back to article Guy is booted out of IT amid outsourcing, wipes databases, deletes emails... goes straight to jail for two-plus years

A former IT administrator has been sentenced to more than two years in prison for accessing his employer's computers without authorization and deleting company files. The US Attorney's Office for the Central District of California today said Nikishna Polequaptewa, 37, of Avondale, Arizona, has been sentenced to 27 months in …

  1. Throatwarbler Mangrove Silver badge
    FAIL

    Sounds like a very stable genius . . .

    . . . I can't imagine why they would relieve him of responsibility.

    1. BillG
      Facepalm

      Doh!

      "Shortly after Polequaptewa announced his resignation, Blue Stone employees began to notice that the data, emails and computer files were being deleted/transferred from Blue Stone's databases, servers and email accounts," the civil filing explains.

      I'm sorry, but shouldn't this read "Shortly after Polequaptewa announced his resignation, Blue Stone removed access and changed all passwords to accounts Polequaptewa had access to."?

      Oh, my bad, it didn't read this because Blue Stone didn't do it.

      1. Pascal Monett Silver badge
        Facepalm

        And apparently, Blue Stone doesn't do backups either

        "it spent about 10 hours restoring as much data as possible"

        If you'd had a proper backup, stored offline and not available to the miscreant, it would not have taken 10 hours.

        Then again, seeing as management didn't think of stripping him of his access in the first place, it's more than likely he could have gotten to the backup as well.

        Well, Blue Stone has learned an expensive lesson and will now be making regular backups and not letting employees keep accesses that they no longer need, right ? RIGHT ?

        And I'm going to win the Lottery next Friday.

      2. Umbracorn

        Re: Doh!

        Well, obviously they couldn't change his passwords and remove his access because their IT manager had resigned recently, and they hadn't finished their outsourcing. :D

      3. joker197cinque

        Re: Doh!

        Who shoul'd have done that ? Executives ? LOL

        Perfectly agree that outsourced IT should have alerted them to do so, though.

  2. elDog

    Just like divorces, there's rarely a good outcome for all.

    Companies should constantly have contingency plans for when any of their key personnel decide to move on. This includes IT, senior management, accountants, and anyone who is key to the continued operations.

    IT and other staff should always be aware that they can be made redundant (fired in the US) at any moment. The old days of corporate loyalty have long since disappeared.

    As always, it's the kids that are hurt.

    1. Yet Another Anonymous coward Silver badge

      Re: Just like divorces, there's rarely a good outcome for all.

      >Companies should constantly have contingency plans for when any of their key personnel decide to move on

      Old carpet, shovels and a local concrete pour ?

      1. Sgt_Oddball Silver badge
        Holmes

        Re: Just like divorces, there's rarely a good outcome for all.

        You're thinking of BOFH and PFY's....

        (on that note is the PFY still considered a youth?)

        1. Fred Flintstone Gold badge

          Re: Just like divorces, there's rarely a good outcome for all.

          So now more just a PF then (minus the "Y")?

        2. hittitezombie

          Re: Just like divorces, there's rarely a good outcome for all.

          He's still young and I'm not getting any older!!!

          1. John Brown (no body) Silver badge

            Re: Just like divorces, there's rarely a good outcome for all.

            He still has the painting in the attic.

    2. Moosh

      Re: Just like divorces, there's rarely a good outcome for all.

      Similar to how financial institutions fire people. You only find out on the day, and are then escorted by security the entire time you are clearing out your desk etc. to make sure you don't just sabotage everything

      1. Lord Elpuss Silver badge

        Re: Just like divorces, there's rarely a good outcome for all.

        "Similar to how financial institutions fire people. You only find out on the day, and are then escorted by security the entire time you are clearing out your desk etc. to make sure you don't just sabotage everything"

        (Part of the) problem here is he took his access with him; wiping the company iMac remotely using Find my iPhone. So the message is really yes; escort people from the premises as soon as they're removed from a position, but also make sure all access to company systems is granted/revoked in real time as responsibilities change. Back in my day that was automated through TIM/TAM, I'm sure there are better/more comprehensive access management tools around now.

        1. Rohime

          Re: Just like divorces, there's rarely a good outcome for all.

          Ahh... Tim Tams' - the best biscuit in Oz. Those IBM Tivoli products though ... what a pile of 'biscuits'.

          1. CountCadaver Bronze badge

            Re: Just like divorces, there's rarely a good outcome for all.

            Tim Tams > Penguins

            (Penguins being particularly foul creations and I was most displeased when Tesco stopped stocking TimTams......)

          2. CrazyOldCatMan Silver badge

            Re: Just like divorces, there's rarely a good outcome for all.

            Tim Tams' - the best biscuit in Oz

            Also the nickname of one of my cats.. (her proper name is Tamera[1])

            [1] We were on a Celtic naming burst then (and still are) - so her brother is Ruan[3], the next two cats are Tegan[2] and Gwenifer[4] and LatestCat is Anwen..

