled a person’s accounts first before telling them they’re fired...

    Sounds like several people (in IT & HR) need to be told they can no longer play with the choo choo’s.

    1. Mark 85 Silver badge

      Upvote as it seems the company didn't do their due diligence. I'm surprised that the judge or even the forensics folks didn't rip the CIO a new one or maybe they did but no one's talking.

      1. dave 81

        > . I'm surprised that the judge or even the forensics folks didn't rip the CIO a new one

        I'm not. When I worked IT admin, management (not just from one company) would frequently "let someone go" with out informing us. For the most part we were lucky in that the only damage done was a deleted mailbox (recoverable) and a mouse lead being severed (£3 to replace). And sure, after I would then have a chat, the next few dismissals we were informed just before the meeting, but inevitably it slipped again after a few months, or new managers. Rinse and repeat.

        1. Lysenko

          management (not just from one company) would frequently "let someone go" with out informing us.

          The problem is org charts. HR have a visceral resistance to the reality that on a day to day basis a SysAdmin is a far more powerful (and therefore potentially dangerous) individual than a CEO and consequently needs to be handled with greater care.

          The same thing happens in DCs. People get awestruck by CTOs and (to a lesser extent) networking guys and forget that regular electricians and aircon plumbers underpin everything[1].

          [1] Based on a "logic bomb" left by a disgruntled sparky. A few breakers were "accidentally" miswired so that when a scheduled power down happened three months later the wrong aisles got powered off which also unbalanced the 3-Phase with assorted domino effects. The miscreant was long gone back to somewhere in Eastern Europe by then.

        2. Alan Brown Silver badge

          "after I would then have a chat"

          This is _why_ you need documented procedures for these kinds of things.

          It doesn't just mean that corporate memory is preserved across staffing changes, it means your ass (and others) are preserved in the event that someone doesn't bother following them.

          1. Chris King Silver badge

            "This is _why_ you need documented procedures for these kinds of things".

            I've ended up writing such procedures on the way out in previous jobs - which is not ideal. Thankfully, these were positions where my departure was on amicable terms - but this isn't the sort of thing you want to do when the person is annoyed and would like to see their (now ex-)employer go up in flames like a Bond baddie's secret volcano hide-out.

      2. Cuddles Silver badge

        "I'm surprised that the judge or even the forensics folks didn't rip the CIO a new one"

        Why would they? Failing to run a business according to best practice is not generally a criminal offence. If you leave your door unlocked and someone robs your house, it's not the judge's business to tell you you're an idiot, he's only there to sentence the burglar.

      3. Just Enough

        Judges are usually not big on victim blaming. Or at least, when they do it's them that gets a new one ripped.

    2. Simon Harris Silver badge

      Keeping his accounts active while he's being fired - that might be considered a single slip.

      But letting them stay active afterwards for at least 2 days - that has to be a double slip.

      1. Anonymous Coward
        Anonymous Coward

        Single slip, double slip

        @Simon Harris: both good points (in British English).

    3. Anonymous Coward
      Anonymous Coward

      Bollocks. An IT professional should be exactly that. People who pull this kind of shit should be barred from the profession for life and receive much tougher penalties.

      1. Doctor Syntax Silver badge

        "Bollocks"

        Which post were you referring to? Without quoting what you think is bollocks your post becomes self-describing.

        1. Anonymous Coward
          Anonymous Coward

          @Doctor Syntax and "Which post were you referring to"

          He was replying to the first post, you can tell by the little arrow and match it up with how long since post, admittedly not obvious but forgivable if he has never posted on thereg before and was unaware of the interface.

      2. Anonymous Coward
        Anonymous Coward

        Although I live in the UK I've worked for US and CDN companies for decades.

        I find it bizarre that over here you can be fired with several weeks notice, and can be expected to continue doing your job and set your house in order for a smooth transition - while in North America, even if you've done nothing wrong, you are called into a meeting, have your accounts locked, laptop removed and are escorted from the building, leaving colleagues to cope with the fallout.

        The latter approach just seems to make for very angry and aggrieved ex-employees, and places a burden on remaining staff who have to pick up the pieces.

