back to article Vengeful sacked IT bod destroyed ex-employer's AWS cloud accounts. Now he'll spent rest of 2019 in the clink

An irate sacked techie who rampaged through his former employer's AWS accounts with a purloined login, nuking 23 servers and triggering a wave of redundancies, has been jailed. Steffan Needham spent four weeks working for software biz Voova before he was let go for "below-par performance". The "embittered" IT consultant, of …

  1. Will Godfrey Silver badge
    FAIL

    Idiot

    I guess the only job he'll be able to get once he's out is greeter at B&Q

    1. iron Silver badge

      Re: Idiot

      Sounds like the only job he's qualified for since he didn't even try to hide his IP address.

      1. Anonymous Coward
        Anonymous Coward

        Re: Idiot

        M247/Metronet are well known as the home of many VPN hosters. Very lax on abuse.

    2. Steve Button

      Re: Idiot

      more likely he'll be outside the train station begging for change. What a twat.

      1. steviebuk Silver badge

        Re: Idiot

        And according to a resent issue of Big Issue, he'll make more money doing that than selling the Big Issue.

        1. W.S.Gosset Bronze badge

          Re: Idiot

          Hmm! I'm in Oz not UK now: what stats did the UK article provide?

    3. Doctor Syntax Silver badge

      Re: Idiot

      "greeter at B&Q"

      B&Q have greeters?

    4. Nunyabiznes

      Re: Idiot

      Around here he would be management material.

      1. Glen 1 Bronze badge

        Re: Idiot

        Management material...

        Ouch. That's a low blow.

        He deleted the stuff on purpose, and then didn't demand someone else fix it.

    5. Anonymous Coward
      Anonymous Coward

      Re: Idiot

      Greeter at B&Q?

      You’re assuming B&Q are still around when he gets out, they seem to have a business turnaround plan that’s even more disruptive to their business than this young man managed...

    6. msknight Silver badge
      Coat

      Re: Idiot

      In a twist of irony, as they are now teaching prisoners I.T. skills, he'll likely come out of the clink with the very skills that he should have had, before going in there in the first place.

      https://www.bbc.co.uk/news/technology-47570134

      You can't make this stuff up.

      1. noddybollock

        Re: Idiot

        For once the phrase "learn to code" might actually be "helpful" - unlike mentioning it to so called 'journalists' and getting banned from twatter!

    7. Michael Wojcik Silver badge

      Re: Idiot

      You don't think he's qualified for politics? Hell, in the US he'd be fast-tracked into Congress, if the Executive branch didn't snatch him up first.

  2. Ayth

    Not that I condone what the guy did, but I know I'm dreamed/fantasized about getting back at old employers of mine.

    But dude you are smart enough to create a backdoor for yourself, but not smart enough to use a VPN service when you do the deed?

    1. Aladdin Sane Silver badge

      Didn't even create a backdoor, just used somebody else's credentials.

      1. Yet Another Anonymous coward Silver badge

        And then did it himself instead of just posting the login details online for some random vandal to use.

        1. Another User

          Wouldn’t make a difference

          Log of ‘random site’ would have showed the exact same IP address of poster. So same result: 2 years in the slammer.

          1. Yet Another Anonymous coward Silver badge

            Re: Wouldn’t make a difference

            You sign up for 4chan reddit/r/hackers with a throwaway gmail account from an internet cafe

            1. Tom Chiverton 1

              Re: Wouldn’t make a difference

              Cafe's have CCTV.

              Google will hand over IP to account details with a court order.

              1. This post has been deleted by its author

              2. St Deiniol
                Black Helicopters

                Re: Wouldn’t make a difference

                Cafe's do indeed have CCTV - but I'd wager that very few keep more than a weeks worth of footage.

                By the time anyone gets a court order the footage is long gone.

                1. MachDiamond Silver badge

                  Re: Wouldn’t make a difference

                  Most cafe's don't change their wi-fi logins that frequently. Go in, buy a coffee, get the password and leave. An hour or so later, park a fair bit away, walk to someplace near the cafe out of CCTV coverage and login.

