back to article BANG and the server's gone: Man gets 8 months for destroying work computers

A peeved employee took revenge on his company by repeatedly spraying Cillit Bang into its servers in a three-year campaign that caused £32,000 of damage. Edward Sobolewski was convicted of criminal damage at Oxford Crown Court on Friday and sentenced to 8 months in prison for the attacks on his employer's computers. He was …

COMMENTS

This topic is closed for new posts.
  1. JimmyPage Silver badge
    FAIL

    Physical security of server room ?

    In my last office job, as a development manager, even I had no access to our server rooms. And that was in a company of over 1,000 employees. IIRC about 8 people had access - it wasn't even the entire Tech Services team. Someone pulling a stunt like this would have been rumbled in hours.

    1. Stuart Castle Silver badge

      Re: Physical security of server room ?

      You'd think they do that. Most companies don't..

      Where I work, I manage several servers (as part of my job). I can get physical access to the servers, but only if I ask very nicely, and only if accompanied by a senior system admin.

      The trouble is, a lot of small to medium sized companies don't bother with this. They might have a few servers, for various aspects of the business, but these servers would probably be stuck in a corner (probably not even in a rack) of someone's office, and that someone would be partially responsible for their maintenance as well as another, totally unrelated, job.

      1. Christine Hedley Silver badge

        Re: Physical security of server room ?

        > "Where I work, I manage several servers (as part of my job). I can get physical access to the servers, but only if I ask very nicely, and only if accompanied by a senior system admin."

        That sounds familiar. Even though a major part of my job was providing second-line support to our ops staff, gaining access was often not easy:

        Ops: "We need your help with one of the minis."

        Me: "I'll need access to it, then."

        Ops: "You can't come in."

        Me: "Then I can't assist you."

        Ops: "But we need your help with one of the minis."

        etc.

        Don't get me wrong, they were actually a really good bunch, but sometimes things could be a bit frustrating. The flip side is that we had excellent systems availability and nobody pouring cleaning fluid into the computers.

      2. Anonymous Coward
        Anonymous Coward

        Re: Physical security of server room ?

        > "Where I work, I manage several servers (as part of my job). I can get physical access to the servers, but only if I ask very nicely, and only if accompanied by a senior system admin."

        Even asking nicely shouldn't get you access to a server room no matter what your job description or how high up you are the management change. Not on the list, no access.

        Where I've worked it's been even stricter. A couple of authorised admins were fired because one loaned the other their access card. The server room was protected by a double door and in between security visually checked what was going on. In this case, although their faces would have been familiar to security they were of opposite sex, otherwise it might have gone unnoticed.

        Also between the double door the floor had a weight sensor anything over 100Kg and a voice booms out "Only one person at a time". Smile at the camera and security open the second door for you.

        1. Anonymous Coward
          Anonymous Coward

          Re: Physical security of server room ?

          >weight sensor

          What if the BOFH is a fat bastard?

    2. This post has been deleted by its author

    3. Zaphod.Beeblebrox
      Thumb Up

      Re: Physical security of server room ?

      This.

      To put it bluntly: Security - they are doing it wrong.

      Even though I work in a company of only around 100 employees, we have secured and limited access to the server room. I think 3 people have access - our BOFH, PFY and their boss.

      1. Callam McMillan
        Devil

        Re: Physical security of server room ?

        Your company is doing it wrong also! Any self respecting BOFH would never let the boss have access to the server room... Unless of course it was to eliminate him in some unplesant manner!

        1. Zaphod.Beeblebrox
          Angel

          Re: Physical security of server room ?

          @Callam McMillan - In our case (as is often the case in companies our size), boss of BOFH is former BOFH himself - they are aware of the wiles of the BOFH and know how to counter them, and (to answer another post) would know the difference between the real server room and a fake.

          1. Tom 13

            Re: former BOFH himself

            I thought the only former BOFHs were dead ones.

      2. Stoneshop

        Re: Physical security of server room ?

        I think 3 people have access - our BOFH, PFY and their boss.

        I doubt it. It's more likely what the boss has access to is a dummy room, kitted out to look quite like the live one.

        In a company that small, a missing boss will be quickly noticed.

        1. Captain Scarlet Silver badge

          Re: Physical security of server room ?