        1. Ol' Grumpy

          "I find it bizarre that over here you can be fired with several weeks notice, and can be expected to continue doing your job and set your house in order for a smooth transition"

          Not that I'm massively experienced but I've never seen anyone fired for misconduct and been allowed to continue working. I've seen people made redundant and work their notice period as you describe above.

          1. teknopaul Bronze badge

            I have seen people work out their gardening leave.

            I've also seen people walked to the door and it leaves the whole office in a state of shock and everyone, except hr, goes home early that day.

            1. Anonymous Coward
              Anonymous Coward

              Re: I have seen people work out their gardening leave.

              I have seen people try to pass through the turn styles only to find their passes have been disable. They're handed a letter and told to go home and await the meeting to be scheduled. IT access has also been similarly revoked.

              Gardening leave was enforced and a severance package was available at the time.

              Location: UK.

            2. Anonymous Coward
              Anonymous Coward

              Re: I have seen people work out their gardening leave.

              Well yes, because HR go home early every day.

              1. Intractable Potsherd Silver badge

                Re: I have seen people work out their gardening leave.

                @AC "HR go home early every day."

                It would be better if they never came in.

          2. Sam Therapy

            Happened like that for me

            Our entire office was made redundant but we were all allowed to continue using the facilities for preparing/updating CVs, arranging interviews and just generally faffing about. Any faffing had to be legal and within our T&Cs, so no downloading pirated stuff, no browsing pr0n sites and so forth.

            As far as I know, nobody abused it.

        2. Alan Brown Silver badge

          "over here you can be fired with several weeks notice, and can be expected to continue doing your job and set your house in order for a smooth transition"

          The difference is that here, if you're being made redundant (vs "fired") you're going to be given a severance package and a reference which are both at risk if you do anything stupid.

          If there's a hint that you won't play nice then your notice period will be spent at home, gardening, with all access codes having been changed before you were told about it.

          The USA in particular has this peculiar concept of "at will" employment (which the tories keep trying to introduce here) which means that noone's job is secure from one day to the next - and one of the favourite manglement tactics when firing a lot of people is to parachute XYZ inept manager into the location with promises of long term upgrade to start sacking people ("hoorah", he thinks), and then push him out the door with no compensation when the dirty work is done.

        3. Dr Dan Holdsworth Silver badge
          Stop

          HR 101

          Honestly, you'd think it would be written into HR and Management manuals by now: if you have an employee who is showing signs of being likely to become an ex-employee, then when you fire him you lock his accounts first, then you inform him that he is being terminated and that his remaining tenure with the company is gardening leave, to be spent off-site.

          Otherwise, try to conduct all such business with the maximum of politeness and dignity, so as to preserve your company's reputation and minimise hurt and annoyance to the soon-to-be-ex employee. Pay a little more than statutory minimum redundancy payments, extend health cover for a month or so, basically be nice to the bloke you're firing and with luck he'll be nice back to you.

        4. Anonymous Coward
          Anonymous Coward

          "while in North America"

          Well, yes and no. I have seen employees escorted off the premises and others given weeks to wind down gracefully in the same company (and both for people quitting and being let go). Depends on the individual BU.

      3. Anonymous Coward
        Anonymous Coward

        > An IT professional should be exactly that.

        > People who pull this kind of shit should be

        > barred from the profession for life and receive

        > much tougher penalties.

        And all IT professionals should be bonded. It's still amazing that with the kind of access that IT folks get, they don't have to post a serious bond.

        1. Martin an gof Silver badge

          And all IT professionals should be bonded

          Or how about mandatory professional indemnity insurance and maybe a professional body? I suppose there's a question then of what types of IT professional need to be protected in this way - where would you draw the line?

          M.

    4. anothercynic Silver badge

      Classic...

      ... Especially when you've just had the person come off the naughty step.

      Hell, in some employers, you'd be escorted back to your desk to collect your personal belongings only, in others, you can collect them at the end of the/on the next day in a box.

  2. GrumpyKiwi Silver badge
    Coffee/keyboard

    First prize

    for jokes in a single El' Reg article that were actually funny goes to Iain.

    1. Michael Thibault

      Re: First prize

      It's a matter of scale, I guess; not HO-HO-HO funny, by my gauge. Still, your mentioning the humour might spur closer scrutiny down the line.