            [2] Pronounced with a short e - not as "Teegan" like some uneducated people do..

            [3] "Little red man" - he's an ENORMOUS ginger. Strong in arm and thick in head..

            [4] Cornish version of Guinevere.

      2. Roland6 Silver badge

        Re: Just like divorces, there's rarely a good outcome for all.

        >You only find out on the day, and are then escorted by security the entire time you are clearing out your desk etc.

        I remember yesterdays world...

        The problem is systems access in the cloud era and specifically remote access and its timely revocation - which seems to be a major part of the case covered by the article.

        Larger companies may had installed provisioning systems, that permit the instigation and revocation of access privileges within minutes across their estate. However, smaller companies rely much more on trust and manual systems, also within smaller companies you tend to have fewer people who understand the importance of access security and have the skills and time to do something about it.

        With an SME client, who are (slowly step-by-step) moving to the cloud, one strand of the work is getting them to appreciate that management/sysadmin access to their cloud-based (non-financial) business processes is a business issue and not an IT issue. Interestingly, they fully get why the Fin.Dir. refuses to give IT access to the Sage cloud accounting and payroll system, bank account. Fortunately, this project was overtaken by GDPR which has done much to get the business to understand that some things it had previously thrown over the office partition to IT, were and are not.

      3. A.P. Veening Silver badge

        Re: Just like divorces, there's rarely a good outcome for all.

        Similar to how financial institutions fire people. You only find out on the day, and are then escorted by security the entire time you are clearing out your desk etc. to make sure you don't just sabotage everything

        A good friend of mine once managed to wipe the complete database with security and police watching him closely. He just told the owner of the company she had a choice between letting him remove stuff licensed to him personally or have her offices raided within hours of his removal for running unlicensed programs.

        My personal preference is to have a logical bomb go off if I haven't logged into the system for more than 189 days (27 weeks). And that logical bomb will wipe the complete system and all online backups.

        1. Lord Elpuss Silver badge

          Re: Just like divorces, there's rarely a good outcome for all.

          ”My personal preference is to have a logical bomb go off if I haven't logged into the system for more than 189 days (27 weeks). And that logical bomb will wipe the complete system and all online backups.“

          Well, at least after reading this article you know what you can expect for sh*t like that...

        2. Kabukiwookie Silver badge

          Re: Just like divorces, there's rarely a good outcome for all.

          You can only lose your good reputation once.

          If you happen to work for idiots that require you to bring in your own gear/licences to do the job they hired you for. Immediately start looking for something else.

          That also prevents very bad situations where someone thinks a logic bomb is a good idea.

          Good reputations take years to build and only minutes to destroy.

          On that note. Make sure you also always retain a copy of any emails where you're providing advice that may prevent disasters that's being blatantly ignored.

          1. CrazyOldCatMan Silver badge

            Re: Just like divorces, there's rarely a good outcome for all.

            You can only lose your good reputation once

            This is true - many years ago, a couple of IT contractors that I worked with got convicted of stealing stuff from our employer (it's hard to argue when several bits of kit secretly marked with SmartWater turn out to be in your house..).

            Post-charging and conviction, I don't think they ever got an IT contract again. Not many employers are going to trust someone convicted of stealing from employers..

        3. james_smith Bronze badge

          Re: Just like divorces, there's rarely a good outcome for all.

          I once got accused of illegal access to an employer's servers when they got hacked. I was contract programming for them - an internet startup - at the time and had warned them that their systems were insecure. When the inevitable happened they decided to pretend i must have done it because they didn't want to acknowledge to the investors that they'd been incompetent. They marched me out and then didn't pay my last invoice. So I took them to small claims court, which ruled in my favour as they didn't bother to respond to the letters. I hoped they wouldn't pay up so I could send the bailiffs in, but they did finally send a cheque in time. Took nine months of faffing about though.

        4. Anonymous Coward
          Anonymous Coward

          Re: Just like divorces, there's rarely a good outcome for all.

          I hope "A.P. Veening" is an alias!

          1. Rich 11 Silver badge

            Re: Just like divorces, there's rarely a good outcome for all.

            I hope "A.P. Veening" is an alias!

            I don't.

        5. Anonymous Coward
          Anonymous Coward

          re: logical bomb

          I knew a guy who planted one for just after his retirement, but he was kept on as a consultant, so he defused it.

        6. Anonymous Coward
          Anonymous Coward

          Re: Just like divorces, there's rarely a good outcome for all.

          Been there.. Done that!!

      4. Anonymous Coward
        Anonymous Coward

        Re: Just like divorces, there's rarely a good outcome for all.

        Keep in mind most stuff there is 2 factor 2 people. And they still treat an individual without the 2 factor access, or a second person on their team this way.

        Kinda overboard when revoking the passwords/keys should work.