          "BOFH, PFY and their boss"

          Blimey, thats what we have although if you can't prove what you need space for the server room (Because you won't show anyone) it will be turned into a meeting room and your prep area will then become the server closest.

        2. Chicken Marengo
          Pint

          Re: Physical security of server room ?

          >>In a company that small, a missing boss will be quickly noticed.

          Yes, productivity would soar.

          Beer, cos the boss is nowhere to be seen

    4. JimmyPage Silver badge
      Stop

      Re: Physical security of server room ?

      Now for the flipside ;)

      The physical security was mandated by a security audit (before I started). So far so good. However, there were boxes in the server room that developers *did* need access to. So we installed a KVM over IP solution, and developers could access the boxes over the network. Now this was user and password protected, but as a couple of guys pointed out, when you had to have physical access, there was at least the chance an imposter/hacker would be seen (bearing in mind they still had to get past the 3 card locks to get to the floor with the server room). Doing things over the network was *less* secure.

    5. BillG
      Thumb Up

      Re: Physical security of server room ?

      A few years ago I worked with a small company of 35 employees that had a server room the size of a common bathroom. The room was double-locked, had dedicated cameras pointed towards both side of the door, and only the CEO and the VP of Ops had keys.

      That's the way to do it.

      1. Anonymous Coward
        Anonymous Coward

        Re: Physical security of server room ?

        Pussy. Come join the big boys.

    6. El Presidente
      Devil

      Re: Physical security of server room ?

      Many years ago I did some temp work for a company. Their server rack was at the bottom of some stairs in an open top, open backed, cobbled together glass server cabinet. I often wondered how easy it would be to tip a mop bucket full of manky water into it. From the third floor.

    7. margamoniac
      Paris Hilton

      Re: Physical security of server room ?

      Yep, SME company I am working for- we lost our servers in Birmingham for a day because someone (IT helpdesk personnel) had literally switched them off, confusing power switches.

    8. Anonymous Coward
      Anonymous Coward

      Re: Physical security of server room ?

      "Someone pulling a stunt like this would have been rumbled in hours."

      $32K, over three years. Doesn't say how many servers were affected. $32K could be $31K in lost business / cost in man-hours to bring systems back online, and only $1K in physical hardware... maybe two cheap servers. Maybe $16K in costs and $16K in hardware, which could mean just three servers were destroyed.

      You're not going to suspect the first one. Server died, you get it swapped out, you don't even question why it died. The second, a year later, you *might* say "hmm, that's the second server in two years, I wonder if there's a manufacturing defect?"

      Third one in three years makes you curious so you check the video. Of course, you don't have the videos from a year ago much less two. But yes, you immediately spot someone who shouldn't be there.

      So, yeah, it's possible that you find it quickly, but only if you've got a reason to suspect that it wasn't just random hardware failure. Which depends entirely on how many servers were going down and how often.

    9. 123465789
      Facepalm

      Re: Physical security of server room ?

      Then again - a couple of years ago I was working as a subcontractor for a decent-sized company. They had some 20 racks in their server room, and installing 10 more obviously required physical access. So I went to security. Hmm. Server room... do you know someone who has access? We'll just copy ALL accesses of that person to your card ...

      1. Anonymous Coward
        Anonymous Coward

        Re: Physical security of server room ?

        I was systadmining a test network with shared physical, if not logical infrastructure, to the main network (mains power, structured cabling but my own servers and switchgear).

        I asked for access to the comms room on my floors - no problem.

        Quickly worked out I had access to every comms room in the building, and to the generator rooms, and the main feeds into the building, etc.

        Being a conscientous sort of contractor however, I asked them to set up a new profile for me. But mainly so that if something 'terroristy' happened, I could reasonably deny any responsibility and have the access (or lack thereof) to prove it.

        Pretty shoddy stuff. Caused an audit shortly afterwards and a ground up rebuild of access profiles. Probably about time given that 'temp' contractors got the same, access all areas, no questions asked profile too, which I thought was bonkers.

        Like I say, Anon....because it was a national government facility. :-$

    10. Robert Heffernan
      WTF?

      Re: Physical security of server room ?

      I just started as one of three developers for a local company. The server room is a locked room that can be opened just by giving the door a good shove.

  2. Frankee Llonnygog

    Wrong brand of cleanser

    For server storage, use Flash

    I'll get my apron

    1. nevstah
      Facepalm

      Re: Wrong brand of cleanser

      or mix the 2 and get a flashbang!

      maybe..

      sorry, couldnt resist that one

  3. Mondo the Magnificent
    Thumb Down

    Acidic revenge...