    2. chivo243 Silver badge
      Thumb Up

      Re: First prize

      yes, just to name a few:

      Canadian railway employee had - a rocky relationship

      Dying network named CPR

      and finally the IT/Locomotive double entendre - Management blew its stack

      1. TRT Silver badge

        Re: First prize

        I was initially confused by the reference to switches. I thought someone had sabotaged the points.

        1. Muscleguy Silver badge

          Re: First prize

          This needs a pic of a moustachioed villain in a black hat and cape grappling with a big lever in an old signal box while his female victim writhed on the tracks and the express approached.

          1. 404 Silver badge

            Re: First prize

            Perfect! Dudley Do-right of the Mounties will save the day... Works cuz he's Canadian ;)

          2. davidp231

            Re: First prize

            With said victim shouting for help in a thick Texan/Southern accent.

            1. Someone Else Silver badge
              Coat

              Re: First prize

              With said victim shouting for help in a thick Texan/Southern accent.

              It might be more appropriate with the victim shouting in a Kansas City Southern accent...

    3. Mycho Silver badge

      Re: First prize

      Roses are red

      violence is too

      all these dumb rhymes

      lowered the threshold for you.

  3. FozzyBear Silver badge
    Unhappy

    Major delays, screwups, cancellations and basically everyone running around trying to figure out what the hell's going on?

    Sounds like a typical day riding the trains in Sydney.

  4. Sceptic Tank
    Holmes

    Put pressure on him

    Nice of them to let him tender his resignation. Maybe he should get a coach -- not get side-tracked, get the wheels rolling again, etc. Too bad there wasn't a whistle blower around to stop him.

    1. Chris King Silver badge

      Re: Put pressure on him

      Maybe they should have revoked his accounts and ID, then rode him out of town on a rail ?

      1. John H Woods Silver badge

        Re: Put pressure on him

        Maybe they should have been on their guard against such behavior.

  5. Anonymous Coward
    Anonymous Coward

    So did the accused admit his guilt?

    I ask as forensic experts "got in" by an employer is not the same as an impartial police investigation and certainly not be accepted as evidence equal to a real investigation.

    Again not shutting his access down is just inviting trouble and should be viewed as being equivilent to leaving a window open.

    Perhaps the reason original arguement requiring his dismissal was about how incompetent his management were

    1. Anonymous Coward
      Anonymous Coward

      Re: So did the accused admit his guilt?

      ^ someone got a guilty conscience? Your analogies are nonsense; an open window is not an invitation to anyone other than criminals.

      1. Teiwaz Silver badge

        Re: So did the accused admit his guilt?

        ^ someone got a guilty conscience? Your analogies are nonsense; an open window is not an invitation to anyone other than criminals.

        You got a point, but (continuing the anaology) it's also an invitation for Insurance companies* not to pay up, should something happen in said circumstances.

        * You are free to argue said companies are also 'criminal' of course.

      2. Anonymous Coward
        Anonymous Coward

        Re: So did the accused admit his guilt?

        "open window is not an invitation to anyone other than criminals", no you are just plain wrong, security is everyone's responsibility.

        An open window, at court, is the difference between breaking and entering (a crime) and entering to dick with you by turn off some of your electric equipment, changing the recording times on your PVR (not a crime) or any other action that doesn't break the law.

        Hence one is a crime the other would be a civil case at best, this because not taking security seriously costs everyone else money and is correctly seen as incitement by the courts.

        Here we have a prime example of failing to implement minimum security practices and personally I would say the company is far from innocent in this. If they had removed all access at the point where he was suspended or at very least when he left then there would not be any court case to hold.

        1. lglethal Silver badge
          FAIL

          Re: So did the accused admit his guilt?

          @AC Actually the two cases you've cited would be "breaking and entering" if the Windows were shut and "criminal tresspass" if the Windows were open.

          Just because a window was open, doesnt give you ANY right to climb into another persons house without there permission.

          What you do inside the house would just determine if there were other crimes you were charged with. oh and by the way things like "dicking around with your Equipment" would likely bring a criminal mischief charge.

          Playing with other peoples toys, with out their permission, is just not allowed...

          1. Alan Brown Silver badge

            Re: So did the accused admit his guilt?

            Less like an open window and more like failing to retrieve all the keys from the Ex.

          2. Anonymous Coward
            Anonymous Coward

            Re: So did the accused admit his guilt?