                  There are plenty of ways to muddy the path a bit. I had a mate that did installs and kept a log of address and wi-fi passwords. Most people were too clueless to change them and would just gleefully use what the installer wrote down on the the little "welcome" packet the were given. If he was the one to punch up their laptops to get on in the first place, the people may not have even known how to to that on their own. I can't say if he ever used any of that info for something dodgy. He did it mainly to CYA when he'd get a call back a couple of days later because somebody else in the house wasn't there at the time and now they can't find that welcome packet to have the password to put in another computer/device. He was just doing the final install and training so he'd be on several jobs per day. A year later he could probably visit the areas and find at least several places he could still get in.

              3. paulll Bronze badge

                Re: Wouldn’t make a difference

                So the laptop in your car makes the post with cron and curl over the cafe's internet connection, while you nonchalantly pick your nose in full view of the CCTV camera. Prove it's anything other than a remarkable coincidence...

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Wouldn’t make a difference

                  Via a machine that is running a VPN. Then booting into a VM that also runs the TOR over VPN. So you're doubling up on your VPN connection so if they trace one, they still don't have the real location. Then of course you have the TOR network. Although we all know most TOR nodes are compromised but at least if you VPN over TOR, even if the node is compromised, they can't see your traffic.

    2. Dabooka Silver badge

      Did you even read the article?

      What back door? No VPN?

      What?

    3. Anonymous Coward
      Anonymous Coward

      Could well have used a VPN. M247 rent out cloud services and are well used by the usual culprits, PIA etc. They’re the hoster of choice for those attracting abuse.

      1. W.S.Gosset Bronze badge

        > the hoster of choice for those attracting abuse

        Donald Trump? Theresa May? Bill Shorten?

    4. Anonymous Coward
      Anonymous Coward

      I don't know why all the down votes. I'm sure we've all thought about how to break in to a company we leave. Even if its just to see if they notice. Not big or clever but just interesting to think of ways you could get in without getting caught. An unofficial and illegal pentest if you will. Are we down voting for thought crimes now?

      Although this one appears to be bad due to the redundancies But I wonder, I wonder if the redundancies were being blamed on this but had nothing to do with it, but the boss thought "Great, we can use it as an excuse". Along with the contracts being lost. Although I guess, knowing the details, knowing they didn't have MFA on, would make you not want to trust them with your data anyway.

      But yeah. I assume the rage made him not think about how he could get caught.

      1. Hollerithevo Silver badge

        MFA

        Any potential customers of services such as this company offers have to be educated to ask 'do you use MFA? Do you know what it means?' befoe signing a contract.

        1. Anonymous Coward
          Anonymous Coward

          Re: MFA

          Most sales Droids would just google the term, find another few security terms to use then swear on their mothers lives that everything is tiketty boo. The company then goes out and hires an inept misfit with anger management issues and give him the keys to the kingdom.

          Even if MFA were implemented 'speedy' would probably have l kept a back door for the time he was called at 3 am at a party and needed to RDP in from a mates random PC from a cottage in the cotswolds with no mobile coverage.

          I'm not dissing Speedy here, I suspect the poor blighter is on call 24/7/365 without pay for this outfit and forgot the concept of 'me time' years ago.

      2. doublelayer Silver badge

        I didn't downvote, but the attitude is not great. I've had annoying employers, but I don't want to destroy them. I want to not have any connection to them, and I don't really care what happens to them. I'll go as far as making my disdain for them clear to anyone who might use their services. More than that is too vindictive for me, unless they are actively doing something harmful to people.

  3. Waseem Alkurdi Silver badge

    BOFH?

    That was my first thought, but it seems not.

    1. Captain Scarlet Silver badge

      Re: BOFH?

      Nope, the BOFH tend to avoid getting fired by getting other people thrown out of windows or gassed by faulty halon systems

    2. CHMultimedia

      Re: BOFH?

      The BOFH would have added incriminating evidence instead of wiping it all. And then report to law enforcement officials that they are hosting pirated content or something more illegal...

      1. Kabukiwookie

        Re: BOFH?

        Maybe this guy is completely innocent...

    3. Stevie Silver badge

      Re: BOFH?

      Not so much BOFH as VFFM*.

      * Vengeful Fuckwit From Manchester.

    4. chivo243 Silver badge

      Re: BOFH?

      Definately not enough finesse to be a BOFH caper. It was a pretty blunt fsck you...