    Wow, gives new meaning to scrubbing the disks..

    Very malicious indeed and his sentence was quite light taking the damage he done over the period.

    If he was "than unhappy" why didn't he just look for another job? FFS!

    1. Annihilator
      WTF?

      Re: Acidic revenge...

      ^^ that. I can understand him being p1ssed off at missing out on a bonus, and at a stretch imagine him doing it once. But to hold a grudge for three years and keep up that level of malice?? That's bordering on, erm, "difficulties in the gray matter"!

  4. TechnicianJack
    Mushroom

    BANG! And the work is gone.

  5. Mikey
    Happy

    It might not be good for the operational aspect of the server, but I bet all the copper traces were as shiny as a newly-cleaned penny...

    BANG! And the data is GONE!

    1. Silverburn

      If data wipe was his aim, he's start with the tapes, then the tape drive, then the NAS/SAN, before moving onto the servers last.

      However, it does look a bit like he was bored/attention-seeking, and not after serious damage.

      1. Anonymous Coward
        Anonymous Coward

        I can think of lots of interesting ways to damage servers, but then, I'm not a depressed accountant who has been passed over for promotion. Maybe there's an inverse relationship between ability and malicious motivation?

    2. This Side Up
      Headmaster

      "BANG! And the data is GONE!"

      "BANG! And the data ARE gone!

      1. Anonymous Coward
        Anonymous Coward

        Nah

        Although I'm usually a stickler for the correct use of English, I can't advocate being pedantic about that one.

        Data is equally acceptable as an indeterminate quantity as well as discrete items; it is good to have this flexibility in its application.

      2. Coldwind104

        Agree with the Anon.

        People who insist that the word 'data' be treated as a plural are confusing the English word 'data' with the Latin word it descended from.

        The English word 'data' is, as the AC said, indeterminate in number, so either "the data is" or "the data are" would be correct.

      3. Anonymous Coward
        Anonymous Coward

        "BANG! And the rice ARE gone!

        "BANG! And the bread ARE gone!

        "BANG! And the water ARE gone!

        Hmmmm?

        1. Anonymous Coward 15
          Coat

          BANG! And all your base ARE gone!

      4. Loyal Commenter Silver badge
        Headmaster

        "BANG! And the data is GONE!"

        "BANG! And the data ARE gone!

        BANG! and the word data is either a plural or mass noun depending on context, so neither is wrong.

  6. Anonymous Coward
    Anonymous Coward

    If he really wanted to cause damage...

    Then he should have just become a developer. There's much more scope to cause damage (and in much more creative ways!).

    Anon as my current employer might be alarmed by this line of thought...

    1. Crisp

      Re: If he really wanted to cause damage...

      Which is why you don't allow a programmer anywhere within flame thrower distance of a live server.

      1. Anonymous Coward
        Anonymous Coward

        Re: If he really wanted to cause damage...

        As a developer, we are allowed there all the time and it's scary to think of the damage which could be done. Most production systems I've ever seen have huge gapping holes everywhere ....

      2. Stoneshop
        FAIL

        Re: If he really wanted to cause damage...

        @Crisp

        A programmer torching a server is just one of the many problems you need to guard against. The far bigger and more insiduous sabotage options involve networks, and the programmer's actual output.

  7. LinkOfHyrule
    Coffee/keyboard

    It is not funny what this bloke did but it was very funny reading about it! Very odd, I would have used Tesco Value bog cleaner myself as its cheaper.

    1. TeeCee Gold badge
      Mushroom

      By using Cillit you avoid the possibility that the servers end up looking suspiciously clean, giving the game away.

      That'll be how he got away with it for 3 years, by using the only marketed cleaning product that's incapable of removing dirt from a smooth surface. FFS, you can impair the cleaning properties of a damp rag by spraying it with Cillit.

      1. Test Man
        WTF?

        You're talking about Flash there. Cillit ALWAYS gets things clean. Flash don't.

  8. Khaptain Silver badge
    Coat

    Where I work -

    We have a testicle weighing machine, which means that you would have to know the weight of my testicles on a given day.

    If you place your jewels on the scale and they are the wrong weight, a heavy hammer will inflict a reminder that you do not have access to the server room.