            US law of "criminal tresspass" I presume, still IMHO does not make just being on someone else property a instant crime but it is the US after all and since there are a lot of lawyers making the laws then it is possible.

            In the UK we have people coming onto our property all the time to deliver mail, tell you to buy a TV license trying to sell you something or get you to contribute towards the charity who employ them on commission and whilst the later can be annoying we the tax payers are paying for the courts and the solicitors to have their time wasted because some tool can't be bothered to secure their home or is after an insurance payout.

            For my part I would prefer to keep my front garden than shoot people if they step on my grass but then again I am not in the US.

            1. lglethal Silver badge
              Facepalm

              Re: So did the accused admit his guilt?

              @AC You're changing your definitions. You were talking about people coming through the window, not someone walking on your front lawn. If your mailman climbs through your window to deliver your post, believe me you are well within your rights to call the Police and have them arrested for tresspassing. Even in the UK. Same with TV licence people and charity collectors. You are also welcome to call the Police on them again for tresspassing if they were to climb into your back yard for that purpose. The front yard, however, usually allows for entry for the purpose of movingto your front door. if they decide to set up a rave in your front yard without your permission, then again they are tresspassing.

              It's not so difficult to understand, now is it?

              1. Anonymous Coward
                Anonymous Coward

                Re: So did the accused admit his guilt?

                @Iglethal "You're changing your definitions"

                Not at all, in the UK tresspass is not a instant crime. Here you have to refuse to leave before the police get involved.

                however we also have laws created for the benefit of vested interests but generally rather than making laws to fill prisons where they again cost the tax payer, we instead try to prevent "crime" in the first place by placing a minimum responsibility on everyone to avoid inviting crime.

                Here we used to have things like a welfare system so people do not have to steal to eat because providing money for food to the hungry is cheaper than the time of police, judges and then having pay to feed and house them anyway for the duration of their sentence. Same for housing costs and health care but these are being eroded by people who do not understand that if we have your laws then we get the same outcome that you have, i.e. people being shot all the time. I presume that shooting "criminals" without having to bother with courts or prison keeps your costs down but that just means the criminals go armed and innocents get shot by "accident" .

                "It's not so difficult to understand, now is it?" I understand what you are saying, that the analogy is difficult for people who have more lawyers, guns and deaths by shooting per head of population than any other country. I can understand even you believing the BestBuy forensic expert's paid for evidence and the lesson here for everyone else is do not be a system admin in the US they are out gunning for you

            2. kain preacher Silver badge

              Re: So did the accused admit his guilt?

              US law of "criminal tresspass" I presume, still IMHO does not make just being on someone else property a instant crime but it is the US after all and since there are a lot of lawyers making the laws then it is possible.

              No trespass charge in the US is for one of two things. You were told to leave and did not or it's plea deal from burglary.

          3. kain preacher Silver badge

            Re: So did the accused admit his guilt?

            @AC Actually the two cases you've cited would be "breaking and entering" if the Windows were shut and "criminal tresspass" if the Windows were open.

            Not the us the charge would be residential burglary , Felony trespassing only if you take a plea

        2. Anonymous Coward
          Anonymous Coward

          Re: So did the accused admit his guilt?

          @AC "An open window, at court, is the difference between breaking and entering (a crime) and entering to dick with you by turn off some of your electric equipment, changing the recording times on your PVR (not a crime) or any other action that doesn't break the law."

          Window open or not isn't really relevant, entering someones house/private property uninvited is still trespass, and so is a crime. Even in the US just entering a location without permission can be classed as burglary, even if nothing was taken or no other crime committed, it just has to be shown that you have no valid reason to be there.

        3. Mike Moyle Silver badge

          Re: So did the accused admit his guilt?

          "An open window, at court, is the difference between breaking and entering (a crime) and entering to dick with you (...)

          Hence one is a crime the other would be a civil case at best..."

          I don't know how things stand where you live but around these parts "Criminal Trespass" and "Illegal Entry" are still criminal, not civil, offenses. They may be only misdemeanors while B&E is a felony (combining within itself, as it does, both trespass AND property damage), but still criminal.

          1. Prst. V.Jeltz Silver badge

            Re: So did the accused admit his guilt?

            I don't know how things stand where you live but around these parts ..