        1. Stoneshop Silver badge
          FAIL

          Re: Just like divorces, there's rarely a good outcome for all.

          Kinda overboard when revoking the passwords/keys should work.

          When dealing with the one guy who does IT in a small company:

          - are you sure you have disabled ALL his access? Has he opened up some database or a file share to the outside world (because the head honcho found it would make his job, and/or that of some of the other cheeses, easier) which can't be changed or disabled because @reasons and $breakage?

          - is there anyone else around to actually do that?

      5. cavac

        Re: Just like divorces, there's rarely a good outcome for all.

        That doesn't prevent the IT version of a dead man switch. Like a system wipe that goes off unless some specific action is done every few weeks.

        This can be designed even a passive version that can't be interpreted as malicious. Something like having to do a manual cleanup of the backup storage so new backups can be archived. And due to a accidentally-on-purpose forgetting to configure the warning mails nobody will know until they need to restore a critical server....

  3. Doctor Syntax Silver badge

    "The company says it spent about 10 hours restoring as much data as possible, at a cost of about $50,000."

    $5,000 an hour? Was the CEO doing it himself?

    1. Mayday
      Pirate

      I need to revise my contracting rates. I'll happily do the job for half of that.

    2. doublelayer Silver badge

      My guess is that they brought in some external people at high rates to do it (probably getting them in a rush, too), and that those people took it upon themselves to spend extra money, such as paying for someone to recover data from the hard drives in the mac on the theory that some data might be on that but not yet in the backup. Add in some money for lost productivity and fifty thousand sounds more normal, if still a bit inflated.

      1. Anonymous Coward
        Anonymous Coward

        You also have to take into account the usual lawsuit inflation, which is at least 50%.

      2. Stoneshop Silver badge
        Facepalm

        on the theory that some data might be on that but not yet in the backup

        Backups? How quaint. It's on a NAS (which might have RAID1 or even RAID5) and in the cloud, why would they need to bother with backups?

        1. martinusher Silver badge

          Re: on the theory that some data might be on that but not yet in the backup

          >why would they need to bother with backups?

          Ransomware.

          This might be the way to sabotage the company....allow in an appropriate piece of malware and just wait....

        2. FQ

          Re: on the theory that some data might be on that but not yet in the backup

          I once has a RAID 5 rank fail with double disk failure within the rebuild window (with hot spare configured, no less). I have since then preferred RAID 6. And always have at least 3 copies of backup, each with multiple generations, at 2 different sites.

          1. Stoneshop Silver badge
            Holmes

            Re: on the theory that some data might be on that but not yet in the backup

            Do people here really need <sarcasm> tags?

            1. Rich 11 Silver badge

              Re: on the theory that some data might be on that but not yet in the backup

              Do people here really need <sarcasm> tags?

              Given the bizarre shit some people post, yes.

          2. Peter Gathercole Silver badge

            Re: on the theory that some data might be on that but not yet in the backup @FQ

            Probably all of the disks came from the same batch, with the same MTBF. It's a common problem with large RAID arrays. Once you get into the main part of the distribution bell curve, many will fail at around the same time.

            You would have thought that the people providing large raid arrays would have learned this by now, but I still see disks with near sequential serial numbers being supplied.

          3. Peter Ford

            Re: on the theory that some data might be on that but not yet in the backup

            I had a RAID6 fail with three drives dying in quick succession - I suspect the first chucked up some nasty vibrations in its death throes that took out the two next to it...

            And it was on Christmas Eve...

            Still, the on-site backups worked well enough to get me through to the New Year on a reduced array (and a couple of hot spare machines) until I could get hands on to sort it out...

            1. Anonymous Coward
              Anonymous Coward

              Re: on the theory that some data might be on that but not yet in the backup

              Not my story, so AC, but a mate of mine had a bearing fail in an Infortrend enclosure. The vibrations were so bad they caused drive write timeouts all through the cabinet.

              And, as you say, at the start of a long weekend, so the damage could take longer to accrue.

              RAID is only useful if it can actually write everything back to the drives. When some drives are writing and others aren't it's a mess. He had a total loss.

              On the other hand he had meticulous backups. It took time to recover, and he was begging and borrowing whatever drives he could lay his hands on to get the most urgent data running, but he got everything back. Pretty scary what a single failed spindle can do though.

              On the plus side, SSDs are now only 4x the cost of spinning drives!

            2. defiler Silver badge

              Re: on the theory that some data might be on that but not yet in the backup

              I had my home RAID6 crap itself last week. It's now taken a week to get everything back in order again. I think it's been a cooling issue, but the sweat ran cold when I saw that 4 drives had dropped at once.

              Linux mdadm has hauled me out of the shit more than once on that wee box. I'm now making plans to build a new home server and repurpose this box as a backup.

              Best time to deploy a backup system was 6 months ago. Second best time is today.