    5. Anonymous Coward
      Anonymous Coward

      Re: BOFH?

      Slightly BOFHish, but where I work, a leaver's VPN isn't disabled per se, but the profile changed to have the functional effect of tripping over your network cable. This is of course all logged.

    6. macjules Silver badge

      Re: BOFH?

      Not unless he let the PFY take the rap for it. One question though, why didn't the employer have automatic image backups of the EC2 instances?

  4. Mark 85 Silver badge

    Voova should take some heat here...

    Apparently they didn't have any backups of the data since the critical data was "lost". Stupid, stupid, stupid.

    1. Anonymous Coward
      Anonymous Coward

      Re: Voova should take some heat here...

      > Apparently they didn't have any backups of the data since the critical data was "lost". Stupid, stupid, stupid.

      But what if the backups were part of the same AWS account? He could have deleted those as well.

      1. big_D Silver badge

        Re: Voova should take some heat here...

        That is why backups should never be on the same service, they should be separate and not accessible from the AWS servers or management account.

        1. Anonymous Coward
          Anonymous Coward

          Re: Voova should take some heat here...

          That is why the vengeful BOFH ever so slowly corrupts the data so the backups will be screwed too ...

      2. Dr Dan Holdsworth Silver badge

        Re: Voova should take some heat here...

        I am told that AWS features a service called "Glacier". You put data into this service, and for a fairly nominal fee Amazon store the data. If the worst happens and you need the data in a hurry, then Amazon will get the data for you, for a somewhat less than nominal fee (but hey, they're in this game for the money).

        I have not used this service, but it sounds tailor-made for disaster recovery.

        1. Talisman1

          Re: Voova should take some heat here...

          Yes Glacier is used for long-term archival purposes, but yes the durability of the data is ranked at 99.999999999% as far as I'm aware (though availability is a different matter). That said, this could have been entirely avoided had the organization setup their IAM policies correctly to begin with, so they only have themselves to blame really. Design for failure!

    2. Anonymous Coward
      Anonymous Coward

      Re: Voova should take some heat here...

      Backup in the cloud costs extra and some don't think they'll need it because "the cloud". Interestingly I've just had a look at AWS backup and the prices are in the 0.05c per gb per month range depending of course on what you are backing up with an extra cost to restore so no excuse really.

      Though curiously and I'm sure someone could help me out here but if it's in the cloud is it not backed up anyway by the cloud provider in case of problems with them?

      1. Anonymous Coward
        Anonymous Coward

        Re: is it not backed up anyway by the cloud provider

        Surely this is a due diligence question that gets asked before starting the service ?

        When companies charge for their services, I think it's fair to expect - and extract in court - a higher standard of service that if you got your neighbours nephew or niece to do the job. Although, reading El Reg regularly, it seems I'm a weirdo in the world.

        1. MachDiamond Silver badge

          Re: is it not backed up anyway by the cloud provider

          A cloud back up can be handy for "routine" emergencies, but having multiple physical backups is still mandatory. A very simple test is to compare the size of what you pay AWS to what AWS grosses. If the number is very very small, which is usual, how much chance to you honestly believe that they are going to rush to your rescue when the SHTF?

          One of the ways I make money is photography. One copy on my computer, one archive drive offline and two archive drives that rotate off site. I also make a longer term archive of my best images that goes off-site and doesn't rotate (spinning rust is cheap) I can drive several hours to where my off-site backups are kept and have the data if both my computer and on-site backups are destroyed. The distance means that a natural disaster such as a flood isn't going to take out all copies. If that were to happen, I wouldn't be that worried about the photos, I'd have much bigger problems to deal with. I don't do cloud backups. I don't need the data 24/7 from anywhere in the world. A complete download of my backed up data would take ages and likely trip out some limits on my unlimited account and get me a nasty note (or complete silence and a red light on my "modem"). The ISP isn't big on communication unless you are late paying the bill.

          This company that relies on their data or the data they manage for somebody else (and then outsource responsibility for) was counting on a single supplier to do their job that they have no control over. In aerospace we called it a single point of failure fault and would spend lots of time find ing them and adding redundancy. It sounds again like a huge lack of qualified management.

      2. Tom 38 Silver badge

        Re: Voova should take some heat here...