            Could people just say where they are talking about ffs?

            http://www.plainenglish.co.uk/

        4. Prst. V.Jeltz Silver badge

          Re: So did the accused admit his guilt?

          An open window, at court, is the difference between breaking and entering (a crime) and entering to dick with you by turn off some of your electric equipment, changing the recording times on your PVR (not a crime) or any other action that doesn't break the law.

          Seriously? so i can just walk into someones house and watch their telly? or an office building? and then complain about being manhandled by the understanably frustrated owner ?

          1. Prst. V.Jeltz Silver badge

            Re: So did the accused admit his guilt?

            Wasnt there a rumour that in the uk "trespass" was just a word , and not an official written down crime?

      3. Blotto Bronze badge

        Re: So did the accused admit his guilt?

        The guy was fired and his creds not wiped, presenting the open window for criminals, who may or may not have been the man on trial, to do malicious damage, or something just happened and the recently dismissed / resigned was blamed with evidence corroborating it.

        I’d like to see remote access, ad and tacacs logs proving he logged into that laptop and did those things before he wiped it and handed it back.

        For a tech site, we can surely expect the journo to include info on these details.

        1. Anonymous Coward
          Anonymous Coward

          Re: So did the accused admit his guilt?

          Having worked for a number of bad employers then when I see these sorts of news storys then I always look at what information has been released before making any judgement.

          One employer I worked for was still blaming a guy who left to go contracting for every failure two months later regardless of if they guy had ever touch it. I didn't know the guy until they finally had to pay his rates but my dealings with his work suggested that he was more competent than 90% of my peers.

          Another had the a network admin grilling the staff and starting the dialogue with "we found evidence on a machine you used and the timestamps say you did it" when this was a complete lie, when they tied it with me I said "this isn't amature hour, lets bring the police in" and they bricked it.

          One company had managed to turn a clients multi CPU novell cluster into a single CPU fileserver after the manager's friend rebuilt it and then made the client upgrade the network and switch to Microsoft to hide the fail.

          I could go on but basically I have worked with a lot of bad managers who in my experience truely believed that they could do or say anything.

          So if the only proof here is the say so of some "third party" investigator who was employed to find evidence against the dismissed employee then I am going to wonder if it is just more bad management covering their own arses.

          That the management admit failing to remove the dismissed employees access just adds icing to the cake

  6. Michael Hoffmann
    WTF?

    Was I the only one...

    ... who thought "switches as in rail switches"?

    As in "this IoT thing is getting ridiculous, now the rails are network connected" and then "if someone can muck with those, people can get killed".

    1. 404 Silver badge

      Re: Was I the only one...

      Nope - I was wondering why trains weren't falling over everywhere, figured I'd hear about something like that happening...

    2. disgruntled yank Silver badge

      Re: Was I the only one...

      No, not the only one. A couple of people were killed and many more injured in the Carolinas the other week because a crew locked a switch on the wrong setting.

    3. Stoneshop Silver badge

      Re: Was I the only one...

      As in "this IoT thing is getting ridiculous, now the rails are network connected"

      They are.

      But generally the low-level control (relays or PLC-like units) is interlocked so that you can not direct a train onto a track where another train is present (except at switching yards where such a an action should be possible, although only at low speed). The network is used to send control messages to these low-level systems, with points, signals and block status being sent back. With the network out of action everything should come to a stop without creating hazardous situations.

  7. Anonymous Coward
    Anonymous Coward

    looks like some training is required on how to disembark employees correctly

  8. Alister Silver badge
    Facepalm

    just not making the grade as a sysadmin

    A measure of his competence is that he used a laptop to carry out his attacks, and then handed it back to his former employer.

    Even though he did make an attempt to wipe it, he should at least have changed the hard-drive, or just used a different machine altogether.

    1. Anonymous Coward
      Anonymous Coward

      Re: just not making the grade as a sysadmin

      What about using another laptop with a spoofed mac that pointed to his boss?

  9. Anonymous South African Coward Silver badge
    Trollface

    Can't he come and derail the gravy train here in South Africa?

  10. msknight Silver badge

    Not much of a sysadmin...

    ...if he couldn't wipe his laptop sufficiently well to stop them from getting evidence from it.

    1. Anonymous Coward
      Anonymous Coward

      Re: Not much of a sysadmin...