          4. Aitor 1 Silver badge

            Re: on the theory that some data might be on that but not yet in the backup

            Well, RAID 5 these days will probably fail while rebuilding.. good idea to move on.l

    3. Alan Johnson

      @Doctor Syntax

      "The company says it spent about 10 hours restoring as much data as possible, at a cost of about $50,000."

      There are teh direct costs of restoration plus the indirect loss that employees cannot work effectively.

      It looks like they have around 25 employees and given the actions taken probably took out the ability for those employees to work effectively for around 5 days giving time for reaction, sourcing a supplier to address the issue, and the supplier to address the issue the loss per employeee being claimed is only $2000 or assuming 5 days $50 an hour. That does not seem outrageous.

    4. Lord Elpuss Silver badge

      "The company says it spent about 10 hours restoring as much data as possible, at a cost of about $50,000."

      Isn't there a clipping level beyond which crimes become a federal matter? Any good prosecutor will do their damndest to make sure any losses exceed that level in order to secure the 'proper' punishment - so a "We needed to buy a new USB disk" (cost $50) becomes "We needed to implement a total hierarchical data recovery procedure involving the stepwise retrieval of more than 3 million files, employing consultants to make sure the restored data tree reflected both the original state plus any modifications since that time, plus accounting for losses incurred during the retrieval operation" ($50,001).

    5. Youweresaying

      Nah

      If the CEO had to do it he'd delegate but still take 80% of the fee himself anyway.

    6. Naselus

      Well, restoring the servers and DBs etc probably only cost about $2000. The rest was spent buying a replacement iMac with a new monitor stand.

    7. zb

      No, the CEO would not be doing that. Maybe his wife or children sacrificed 10 hours of their time for $50k. The auditors will want some of that good fortune.

      Or maybe it was a typo in the report?

  4. Doctor Syntax Silver badge

    "During the meeting with Polequaptewa, Blue Stone executives asked that Polequaptewa 'turn over' all of the data needed to hand the IT, web design and marketing over to the third party external companies,"

    I'd have thought he could have done a fair amount of damage quite legally by just resigning on the spot depending on how well - or not - it was all documented. It'd probably have cost them a packet just to have the outsourcers get up to speed.

    1. Nick Kew

      Surely just do exactly and literally as he was told.

      It's worked for the Devil for millennia: He can grant someone an ill-advised wish with lawyerly precision and meticulous attention to detail, and watch them suffer. And an inadequately-specified[1] IT handover is an open goal for the bloody-minded.

      [1] excuse the redundancy in my language.

      1. phuzz Silver badge

        Even in situations where the person leaving has been as helpful as possible, there's still always an old system that everyone has forgotten about...until it fall over.

        Then you're left going through all the old passwords you can remember, and frantically searching for your predecessor's contact details.

        1. Alien8n Silver badge

          Don't you just love being asked to contract for the company that made you redundant.

          Luckily for my previous employers I'm not a vindictive bastard, I just charged them double the salary I was getting when working there full time. And made sure to point out that if they needed me to come in and do my previous job because no one else could do it then just maybe the job wasn't actually redundant and they were technically breaking the law by getting rid of me and not the other analyst that I had to keep helping out because he didn't know how to do his job.

          I didn't however point out the obvious flaw in their recruitment, why the hell would you invite back the guy you just got rid of? That's just asking for trouble.

          1. HmmmYes

            I just charged them double the salary I was getting when working there full time.

            You priced yourself too cheaply then.

            As a rule of thumb, when contracting, you need to be looking for 2x the equivalent employed rate.

            For some sort of disaster, mess, then the rate is going to much higher.

            1. Alien8n Silver badge

              I was the higher paid of the 2 analysts, so as you said my requested rate was 2x what I was paid while I was there. It certainly wasn't any sort of disaster or mess that I was returning to fix, they just needed a couple of reports changing, something the other guy really should have known how to do.

              A quick Google and I see the company in question changed hands and rebranded shortly afterwards.

          2. Pirate Dave Silver badge
            Pirate

            "Don't you just love being asked to contract for the company that made you redundant."

            I told mine to go fuck themselves with a red-hot poker, because I may not be vindictive, but I am certainly a bastard. That was right after I told them it would take me about 5 minutes to fix the problem that their new Indian engineers had been unsuccessfully working on for the past 2 weeks. Outsource the guy who built the system, and you can fucking well take care of it yourself, starting immediately.

          3. MarthaFarqhar

            I had a similar situation, I was the local IT and he thought my position was redundant, he decided to play silly buggers. Got a new position, wrote meticulous documentation, made sure I left everything in order.

            He didn't actually understand my role, but soon realised.

            Whatever instructions/documentation etc would not be followed and calling me two days after I left and started my new role, that I wasn't going to "do him a favour" and bail him out of brown stuff.

            It cost him a weeks wages to get me back in, in cash before I set foot in the area the fault had occurred.