        Though curiously and I'm sure someone could help me out here but if it's in the cloud is it not backed up anyway by the cloud provider in case of problems with them?

        To take AWS as an example, instance storage doesn't even survive a reboot. S3 storage is redundantly stored, and you can even version things stored in the bucket so that you can roll them back to previous versions, however if you deliberately erase the bucket, there isn't a backup of it that they can restore for you. You can backup S3 buckets to Glacier for archival/backup, but again, you can also destroy those backups.

        You can also apply different security policies to stop admin credentials being used to perform these sorts of disasters, but many firms don't bother and just have virtually no restrictions at all on their admins.

        1. Yet Another Anonymous coward Silver badge

          Re: Voova should take some heat here...

          So even a well intentioned admin could have destroyed this company with a typo ?

          1. JimmyPage Silver badge

            Re: So even a well intentioned admin could have destroyed this company with a typo ?

            If they didn't know what they were doing, yes. Same as anything really.

          2. Giovani Tapini

            Re: Voova should take some heat here...

            Yup, but it's perfectly safe because it's cloud. Suddenly the laws of physics, logic, and any form of oversight can all be dismissed because apparently there is no infrastructure in the cloud.

            Yes they do deserve some blame for this. Good practice comes with cost and time though. Will never be a priority in their agile backlog...

            Grrr

            1. TechnicalBen Silver badge

              Re: Voova should take some heat here...

              I didn't know "Someone elses problem" began with a C and ended with a D until the "cloud" was invented. ;)

          3. Talisman1

            Re: Voova should take some heat here...

            When you delete S3 buckets on AWS it asks you to confirm by typing the name of the bucket (so you really have to be intentional about it) - though since the company was so lackadaisical in it's organization of IAM policies the chances are any admin could have maliciously acted like this. Double fail for not having secured backups in Glacier or another service!

            1. MachDiamond Silver badge

              Re: Voova should take some heat here...

              "Double fail for not having secured backups in Glacier or another service!"

              Screw another service! Physical backups held off site. A hacked off IT staffer may be able to get to everything online, but may not be able to physically access backups on real hardware secured someplace else. They also might not want to try that since it would take a large pair of brass ones.

          4. Anonymous Coward
            Anonymous Coward

            Re: Voova should take some heat here...

            who hasn't run rm -r in the wrong context once, likewise dropping tables on a production database thinking they were in dev.

        2. Talisman1

          Re: Voova should take some heat here...

          Ephemeral storage will lose data upon reboot, but EBS volumes (which most instances run these days) can be stopped and started at will without data loss. As you say though, they should definitely have been making use of IAM policies for groups and placing users in said groups to control access to functionality like this.

        3. disk iops

          Re: Voova should take some heat here...

          > however if you deliberately erase the bucket, there isn't a backup of it that they can restore for you.

          Actually there is, they just don't advertise that fact. Erasure is 'lazy' so assuming you open a support ticket fast enough (same/next day) there's a very good chance you can still get the data before the housekeeping catches up (about 3-5 days) with the "freed but not zero'd" block list and really does annihilate your data.

      3. cheb
        Pint

        Re: Voova should take some heat here...

        My take on this, as a non IT type*, is that the cloud provider will have backed it up, but only for sorting out their own mess. If you want a back up for sorting out your mess then you'll have to pay for it.

        *But I know enough from reading on places like this to have at least three back up copies on different media and at least one off site. Vague general thanks to all.

        1. Anonymous Coward
          Anonymous Coward

          Re: Voova should take some heat here...

          Doesn't say much for AWS security.

          If I was AWS I would have a hidden vault that can be accessed for a huge sum.

          1. Anonymous Coward
            Anonymous Coward

            Re: Voova should take some heat here...

            It's called glacier... I know at a glance it looks cheap but if you have a Large volume of data and need rapid access to it costs a fortune!

            Inexpensive if you never need to call upon it though

          2. Talisman1

            Re: Voova should take some heat here...

            AWS guarantee security of the cloud, not *in* the cloud - that's up to the organization/individual running the show. If you go around giving system admins full access then don't be surprised when fit hits the shan lol

    3. big_D Silver badge
      Paris Hilton

      Re: Voova should take some heat here...

      That was my first thought as well. A couple of hours of downtime, while the restore from backups...

      But, its the cloud!