      Perhaps he did wipe his laptop totally and the evidence was added later by the "third party" investigators, we do not have access to all the facts.

  11. Anonymous Coward
    Anonymous Coward

    I said bye to an employee recently

    and found because I wasn't his formal line manager, just deputising as he was out of office that day. I was not authorised to get his accounts disabled, it had to have line manager approval (by email).

    You couldn't make it up.

    1. Named coward

      Re: I said bye to an employee recently

      You were deputising for a day and fired someone?

      Couldn't make it up indeed.

      1. Doctor Syntax Silver badge

        Re: I said bye to an employee recently

        "You were deputising for a day and fired someone?"

        He didn't actually write that unless "saying bye" was a euphemism. People leave without being fired and managers, even deputising managers may even say goodbye to them.

        1. Anonymous Coward
          Anonymous Coward

          Re: I said bye to an employee recently

          In this case not fired, just got a new job. I like the assumption I fired someone though. I have only once dismissed a contractor on the spot and that's another story.

          1. The Oncoming Scorn Silver badge
            Coat

            Re: I said bye to an employee recently

            One of my fellow mature students from (UK) college, returned up north & started his first job following the completion.

            Manager This is your resume, you have done all this?

            Friend Yes

            Manager See that guy down there in the blue overalls?

            Friend Yes

            Manager Go down there & tell him he's fired.

          2. The Oncoming Scorn Silver badge
            Go

            Re: I said bye to an employee recently

            Details?

  12. OzBob

    And there is the problem with IT

    (well, one of them). A major disconnect between management's understanding of security risks and the sysadmins understanding of security exploits.

  13. Korev Silver badge
    Joke

    Switch config

    Any idea what he set the buffers to?

  14. adam payne Silver badge

    Two working days later and they still hadn't disabled the account of a sysadmin. *rolleyes*

    Suspended employee = disabled account

    Sacked = disabled account

    1. Alan Brown Silver badge

      "Two working days later and they still hadn't disabled the account of a sysadmin. *rolleyes*"

      As a sysadmin, I've sat down with management and ensured they disabled that all my accounts and access codes before I went out the door.

      For the simple reason that if anything goes wrong later on, I do not want to be covered in any splattering shit. If they want to call me back in, then they can rehire me.

      I've only had one employer who actually thought to change equipment administrative passwords. Most simply leave them alone for decades.

  15. Paul Westerman
    Coat

    I think they need to

    review their platforms

  16. f4ff5e1881
    Stop

    What a wally

    Joking aside, people die in train crashes.

    I wonder if that thought ever crossed Grupe’s mind when he was merrily deleting files from the system? He was lucky nothing disastrous happened.

  17. ForthIsNotDead Silver badge

    I worked for an oil services company in Aberdeen...

    I left to go contracting for two years in China and Uzbekistan.

    Upon my return (my wife was expecting our first child) the company I used to work for found out I was back and offered me my job back, which was very kind of them.

    When I returned, I found I had the same SAP ID, the same email address, with two years of un-read email in it, and the pin code for the server room doors was the same!

  18. Anonymous Coward
    Anonymous Coward

    When I was let go

    A while ago (It must be about 24 years ago), the first thing I did when I got home was to phone the external support and tell them

    A: Please change passwords, now...

    B. You are now it. There is nobody onsite capable of doing any support or even following letter by letter instructions.

    In the back of my mind was the possibility that things could go pear shaped. This way, when they did, nobody bothered me...

    1. Lee D Silver badge

      Re: When I was let go

      *cough* This. *cough*

      I've done exactly the same (note: it was a sinking ship, and I was quite late to be picked on after all those above me had left and warned me of what was to come, I was picked up by word-of-mouth by a new employer before I'd even gone so I didn't even need their reference, but I DELIBERATELY worked through a critical point of the year so they couldn't blame things not working on me, informed them that I'd had enough for a long time prior, they failed to accede to simple requests, so the foretold consequence was I would leave if it wasn't done by a certain date... and it wasn't).

      So the upshot was: I'm going at the end of the day. Here's your handover. Please witness me disabling my account / changing my password to something of your choosing / handing back all your keys and cards / disabling my swipe card from access control / etc. If I ever access anything ever again, it's complete and utter deception on my part, not just a slip of a saved credential.