            Despite me telling me repeatedly that spares are good in time critical situations, it backfired spectacularly when they lost around 100,000 quids worth of production, a production line crew standing idle for what should have cost 1600 in parts and one electrician following instructions to restore a backup to a touchscreen. He had to wait till morning to get a refurbed screen,

            I left site 10 minutes after I arrived, a huge grin and a perfect tale for future employers that documentation, courtesy and spare parts can really make a difference, and Schadenfreude is real and so, so satisfying.

  5. Yet Another Anonymous coward Silver badge

    so the moral of the story

    Always accidentally delete all the data while still employed, don't access it after you have left

    1. Anonymous Coward
      Anonymous Coward

      Re: so the moral of the story

      It is why I always make absolutely sure that ALL passwords are passed over and ALL data is transferred in a manner that gets me a signoff or other confirmation I can later draw on in case someone tries to pull a fast one.

      Once I have confirmation, all data of that job is erased on my end (including paswords, even though it's part of handover to witness them being changed by the client) - that way, even a breach or theft won't be able to disclose sensitive data.

      I would not WANT access to any client system post job, so I make sure it's very clear I can't. Better safe than falsely accused.

      1. Prst. V.Jeltz Silver badge

        Re: so the moral of the story

        Sounds a little paranoid to me.

        also , if something does happen "post job" and they get it into their heads it was you they'll be thinking:

        "oh , remember that big song and dance he made about watching us change the passwords, and then making us watch him erase stuff off his laptop , that was a couple of hours we'll never get back , anyway he was clearly setting up his alibi for the sting, and must have made a secret back door"

        1. NetBlackOps

          Re: so the moral of the story

          I use the exact same procedures that are required in the turnover of classified materials and their repositories as required by the US DoD. If someone has a problem with that, good luck in court. Requiring the passwords be changed is exactly the same as requiring that all safe combinations be changed. The Book exists for a reason.

        2. Roland6 Silver badge

          Re: so the moral of the story

          >Sounds a little paranoid to me.

          Yes it does, however, what is helpful is establishing professional habits.

          Whilst for some clients I do remember passwords etc I still ask the IT guy to log me in and either sit and watch whilst I perform the sysadmin action or get them to be my pair of hands; it doesn't make things quicker but it helps give the client confidence that they knew what I was doing and I wasn't 'exploring' their system.

          >Secret trapdoor

          As a networking expert, it is a little worrying that I have all the passwords and configuration details of their network, client isn't in a hurry to find someone for me to hand this information over to, so in some ways the secret trapdoor is knowing the IP address of the management system. Fortunately, the FinDir is happy for me to leave a brown envelope in her safe...

          1. BebopWeBop Silver badge

            Re: so the moral of the story

            I do it when I am working on anything for my partner (frequently). Not because I would either think of messing something up, but to remind her that it is good practice to never give away passwords.

          2. Anonymous Coward
            Anonymous Coward

            Re: so the moral of the story

            >Sounds a little paranoid to me.

            Yes it does, however, what is helpful is establishing professional habits.

            Thank you. It's about the first thing I hammer into new recruits: good habits rescue you when your brain isn't quite up to speed yet (or anymore).

            You shall not rely on them, but build them ye shall, for fate and Murphy's Law will otherwise have you for breakfast.

        3. Claptrap314 Silver badge

          Re: so the moral of the story

          Whenever I take my car in to be worked on, I remove the key from my keychain & hand them the key. My wife saw this and asked, "Don't you trust him?" "If I did not trust him, I would not let him work on my car. I'm doing this because I like him." She looked at the mechanic. "He's doing this because he likes me."

          The principle of Least Access is so fundamental that if you don't practice it, you don't have security.

          From an individual standpoint, the obverse is equally important. If I get robbed, my mechanic does not want the police crawling all over his establishment. If a former employer get hacked, I don't want to get a call.

        4. Kabukiwookie Silver badge

          Re: so the moral of the story

          Sounds a little paranoid to me.

          You don't sound paranoid enough.

          There are vindictive gits out there who would not shy from destroying your reputation by claiming you did something to the company's infrastructure after you left.

          My rule of thumb is to make sure that all my accounts are removed/disabled the day I leave and that I have a copy of my entire mailbox, including the confirmation mail that my accounts have been disabled to prevent 'misunderstandings'.

          Once had a company that, while returning their kit, tried to sneak a very expensive phone into the declaration that they wanted me to sign off on, which I had never received.

        5. Anonymous Coward
          Anonymous Coward

          Re: so the moral of the story

          Sounds a little paranoid to me.

          That depends what you work on. I work with a lot of sensitive material, in some cases to the point where it is not even allowed to leave the premises and so lives on a dedicated, client provided machine for the duration (and typically only the required extracts). In order to work at such sensitive levels you MUST follow the rules to the letter, and sometimes even go beyond your obligations because 99% of security and confidentiality depend on the attitude of the operator - let's be honest, if you have access, you are in principle a possible leak, deliberate or accidental.

