Stupidity competition
The company didn't change the administrator password, and the ex-admin used his home computer for the attack. Were they running a competition as to who could be the stupidest?
A former support admin was sentenced to one year in prison after admitting he shut down the servers of a large IT company a few months after his employment ended there. Lesmany Nunez, 30, was an employee at Quantum Technology Partners in Miami from August 2006 to May 2007. Amazingly, he was able to breach the company's network …
I was under the impression that in a properly run IT environment the number of people with admin access was strictly limited to a very small number of people, and should any one of those leave then the account passwords were automatically changed.
"Gagging for it" would seem to be an appropriate term to use here. And Paris because, well you can guess the rest.
intentionally doing harm, or even trying to, is always stupid. we all get treated badly from time to time but seeking revenge is just plain idiotic and will ultimately cause nothing but trouble and heartache.
these stories are quite common, but even more common are the many unreported cases of ex staff doing damage to say just one system in a very brief and often untraced attack. so it's not such a serious cost in case they do get caught.
it's so sad how a person can spend years building a career and good reputation, only to flush it all away in a single moment of misguided anger. which is clearly not very clever.
in my eyes this type of behavior is disgusting and we should all know better, be honest, and try to do good only. thank you.
Booo hoooo hoooo!!!! My boss is such a meanie!!!!!! Just for that I'm going to spite him and sabotage his network!! That'll show him.
Lesmany Nunez and those who follow in your footsteps are a bunch of losers. If you want to be treated well you shouldn't be working in corporate IT. Good luck finding a job after you get out of the clink. Moving back in with your mum at 31 and being part of the crew that towels off my car after it goes through car wash looks like the best future you could hope for. Don't worry Lesmany I always tip well since I notice most folks don't.
The last 2 brokerage firms I worked for BTW disabled ALL building and network access prior to notifying you of your termination. I and a few other showed up to work on a Friday and our access badges wouldn't even allow us in the building. We were later met in the lobby by our managers who informed us that we were canned. Such is life in the IT world. On to the next gig. My current manager contacted my former employers and based on their positive feedback hired me so burning bridges is fucking dumb.
I agree in principle with you. However you shouldn't be so judgmental if you don't know the exact circumstances in which the canning took place.
You think every firm terminates you in a fair way so you can collect severance?
I guess you never seen people canned because their manager didn't like them personally. Or convinced to quit with the argument that if such person needed to, they could return to a different area of the company, only to have said manager speak with HR to smear their records and making them non-rehirable.
Have you ever been terminated because some piece of dirty scum has spread lies about you and because they have a lot of pull in the company (is friends or shags with one of the high ups), the Ethics department disregards all logic and believes their ridiculous claims?
Be thankful that your country has unions that can protect you a little from unfair dismissals (if they haven't been bought by the company, that is).
@AC 12:43
"You think every firm terminates you in a fair way so you can collect severance?"
No! I know that!! Not only have I been victim of that but so have several of my colleagues! Read current IT events much (HP, EDS, IBM, et al)? Why do you think I am a career consultant?
I work in a WAN/datacomm environment which means long hours/weekends and phone calls at the most inconvenient times due to knee-jerk reactions and misperceptions from less technical, upper management types. In spite of this I consider myself lucky that I have employment, am well-compensated (thanks to the long hours ugh) and have a good team of engineers. I also live with the fact that no matter how much effort I put forth to ensure my tenure here I may come in to work tomorrow morning and find my access card won't let me in the building. There will be no ill feelings on my behalf as I consider this a business, not personal relationship. Then there's the usual flood of phone calls wishing you good luck, asking for updated project statuses and whom they need to contact for further queries. What a routine this is.
This is the way it is in corporate IT, regardless of your technical skills. Your failure to accept this means you either haven't worked in IT that long or don't have many collegues who work in IT. I in no way condone the mistreatment of employees but you really have to re-evaluate your expectations if you think any employer anywhere owes you a living.
Incidentally El Reg doesn't mention this but Mr. Nunez has to pay restitution totaling over $31,000 in addition to community service and supervised release.
http://www.outlookseries.com/N1/Security/3298_Lesmany_Nunez_Sentenced_Quantum_Technology_Partners_QTP_Computer_Fraud.htm
This post has been deleted by its author
Another interesting article on this http://www.pcauthority.com.au/News/79618,hacking-damages-routinely-overstated.aspx seems to indicate that you need $5,000 in damages to extradite, and the # for McKinnon seems to be around 5,000 per pc he affected. Either way, while I believe the damages should be closer to say $40,00 to 80,000, any way you figure it, it's way over $5,000.
-not from your connection
-not from a machine you purchased (even on eBay, one never knows)
These are the 2 rules.
It's easy enough to get untraceable, dispensable machines. They abund in dumpsters, on the pavement after the neighbours moved, ...
Also, @ Ru: you're not comparing the "damages" caused by highlighting a system's poor security (the damages in the McKinnon case are *only* admin time spent plugging the holes that his intrusion highlighted, which should have been done first thing after buying the boxes, before even connecting them, and makes the case even more preposterous) with the destruction of data, locking out of the admins etc, are you?
For those of you who might be tempted to do something similar should you get axed by big bad Corporation, think at least of your former co-workers who will have to devout extra unpaid hours to clean up the mess you've made. Big bad C's losses are probably covered under some insurance and you will not be able to enjoy your moment of schadenfrude.
If you're going to do it, it is likely you are going to get caught eventually somehow.
So surely a mad rampage through the server room wildly swinging a fire-axe would
be far more tangible and satisfying revenge.
Plus it has the added advantage of getting all the legal stuff out of the way early on.
(The smiley has it's tongue-in-cheek, Trust me.)