    4. Kabukiwookie

      Re: Voova should take some heat here...

      But, but it's in the cloud.

    5. MachDiamond Silver badge
      FAIL

      Re: Voova should take some heat here...

      "Apparently they didn't have any backups of the data"

      Yes they did, they were letting AWS keep if for them.

  5. 10forcash Bronze badge

    Is this the Voova?

    "As the company has evolved over the last four or five years, we decided that it was time to create a group name. We were originally a digital marketing company and started to develop some cloud based products, initially on a small scale."

    https://voovagroup.com/news/interview-voova-ceo-mark-bond/

    'Digital Marketing' - sympathy level has dropped somewhat...

    'Cloud Based Products' - sympathy level still falling....

    No backups you say? Well if they're looking for sympathy, it's in the dictionary between shit and syphilis

  6. Anonymous Coward
    Anonymous Coward

    Sack Speedy Gonzalez too.

    He allowed his credentials to be used.

    1. Anonymous Coward
      Anonymous Coward

      Re: Sack Speedy Gonzalez too.

      Yeah, no. The security team here has a little game. Whenever somebody leaves the team, they receive a gadget with their password engraved on it. Essentially no one has managed to keep it secret from them. It's really hard to prevent people from finding your password when they try.

      1. Groaning Ninny

        Re: Sack Speedy Gonzalez too.

        If that's true it's worrying. It would require monitoring to an unacceptable degree (keyboard logging, cctv or similar). Either that, or the passwords aren't stored securely.

  7. chivo243 Silver badge

    We can see why he was shown the door

    Needham's identity was traced through his IP address! This ranks up there with sending a poisoned letter with your return address.

    1. CHMultimedia

      Re: We can see why he was shown the door

      "Hi! Here's a bomb that should detonate when you open the enclosed package.

      Kind regards,

      John Doe, 123 Road, State, Country."

      An IT Pro that doesn't understand the concept of VPN is not an IT Pro. Or just plain computer literate.

      1. Shooter

        Re: We can see why he was shown the door

        Well, they did say he was sacked for sub-par performance.

  8. Anonymous Coward
    Anonymous Coward

    Frankly,

    Any outfit named "Voova" deserves failure.

    1. Kiwi Silver badge
      Coat

      Re: Frankly,

      Any outfit named "Voova" deserves failure.

      Should've named themselves "Hoova". Clearly they suck at data protection!

  9. Anonymous Coward
    Anonymous Coward

    He should have got far more for framing someone else.

  10. Anonymous Coward
    Anonymous Coward

    I used to work with him

    He was pretty incompetent, barely worked and I didn't find him very personable. Now he'll spend a year defending backdoor attacks.

  11. The Nazz Silver badge

    Whatever happened to guidance and training?

    "Worked for 4 weeks before he was let go for below par performance"

    Not a lot of time to assist him in reaching at least a level par performance. Had Voova spent a few days guiding him, then they'd have saved a bucket load of grief, cash and customers.

    Serious questions also need to be raised as to their recruitment procedures. But as above, i'm on the low end, the very low end of the sympathy scale.

    1. rskurat
      Meh

      Re: Whatever happened to guidance and training?

      About 15 years ago, companies started phasing out training. Now they don't train at all.

  12. Anonymous Coward
    Anonymous Coward

    That's what you get when

    You hire staff on the strength of their Linkedin profile.

    1. GruntyMcPugh Silver badge

      Re: That's what you get when

      I checked out a few old colleagues on Linkedin a while back, one, a former manager, has quite different recollections of our time together, he remembers it as him instigating a training and mentoring regime, nurturing and developing talent in his team,... whereas I recall him spending money like water and crashing three company cars because he drove like a twat.

      Another had every role he'd ever had, straight out of Uni, described as 'Senior', yeah, because firms hire recent graduates and give them 'senior' roles,......

      It's good a laugh though.

  13. dwyermic

    CLOUD definition

    An oldie but goodie, and how apt. I got it from one of the Hitler rant parodies.

    CLOUD = Complete Loss Of User Data

    1. Jay 2
      Pint

      Re: CLOUD definition

      I need to be able to upvote this multiple times, if only as I'm going to borrow it as part of my unofficial role of Paranoid Cloud Cynic. Now repeat after me everyone, "The cloud is somone else's computer you have no crontrol over..."