          There is no way in hell that I would ever even think of taking shortcuts with information I am entrusted with, doing The Right Thing™ is IMHO quite simply the only possible modus operandi.

          You may call it paranoid, for me this is simply matching diligence to requirement.

  6. IceC0ld Silver badge

    is it just me, or does it read that the Co had a single point of failure built into their IT set up ?

    who, in this day and age has a single enterprise / domain admin

    T - his

    I - s

    T - he

    S - ingle

    U - ser

    P - aradox

    and who in their right minds has all data so easily accessible it can all be cleared in a single visit

    as for the recovery rates ..............

    The company says it spent about 10 hours restoring as much data as possible, at a cost of about $50,000.

    does anyone else suspect a litlle bit of enhancment for 'insurance purposes' ffs

    1. doublelayer Silver badge

      Plenty of small places have only one admin. Some very small places have no admin. I, for example, am a volunteer admin for a charity near me. Other than me, they have nobody, outsourced or not. When I arrived, their server was running on the "it better not fall over because nobody knows what it does or how its configured or the login password" paradigm. So it isn't that unusual to have only one admin, or at least one admin who manages all the systems with lower-level admins who do specific systems or systems in specific places. And I could destroy all this place's data in about five minutes should it turn out that I'm evil.

      1. Anonymous Coward
        Anonymous Coward

        Hey Ace

        It does sound like so many of the above commenters will only fly jets of 3 or more engines. Others of us are happy we still have both wings on our biplanes.

        1. STOP_FORTH Silver badge
          Headmaster

          Re: Hey Ace

          Both sets of wings?

          1. Aqua Marina

            Both sets of wings?

            Doesn’t a Bi plane have 3 wings?

            1. Andre 3

              Re: Both sets of wings?

              Errm that would be a Triplane...

              1. STOP_FORTH Silver badge
                Boffin

                Re: Both sets of wings?

                Hmm, tricky. Top wing on a biplane or triplane is often one structure, so I guess that counts as one.

                I've had a swift dekko at some pictures of Fokkers and Sopwiths, and it's difficult to tell from the pictures online.

                I'm going to go with:-

                Monoplane - one or two

                Biplane - three or four.

                Triplane - three, four or five.

                Dick Dastardly's plane - variable.

                Let that be final.

                1. Orv Silver badge

                  Re: Both sets of wings?

                  Then we could get into the whole "biplane or sesquiplane?" argument. ;)

                  1. Stoneshop Silver badge
                    1. Allan George Dyer Silver badge
                      Boffin

                      Re: Both sets of wings?

                      Wow! I've never seen that before. The most remarkable thing about it is that Wikipedia says it flew successfully exactly once.

                      1. STOP_FORTH Silver badge

                        Re: Both sets of wings?

                        That's a monster. Sesquiplanes were biplanes with skinny (reduced chord) lower wings. I always assumed this was to aid visibility, but maybe they just acted as (aerodynamic) trusses to support the "proper" wings up top.

                  2. STOP_FORTH Silver badge
                    Facepalm

                    Re: Both sets of wings?

                    I'd forgotten about those freaky flying machines!

                    Sesquiplane - 2 or 3

                    Let's not think about that one that looked like venetian blinds writ large that collapsed whilst taking off.

                    (Probably available on Youtube, but I don't know how you'd find it.)

                    1. Stoneshop Silver badge

                      that one that looked like venetian blinds writ large

                      Like this?

                      1. STOP_FORTH Silver badge

                        Re: that one that looked like venetian blinds writ large

                        That look very like it, the film I saw showed the wings folding up and the undercarriage collapsing when take-off was attempted.

                        Anyone interested in early flight should definitely follow the link on that page. What were they all thinking?

            2. Gaius

              Re: Both sets of wings?

              Yes, usually a left wing, a right wing, and one long wing across the top. It needs all of them tho’.

              1. james_smith Bronze badge

                Re: Both sets of wings?

                Polikarpov I-153 has four wings and is a biplane. The top wings angle down near the fuselage, suggesting a seagulls wings and hence it's nickname of "gull".

        2. Anonymous Coward
          Anonymous Coward

          Re: Hey Ace

          Both sets of wings? When i was 'lad, any wings were 'bonus.

      2. Alien8n Silver badge

        Single admin here (single as in the only IT person employed by the company).

        It's part of my job to ensure the outsourced IT company does what we require of them. And then have the pleasure of fixing all the issues they create when they cock it all up. Next month will be very pleasurable when we change IT outsourcer.

        1. Alistair Silver badge
          Windows

          @Alien8n:

          "Next month will be very pleasurable when we change IT outsourcer."

          Sir, I have some very bad news for you...... It only gets worse.

