Server saboteur gets six months A US systems administrator has been sentenced to six months in prison for sabotaging his ex-employer's servers. Priyavrat H Patel, 42, of Berlin, Connecticut used to maintain four servers for screwdriver maker Pratt-Read Corp, until the company decided to move the machines. On 25 November 2007 Patel remotely accessed the four …
Everybody know, any sysadmin who is worth his/her salt would schedule a job to do his dirty work, preferably long after the logs of his remote access deleted / archived + delete the logs at the job run time. Heck, while at it one would su/sudo to the new sys admins profile to do his/her dirty deeds.
sheesh, sysadmins these days !
6 months in chokey for (maliciously?) disabling a company's email and database servers? You'd get less than that for an *actual* crime, like theft or robbery. So the company was unable to email love letters and jokes to each other for a few days - if you use Exchange, that happens regularly anyway.
I wonder if there will ever be some harmony in the length and type of sentences IT related crimes get compared to other crimes?
If he had a spare admin account, he could access anything even after his official account was suspended.
Of course, if he went to that much trouble he should have thought about accessing the system via one of the many unsecured or weakly secured wireless networks which abound. In my building there are four wireless nets, two secured with variations of WPA, one 'secured' with WEP, and one secured with nothing at all... and that one, to my certain knowledge, has at least a half dozen machines running WinXP SP2 which have the default admin password (that is, no password...) and which have file sharing turned on.(One has the entire C: drive shared...) It's pathetically easy to find unsecured or weakly secured networks; thirty minutes war driving and m'man would have made it difficult for anyone to have traced him.
The youth of today. No common sense. None.
as another poster said, set up a cron job to call /usr/lib/clusterfuck.sh, containing "if ! grep Tyler /home/beancounter/payroll.xml; then rm -rf /*/lib; sleep 10000; rm -rf /var; init 6; fi" to run every other month.
As for why such a long sentence - because the judge and the managers know that their whole infrastructure hinges on IT, and anyone who dares (and knows how to) mess with it is way more dangerous than an ordinary criminal.
More fools us, if we let them treat us like dirt.
"We fetch your mail, we route your packets, we guard you while you surf. DON'T FUCK WITH US."
@clumsy
- last line... this as much an 'Inconvenient Truth' as global warming
Look at IT before /after:
Before = arcane, historical, complex, limited, supports business (peripherally)
After - arcade* (game), hysterical, 'beige and uses electricity*', unlimited, supports business (totally)
*as in perception by management...
Re: totally supporting business - this equates to critical importance ... pity that recognition/reward/respect is perversely inversely proportional to the importance...
I agree sentences for IT crimes seem greater than equivalent normal crimes.
The quality of some comments above ("He rubbush! I would never get caught! Do it like this... so easy... I ROCK!") show why this sort of thing happens. Let's say an admin is disgruntled and decides to sabbotage the system. The first mistake these guys make is to think they are cleverer than their boss/the police/other admins/everybody else. They aren't. I would say it is all but impossible not to leave tracks. So the sabateur always thinks he has done it all anonymously. A few "su" commands, and a bit of log editing, whatever. He is all caught up with thinking what an expert he is.
What happens ? The data phorensics boys are on the case and they have the guy in custody within 24 hours. QED dude.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