      On a more serious note I can see where could is useful, but it's never "because" or as a way to effectively create shadow IT to bypass us pesky security (and money) concious IT pros.

  14. Anonymous Coward
    Anonymous Coward

    Take a personal backup first

    Worth a shot at least, so if you're identified as the miscreant you could try bargaining with the employer for "I might just remember where I stashed a backup - and the password. What's it worth?". Might backfire and result in a longer sentence but what would the employer prefer, BOGU or lose some good contracts and have to make some staff redundancies but have the satisfaction of seeing the guy jailed?

    1. MachDiamond Silver badge

      Re: Take a personal backup first

      You would whisper that to the company's solicitor away from everybody else. If asked about what you told them, it would be "Dude, your fly is down". It could be worth it to the company to do a deal if they will otherwise be hurt really bad.

  15. JaitcH
    Happy

    The Company is 100% Culpable

    Every company should maintain back-ups on drives within the owners physical control. And that excludes the cloud.

    My personal workstation has double back-ups, as do most of the other computers in the company. My oldest back-ups were generated in CPM!

    1. Nebra

      Re: The Company is 100% Culpable

      pip ?

  16. rmason Silver badge

    I wouldn't assume

    I wouldn't assume they had no backups. more that it was one of those / most places where admin = universal power.

    He's more likely to have clouted the backups too, while he was at it.

    No vpn.

    Should have left a random script somewhere that was triggered by a quarterly activity long after you've gone.

    Amateur.

  17. W.S.Gosset Bronze badge

    Below-Par Performance

    > Needham's identity was traced through his IP address

    For once, that excuse-for-termination would seem to be valid.

  18. steviebuk Silver badge

    True or not...

    ...I read an interesting story in one of Kevin Mitnick's books. Of an sysadmin who was a bit of a dick but equally so was the director or whoever managed him. So summoned him up to a meeting in front of everyone and fired him. Then stupidly allowed him back to his desk for the rest of the day.

    When evening came and all was quiet and he was long gone, all the servers rebooted and wiped themselves. Although pretty obvious, there wasn't enough evidence left to be able to pin it on the fired sysadmin.*

    *It was read many years ago so may not be accurate retelling of said story.

  19. David Lawrence

    Get that lawyer some english lessons!!

    I know I'm a bit of a grammar pedant but my radar went off the scale when I read the following, which is attributed to the legal bod....

    "What has occurred is user Steffan Needham accesses Amazon Web Services for Voova, changed Mr Gonzalez password and secured his user login 'Speedy'. He has then terminated servers, checked the settings and logged out. They were done by the defendant, who used the Speedy login covering up that it was he deleting the servers."

    Where does one even begin with such an egregious barrage of crimes against our beautiful language? Has it been mistyped? Even if one ignores the grammatical issues how does one even go about 'deleting' a 'server'?

    I give up.

    1. Hollerithevo Silver badge

      Re: Get that lawyer some english lessons!!

      We mourn together, Mr L.

  20. W.S.Gosset Bronze badge

    Meta observation

    It's VERY noticeable from the comments here, that ElReg's commentards know buggerall about security in terms of anonymity in context of the real world.

    Hell's bells, I was covering my tracks vastly more thoroughly just for anon-blogging nearly 20yrs ago. What's being offered here by way of comment or disparagement or recommendation is hair-raising, in terms of people's understanding of security. As in, you'd be busted at step one of law enforcement's follow-up.

    .

    Although, to be fair, the actually knowledgeable people are hardly likely to chime in with a HOWTO on this sort of forum. Hmm...

  21. Anonymous Coward
    Anonymous Coward

    I’m less interested in all of the amateur hacking advise, and more interested in hearing from folks on how they would go about securing and protecting their company’s cloud resources.

    1. Anonymous Coward
      Anonymous Coward

      How to protect a company's cloud resources....

      Don't put it in the cloud to start with.

      1. Kiwi Silver badge

        How to protect a company's cloud resources....

        Don't put it in the cloud to start with.

        Nothing wrong with the cloud if used properly. There are resources available for pennies that would cost quite a lot to host in-house for a start.

        There is a LOT wrong with the cloud if it's wrongly used.