          1. Alien8n Silver badge

            We actually got lucky, we acquired a business earlier in the year. Response from the people transferred over was that their IT company was actually well liked, knowledgeable, and good at communicating issues. As we required their knowledge of the systems we transferred over to us, we also transferred their support as well. As a result we were able to work with them for several months. Not often you get to "try before you buy" in this business. It certainly made the decision to switch a lot easier.

    2. rmason Silver badge

      Given that their total central IT infrastructure seems to be one Mac and one home standard NAS (I have a synology under my stairs serving media) and a gSuite account, how many people should they have employed?

      And of course they didn't care what they paid, they knew they'd sue and they knew they'd win.

  7. swm Silver badge

    I manage a website for a local square dance federation. I try to document everything and try to make sure that other people have the root password and understand the update process etc.

    Previously this same federation lost their entire subscription database when the secretive owner of the database got killed in a car crash an no one knew the password to her mac to fetch it.

    1. Anonymous Coward
      Anonymous Coward

      I throw all client passwords into a SecureSafe account and give them the inheritance code.

      That way, they can get to them in two days (which is the time I set) if something happens to me, yet they cannot use my passwords to log in as me while I'm working. Protects both sides at the cost of a tiny bit of effort - worth it IMHO.

      It depends a bit on how they manage access, typically, the stuff I work on is too sensitive to be hooked up to an AD where a rogue admin can reset a password.

  8. Compuserve User

    A Cryptic Response

    Would it not be safer to encrypt the data instead of deleting it? Stick the files in one big container and 512 bit scramble it.

    Let the management types figure that one out. The data is there..kinda. That would get you 12 months vacation in minimum security.

    While we are at it, where are the backups? The activity we all supposed to do, but find out later we didn't.

    1. Muscleguy Silver badge

      Re: A Cryptic Response

      Backups would have been the perp's responsibility, yes? So chalk that one to him as well. My bet he is self taught and it was his 'baby' he was being asked to hand over to strangers. Then when he found out they were stiffing him on his wages, possible, and giving tribal backhanders he snapped.

      Then again it is entirely possible they tried to mature their systems and he was obstructive.

    2. Flywheel Silver badge

      Re: A Cryptic Response

      stored its work-related data on ... cloud services run by Google, Bluehost, MailChimp, and Cox Communications

      It sounds to me like they had cloud "backups" but if he was charge of those as well, as others have suggested...

      1. doublelayer Silver badge

        Re: A Cryptic Response

        They said they completed the recovery effort in ten hours, which implies they had backups of some sort. Whether that is cloud backups that were not destroyed or were recovered in time or physical backups, it seems likely they had something.

    3. Roland6 Silver badge
      Pint

      Re: A Cryptic Response

      >Would it not be safer to encrypt the data instead of deleting it?

      You mean go into business with Red Mosquito and their 'friends' ?

  9. Anonymous South African Coward Silver badge

    I simply can't do this kind of thing - delete files from an ex-company's server(s)... it just is not in me.

    And because it is not worth the effort, hassle or whatever, and definitely not worth sitting in jail for.

    1. Aitor 1 Silver badge

      Un ethical

      Such a move is wrong, and I would not do it, and most people wont do it either. It is GOOD that is not un us, even if no penalty was really there.

  10. Paul Johnston
    Joke

    Fairly sure

    No one at our places the the title "senior strategist handling information technology and marketing" would have the tech skills to do this!

  11. trevorde

    Amateur!

    He should've wiped/corrupted the backups first.

  12. mutt13y

    Who would do any forensic analysis

    > it was decided that the company would move its IT, web design, and marketing to external vendors.

    then

    >When officers arrived and interviewed Polequaptewa in his hotel room, he admitted accessing the company's infrastructure, according to Blue Stone's civil filing.

    What an idiot

  13. Anonymous Coward
    Anonymous Coward

    Definitely a sell

    "_Blue Stone stored its work-related data on an in-office Mac Pro computer and an in-office Synology server in Irvine, and on cloud services run by Google, Bluehost, MailChimp, and Cox Communications._"

    Yeah. Really sounds like a professional outfit. The real crime here was gross technological malpractice by company leadership. Not likely to inspire confidence by their investors, assuming said investors have more of a clue than the company's execs.

    1. Stoneshop Silver badge

      Next question

      Yeah. Really sounds like a professional outfit.

      Did Polequaptewat set those cloud services up, or did he 'inherit' them from an attempt by one of the executives to get some automation going?

  14. Aristotles slow and dimwitted horse Silver badge

    Just asking for a friend...

    Not trying to take away the fuckwittery of this genius' crimes, but what of "he quit after filing whistleblower complaints against Blue Stone for alleged improper payments to Indian gaming officials, tribal leaders and a New Mexico politician."

    Presumably these complaints have been swept under the teepee?