      By the way... here's the "big book" of passwords, you have everything you need in there, right? Right? You don't know? Then you need someone to check because once I have gone a reasonable amount of time I won't have those details because I've removed all my access for my email from every device. If you don't ask me for a detail in the next week, and it's not already in the book, you are out of luck for anyone using that service, understood?

      Followed by some guy they knew coming in, them paying for me one extra day to "handover" to someone "who knew IT better" (I have no problem with that). The guy was useless, I handed over in a matter of minutes because he didn't know what to ask, how to takeover, what to check, etc. and they just furnished him with the complete "big-book" without question. As you say... tag... you're it! (And you can deal with the guy who's been convinced for years that having the domain administrator password would somehow magically make his WMA-only voice recorders load into the MP3-only software he bought without conversion).

      Got him to sign-off on my leaving and that I no longer had any access. Said bye forever.

      Never heard from them again, except via whispers from people who similarly fled. Soon after, almost all the main staff changed, the IT changed entirely, even their website changed. I can't believe that was coincidence rather than someone just not knowing how to takeover and messing up.

      But, no way would I leave them with an opportunity to pin things on me past that point (Hey, up until then? Blame me if you like but it'll require proof), even if they went to the extreme of fabricating evidence. Exhibit A: a signed piece of paper from an "independent" witness that he'd watched me disable and closed off all avenues of entry and he'd changed all the master passwords and removed all my access.

      I don't WANT to be responsible for your systems. Or else I'd still be working there. And though I could cause untold damage if I had malicious intent, I'm not sure they got away with things that easy by me doing things exactly by the book either.

  19. Nosher

    Heh, I though at first that this story was a lot more real-world serious than it was: in North America, a "switch" in a railway context is what we would call "points". Shutting those down could have been seriously disruptive!

  20. Marty McFly
    FAIL

    Not a smart admin...

    He "wiped" his laptop, yet evidence was later found on it. Doesn't sound like he was smart enough to properly wipe the device. Probably did a FDISK and thought that was good enough to hide the evidence.

  21. dmacleo

    lucky non of the switches messed with central dispatching (ctc controlled) ability to move and line rail switches as needed as its network based.

  22. Not also known as SC

    What sort of Switch?

    In the States isn't switch a term for points? Was it railway switches he accessed or network switches?

    1. dmacleo

      Re: What sort of Switch?

      it was network switches however if done in right location could have caused loss of ability for dispatch to line rail switches (points in your area) as needed.

      1. Not also known as SC
        Pint

        Re: What sort of Switch?

        @dmacleo

        Thanks for the clarification - I thought that might be the case but as the rail switches are computer operated I wasn't entirely sure. Moron in either case though.

        1. dmacleo

          Re: What sort of Switch?

          glad I could help and (as best I can tell) I got it right too. ctc COULD have been affected, however I see no indications it actually was at this time.

  23. swschrad

    Hmmm, I wonder...

    I wonder if this is the same guy who got FBIed for selling RFU Sunservers from our outift on eBay. If so, how'd CP hire him? If not, never mind, nothing to see here, keep moving. I expect he's got a career path at night drive-up manager at White Castle in the underprivileged area...

  24. JaitcH
    Happy

    Car Battery Booster Cables Are The Low Tech Way to Stop Trains

    The First Nations population in Canada are very familiar with railroad operations, especially when it comes to protest.

    To stop rail traffic First Nations people use a set of battery booster cables and short the outer - load-bearing - rails together and automation will look after the rest.

    Shorts across these rails trigger red lights for a couple of train lengths of rail. Train lengths in North America are often measured in kilometres/miles using a formula based on time a train takes to pass a measuring point at a certain speed.

  25. Scaffa

    "On December 17, Grupe choo-choo-chose.."

    Iain, never change.

  26. Florida1920 Silver badge
    Joke

    Rocky Relationship

    You could say the accused got off on the wrong track.

  27. Anonymous Coward
    Anonymous Coward

    He yelled at his boss and then paid this bill by two weeks suspension. Why another penlity (being fired "or take the resign") was laid on him? This seems like double punishment, and whether this is lawful is under question. I suspect the company played a trick on forcing him to "resign". So what can he do when he found the company cheated him and unable to sue them? It's understandable that he hacked that company.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019