    Never had any incidents or breakins - go figure.

    1. BorkedAgain
      Paris Hilton

      Re: Where I work -

      How does this fit with equal opportunities regulations?

      1. M Gale

        Re: Where I work -

        I guess the machine also weighs chesticles?

        1. Khaptain Silver badge

          Re: Where I work -

          We also have a large pair of "damp electrical clamps" hanging from the ceiling for those that don't have testicles ( I believe that all genders have nipples). Works on the much the same principal as a taser, but with 240 volts and 13 amps, I have never seen anyone try twice.

          As Obi once said "I think the power of dissuasion is strong here Luke".

  9. Paul Johnston
    Joke

    Could be a fit up!

    I think it was actually Barry Scott who did it!

    1. This post has been deleted by its author

  10. Anonymous Coward
    Coat

    "Well, it didn't say..."

    Mike: Maybe you shouldn't have poured all of that washing-up liquid into it.

    Vyvyan: It says here "ensure machine is clean and free from dust"

    Mike: Yeah, but it don't say "ensure machine is full of washing-up liquid"

    Vyvyan: Yeah, but it doesn't say "ensure machine isn't full of washing-up liquid"

    The one with "Very Metal" on the back

  11. Andy Fletcher

    Physical access

    It's not just servers. In my mispent youth I worked for a well known fast food outlet. One of my fellow employess bragged to me about what he'd done in the cola syrup tank once. I wish I could say I thought it was funny, it wasn't.

    Trust no-one.

    1. Anonymous Coward 15

      Re: Physical access

      We've all heard those stories. Most of them are bollocks.

  12. Joeykins
    Joke

    Wrong product

    Should've used Kitchen Gun™ instead

    http://www.youtube.com/watch?v=6-7NDP8V-6A

  13. rossb2
    WTF?

    did the servers not smell funny?

    surely using this method would make the servers smell funny. would the liquid not be left behind?

    I keep reading it as "Clit Bang", which suggests a different product.

  14. Anonymous Coward
    Anonymous Coward

    New tagline

    Bang ... and the server is gone

  15. stucs201
    Facepalm

    I blame El-Reg

    All those articles you've published about the dirt found inside computers. It was only a matter of time before someone tried to do something about it.

  16. Captain Hogwash
    Meh

    I'd always assumed...

    ...it was pronounced with a hard C. When I discovered that it wasn't it seemed like a missed opportunity.

  17. JeeBee

    Hmm, 8 months for that, really?

    The guy should have run his boss over in his car - he'd have got a shorter sentence, and a far more satisfactory revenge.

    1. Simon Harris
      Joke

      Re: Hmm, 8 months for that, really?

      Actually the sentence was going to be longer...

      ... but the judge was lenient as he said that up until then the defendant had a clean criminal record.

    2. Sir Runcible Spoon

      Re: Hmm, 8 months for that, really?

      I've just watched a programme about Fred and Rosemary West.

      Their first victim (who did get away to tell the police) was kidnapped, tortured and raped. They admitted guilt.

      They got fined £25 quid each.

      Still, a server's a server, and worth a lot more than life eh?

      1. Anonymous Coward
        Meh

        Re: Hmm, 8 months for that, really?

        "They admitted guilt.

        They got fined £25 quid each."

        From what I'm seeing, it looks like their accuser was pressured into dropping the charges, and that they copped a plea to a lesser charge (indecent assault) - which is far, far different than the court saying, "OK, you admit kidnap, torture, and rape? Fifty bucks and you're gone!"

        A travesty and a horrible miscarriage of justice to be sure - but using it as a means to comment on sentencing for vandalism and/or sabotage committed 40 years later, as if the two cases are somehow directly comparable... is... a bit of a reach.

  18. Jim 59

    Acid

    So a technician opened the server(s) on many occasions, replaced parts, without noticing anything untoward - Unexpected smell ? Caked fluid ? Funny marks ? A certain lack of limescale ?

    1. Anonymous Coward
      Anonymous Coward

      Re: Acid

      Not really, I know of 1 computer services company that just swap the whole box out and don't even change the obvious failing part a very expensive way to fix stuff.

  19. Simon Harris
    Coat

    Confusion...

    Maybe he just got confused when they told him to redo the company website using Ajax.