  15. Anonymous Coward
    Anonymous Coward

    Silly man

    You don't just wipe everything. You use a colleagues login to make a cron job that every so often *changes* data *ever so subtly* in ways that are almost impossible to remove. Increase or decrease order quantities, change the house number or phone number in a CRM by a digit or two, swap the parent field of records so they both look sane, but are utterly wrong. Make the script become more and more damaging and run more often, as time passes, perhaps an exponential increase, multipying the number of records changed per day by 1.5. The idea is that nobody notices for a while, so restoring to a known good backup would cause months worth of data loss, and that the corruption looks very similar to genuine changes.

    1. Spacedinvader

      Re: Silly man

      Sounds like you are speaking from experience...

  16. Anonymous Coward
    Anonymous Coward

    2014 seems to have been quite a year for Mr Nikishna.

    https://www.dailycal.org/2017/05/11/former-uc-irvine-employee-nikishna-polequaptewa-found-violated-uc-policy-sexual-harassment/

  17. Anonymous Coward
    Anonymous Coward

    Nothing new under the sun

    It's not new. In 1979, I left the company I had been working for as IT manager. I continued to do some freelance work for them, remotely via an acoustic coupler. SHortly afterwards, a junior member of staff left under something of a cloud (I forget why; I didn't work for them when it happened). A little later, things started to go wrong, and it turned out that said underling had installed logic bombs in some of his code; my memory is not perfect at this distance in time, but I think I found some of them. At that point the company decided that my external access was a security hole too far, and we parted company amicably (they knew the logic bombs weren't mine!).

  18. Kevin McMurtrie Silver badge

    Thoughts on rage quitting

    If your employer really is horribly bad, leave on good terms and let them fail on their own.

    If you've been screwed, there are government phone numbers that will fix things faster than you think (because the government collects fines).

    If they're doing fine, it's probably you. Leave on good terms and hope everything stays quiet.

    Trashing the place and going to jail - no.

  19. Anonymous Coward
    Anonymous Coward

    What a tool

    The best thing he could have done was do as they’d asked and watch it all burn. The outsourced systems would undoubtedly end up costing more than having one guy part time on it. In my experience even a minimally trained in house IT guy often has more knowledge / skills than outsourcers and are more aware of the business needs. That said, given he decided to be an idiot perhaps I am giving him too much credit.

    If I left my job I’ve made sure that although it’d be a pain to replace me as it’s hard to recruit quality IT people, there are others in the team that could between them do my job. This was not the case when I took over from the last guy!

  20. rayrite
    Happy

    Wonderful Story

    As IT person, it saddens me to see people lose their jobs to outsourcing. Fucking over people's lives for profit margins. I don't condone this. However, there should be a less humiliating and disrespectful way to transfer responsibility then to make your outgoing employee do it. The company had a chance to be proactive when they noticed he was being uncooperative.. fuck that company both parties got what they deserved. Hopefully, this is a lesson for companies to just do their own dirty work.. I never once seen a job description that said your job responsibility is to train your replacement after you get fired or demoted

  21. Anonymous Coward
    Anonymous Coward

    They obviously did everything....

    ...on the cheap. You also need to think criminally minded to defend yourself. Had a user recently who didn't make their probation so were escorted from the building. Nothing personal, its just how it is and you have to cover yourselves. Account was disabled before the escorting happened. And because of who they were, we had to change all known passwords that we knew they'd of had access too and I monitored systems during day and evening to makes sure nothing "odd" happened.

  22. Anonymous Coward
    Anonymous Coward

    oops

    Don't piss off your IT people -- they know all the passwords to everything.

    I personally like destroying the boot partition on Linux servers that guarantees it will never boot again during the next service window. It is hard for some ahole to triage that failure MONTHS AFTER YOU HAVE LEFT THE BUILDING .

  23. Voidstorm
    Black Helicopters

    Of course...

    The bit we seem to be allowing to pass uncommented is the claim that the corprats were slinging backhanders to Significant Local Officials.

    So, of course, an excellent way to divert attention from that is to fire the whistleblower.

    It happens, no?

  24. Furball

    Loved getting fired...

    Worked for a Medicaid billing company going through a merger many years ago in the IT department. About two weeks before they fired me, they had a meeting and demanded all the IT staff remove any non-licensed software from their work systems to keep from being fined another $250,000 like they had been the previous year. When they fired me (had another job lined up for more money and MUCH better conditions)...my first call was not to my new employer to be able to start working on Monday, but to the Business Software Alliance. Never heard what happened, but hope many heads rolled. Also hope the executives in the new company never hold another meeting about piracy before they start firing staff.

  25. VinnyR

    How does 10 hours of restoration (most of which will just be waiting ) cost $50,000?

  26. dnicholas Bronze badge

    I do wonder how many firms have one IT bod with his hands in every cookie jar (I've been him for years) with no idea what they'd do if said bod dies, gets the can or storms off.

    Management at my employer don't know or care (at the minute). Hopefully they don't have to find out the hard way

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020