    2. Jimbob 3

      In Azure it is called ASR (Azure Site Recovery) which copies workloads from on-premise to cloud or from one cloud region (say Northern Europe) to a completely different region (say Western Europe) giving continuous protection allowing replication frequency as low as a few minutes.

    3. Kiwi Silver badge
      Mushroom

      I’m less interested in all of the amateur hacking advise, and more interested in hearing from folks on how they would go about securing and protecting their company’s cloud resources.

      Quite simple (at least in theory), onsite and offsite backups are the first and biggest key to protecting your systems. If you don't have a backup, you don't have any data worth backing up. Offline backups are critical to that of course :)

      Any multi-factor or even multi-person authentication system, if you can get it set up, is also valuable. DON'T have the 2 bits with one person of course.

      Wellington city could be nuked, everything within 100km wiped out, and my data would be safe. I probably wouldn't be around to get to it of course, but at least my dying moments won't involve worrying if my backups are safe or not :)

  22. IGnatius T Foobar !

    Sounds like Voova is the guilty party.

    Let's make a list of everything Voova did wrong. Proper IT practices are supposed to safeguard against things like this.

    * Why didn't they have two-factor authentication, preventing Needham from logging in after he was sacked?

    * Where are the backups?

    * What if the accounts hadn't been deleted, but instead crypto-locked by ransom hackers?

    It sounds like Voova was very poorly prepared for data loss, and they've blamed a rogue employee for everything THEY did wrong.

    1. TrumpSlurp the Troll Silver badge
      Facepalm

      Re: Sounds like Voova is the guilty party. 2FA

      Just checking.

      Who configures the 2FA?

      It wouldn't, by any chance, be the sysadmins would it?

      1. Kiwi Silver badge
        Holmes

        Re: Sounds like Voova is the guilty party. 2FA

        Just checking.

        Who configures the 2FA?

        It wouldn't, by any chance, be the sysadmins would it?

        I have often (more than a hundred times in the last 2 years) taken a machine to a password prompt[1] and then turned my back or even left a room while the user typed in their password. If configured so a code is sent to a cellphone, and the system needs said code exchange to change the # to another phone, then when the non-admin's phone # is entered it should be fairly safe from abuse (so long as the phone is not lost or left around where idle hands can find some work)

        I'm sure many of those who chose not to reply thought this was pretty obvious :)

        [1] Either a "enter your existing password" or a "create a new password" prompt.

  23. AndyWhiteHat

    Perspective

    Gee, that's the thanks the company gets for giving him a job, giving him a chance, and giving him two (or four if paid weekly) paychecks?

    In employment, two different parties come together and come to an agreement or arrangement where both parties mutually benefit and enjoy an enrichment that they both did not before their agreement. And at any time in such an arrangement, if either party feels that this arrangement is no longer in their best interest, or is providing value or benefit to them, that party may end the relationship and remove themselves from the deal. The beauty of such an arrangement is that it maximizes freedoms, a true free market spirit wherein good ideas, quality work and good value flourish the most and everyone gets maximum benefit while still acting only in their self-interest. Its a beautiful thing.

    And so when an employee is failing to do his job, is incompetent, or is taking advantage by doing little to no actual work on company time, and the company decides to quit funding the employee's laziness or 'free ride', instead of being thankful for the opportunity and the ability to pay his/her bills and make rent for another month, the employee decides to go on a vindictive, self-pity-fueled vandalism spree? Yikes. Some people, man... They need to have a little more perspective...

  24. John Savard Silver badge

    Guilty Party?

    It certainly is true there ought to have been backups to which that employee would not have had access.

    But that would involve spending extra money, and a business competing ferociously has to cut costs everywhere it can, even some places where it shouldn't.

    The guilty party is the dishonest person who did what he knew he wasn't allowed to. But the employees made redundant should still be able to include their former employer as well as the perpetrator as having a joint and several responsibility, given that not having backups is not standard best practice.

  25. Winkypop Silver badge

    A clouded judgement

    The sentence seems light, albeit in keeping with current UK laws.

    If this was America, he'd get 3 life terms + 100 years for any offspring.

  26. Anonymous Coward
    Anonymous Coward

    Imagine that..

    Moss reached the top afterall..whatever happened to Jen and Roy?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019