  20. sisk
    Coat

    32k in damages and he gets a 1k fine and less than a year in jail? In the unlikely event that I ever I find myself in trouble with the law I want that judge.

  21. Anonymous Coward
    Anonymous Coward

    When I worked for a startup, myself and one of the directors basically changed the motor in the AC in the server room.

  22. Jo 5
    Joke

    we are going to...

    cut off your Johnson and Johnsons, Sobolewski !!!

    /Coat gotten

  23. John Savard

    Pity

    It's a pity that his former employers can't sue the prison where he will be held for the other £31,000 - to come from the costs of feeding and housing him.

  24. Anonymous Coward
    Anonymous Coward

    What's wrong with this picture?

    He only gets 8 months in jail and a 1,000 pound fine when he damaged the systems for 3 years, caused system outages, caused tens of thousands of pounds in repairs? When is the judicial system in the UK going to get in touch with reality? How does 1,000 pounds compensate the victim for there very real losses?

    1. Richard 12 Silver badge

      Re: What's wrong with this picture?

      They'll actually get the £1000.

      If the compensation was set too high he'd simply go bankrupt and his bank and the lawyers on both sides would take most (all?) the money.

      In that case the company might well get nothing at all.

      The high compensation payouts you hear about are paid by insurance companies or councils, generally on a "shut up and go away" basis rather than letting it go to court. Presumably the lawyers fees must be quite astronomical for this to be cheaper.

    2. Psyx
      Stop

      Re: What's wrong with this picture?

      "How does 1,000 pounds compensate the victim for there very real losses?"

      It's unusual to get any damages at all as a result of criminal activity. They should count themselves lucky.

      Or do you think that victims of burglaries actually get any of their losses returned by the criminal?

  25. JB
    Happy

    If that trick with the penny is anything to go by, at least all the copper parts would be nice and shiny!

    funnily enough, here in the States Cilit Bang! is called Kaboom! - same bottle, different name.

  26. Anonymous Coward
    Anonymous Coward

    Happy Employees Use WD40

    And the servers get faster and better every day.

    Added benefit: absolutely no trace of rust.

  27. Uncle Siggy
    Coat

    Eight months in jail will be enough time for this guy to clean up his act.

    1. Minophis
      Coat

      He wouldn't have had to face the jail time if only he'd made a clean get-away.

  28. Simon Harris
    Happy

    Justice...

    If there is any, he'll be on bog-cleaning duty all the time he's Cillit Banged up.

  29. southpacificpom
    Paris Hilton

    Is it me or, does Cillit Bang appear to read "Clit Bang" at a quick glance?

  30. Anonymous Coward
    Anonymous Coward

    He could have used Kitchen Gun, might have been quicker:

    http://www.youtube.com/watch?v=6-7NDP8V-6A

    Do JML not have a "Server protection kit" for just such a situation?

  31. cortland
    FAIL

    What a

    half acid stunt.

  32. Tom 11

    It's harder than you think...

    I work for a company that has a global presence. My colleague and I are ground up support for all ICT for all of Europe. Thats from mice to migrations. The problem I have is, we come along to a lab we've acquired and migrate our systems in place, generally they old regime would be running the entire network from a tower server under a stairwell or something similar. So we have the issue (and for example) in one site we have a 'server room' which is all very nice, black out blinds and aircon with a full rack, which is also the hard copy archive for finance. What boggles my mind is we have staff loyal to the previous employer who have keys to my server room and plenty of ammunition to go pissing around with my kit if they so pleased, times this by the number of sites I look after (12 and counting) and I have a potential nightmare situation......

  33. ContentsMayVary
    Joke

    It could have been worse...

    He could have used Kitchen Gun!

    http://www.youtube.com/watch?v=6-7NDP8V-6A

  34. C-N
    Trollface

    Cleanliness is close to godliness

    This is just an over-reaction to a very conscientious employee putting in extra hours and trying to help keep things clean and shiny.

  35. Anonymous Coward
    Anonymous Coward

    Am I the only one reminded of Office Space?

    I bet they took his stapler as well!

  36. Tim Greening-Jackson
    Headmaster

    Bare Grills?

    I'm more concerned that they had a grill in the computer room as he was seen "spraying it into the computer grills". The smoke form one of those could do untold damage

    Whereas had he sprayed it in to the computer grilles then that would make much more sense.

This topic is closed for new posts.

Other stories you might like