Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Crime IT

Withhold Passwords From Your Employer, Go To Jail? 599

ericgoldman writes "Terry Childs was a network engineer in San Francisco, and he was the only employee with passwords to the network. After he was fired, he withheld the passwords from his former employer, preventing his employer from controlling its own network. Recently, a California appeals court upheld his conviction for violating California's computer crime law, including a 4 year jail sentence and $1.5 million of restitution. The ruling (PDF) provides a good cautionary tale for anyone who thinks they can gain leverage over their employer or increase job security by controlling key passwords."
This discussion has been archived. No new comments can be posted.

Withhold Passwords From Your Employer, Go To Jail?

Comments Filter:
  • by ackthpt ( 218170 ) on Monday November 04, 2013 @10:06PM (#45332799) Homepage Journal

    I don't care if you made them up, they are the property of your employer.

    Now the stupid thing here is Terry doesn't just engage in "burning bridges", but does it with himself standing in the middle. I can't feel pity for this fool.

    • by Livius ( 318358 )

      It's no different than physically walking out with the hardware.

      In fact, I think it already falls under some form of trespass.

      • by BrookHarty ( 9119 ) on Tuesday November 05, 2013 @12:50AM (#45333727) Journal

        It's no different than physically walking out with the hardware.

        Bullshit.

        The hardware sat in the racks the entire time. Any tech could walk up and reset the passwords.
        The manager should have sent out his techs to reset passwords and then put a password policy in place.

        Bad management, but the employee didn't STEAL anything.

        • by jfalcon ( 163956 ) on Tuesday November 05, 2013 @02:32AM (#45334019) Homepage Journal
          Wrong - it wasn't that simple.

          http://www.courts.ca.gov/opinions/documents/A129583.PDF

          In December 2007, the city‟s Human Services Agency (HSA) experienced a
          power outage. When power was restored, its computers could not connect to
          FiberWAN—the configurations of its CE device had been erased because they had been
          saved to VRAM. Childs reloaded the configurations and got the system reconnected.
          When the HSA information security officer learned that the CE configurations had been
          stored in VRAM, he protested to Childs that this was unacceptable. Citing security
          concerns, Childs explained that he wanted to prevent a physical connection to the CE that
          would allow someone to obtain the configurations using the password recovery feature.
          He suggested disabling the password recovery feature instead; the information security
          officer agreed. Tong also agreed to this solution, as it would address a concern about
          hacking into the HSA‟s CE device. Soon, Childs disabled the password recovery feature
          on all CE devices citywide, and there were no backup configurations on any of the city‟s
          CE devices. As the password recovery feature could not be disabled on core PE devices,
          Childs erased their configurations that had been stored on NVRAM.
      • by EdIII ( 1114411 ) on Tuesday November 05, 2013 @01:17AM (#45333833)

        I think that is a very dangerous precedent for intellectual property though.

        It's most assuredly very different than walking out with the physical hardware. It still exists. It's still in the hands of the owners. The challenge is that the device is storing a piece of information that only that single person is aware of. For whatever reason.

        Your viewpoint is dangerous because it's easily possible to forget that shared secret between you and the devices. Trust me. Very easy to do. I've done it. I've been asked about passwords long after I stopped working for someone. Since I make it a point to write them down securely and not remember them, it was no surprise that I didn't. I shredded/deleted the documents too, so there was no way to retrieve them.

        I don't think forgetting or refusing should ever be criminalized since in many cases you cannot truly tell which one it is. Why should I go to prison because I can't remember something that they were too stupid to have written down by policy while I was working there, and too stupid to ask about it during the exit interview or when the contract was done?

        This case was different. He admitted to not only setting it, but doing it for a specific purpose. Focus on that and don't start messing up understanding of intellectual property in such a dangerous way.

        Please. You won't like the world that gets created with those ideas. Not one bit.

    • by hawk ( 1151 )

      As an attorney, I could easily see prosecuting these under traditional property crimes, as well: a password is a type of property, and taking it could be larceny, for example.

      Such laws certainly make the prosecution easier (to the dismay of my criminal law partner)

      hawk, esq.

      • by Luthair ( 847766 )

        As a non-lawyer this seems odd to me given a password is transient knowledge and not a thing a single one person can possess. To me, a more apt analogy might be an employer trying to force a former employee to write down any thoughts they might have had related to their former position.

        I can't recall the details of this case and honestly don't really care, but the city ought to have a had a policy about shared passwords from the start not only to avoid this situation but also scenarios where the sole passw

        • by schnell ( 163007 ) <me&schnell,net> on Tuesday November 05, 2013 @12:47AM (#45333697) Homepage

          ...a password is transient knowledge and not a thing a single one person can possess. To me, a more apt analogy might be an employer trying to force a former employee to write down any thoughts they might have had related to their former position.

          Huh? It's more like if you had a safe containing your money and paid one of your employees to maintain the safe and its contents, and he refused to tell you the combination of the safe.

          [Karma suicide coming]

          Reading about this whole Terry Childs thing on Slashdot has always amazed me. For what seemed like years, whenever this topic came up every post was flooded with "zOMG Terry Childs was justified because the mayor didn't know how to secure his servers!!!!" rhetoric. It seemed to make no sense except for geeks rooting for a fellow geek, regardless of what the real issues at stake were. Same goes for the teeming Slashbot hordes who insisted for months and months on Hans Reiser's innocence and how he was FRAMED, I TELL YOU. Or the people who previously would have condemned Kim Dotcom as a fraudster and spammer but who lionized him because the copyright police came after him. And frankly the same goes for the "zOMG Julian Assange was FRAMED by the CIA and the NSA because the MPAA owns Sweden or whatever" crowd. Occam's razor folks - if the US government wants to get their hands on somebody, they do what they tried to do to Edward Snowden, i.e. attempt to extradite them, not somehow make up fake rape charges in a separate country that doesn't even really like the US anyway.

          Look, it's hardly a unique failing or blindness - most humans exhibit bad confirmation bias and cognitive dissonance. But I just find it disappointing to find such prevalence of this behavior in a group that prides itself on its capacity for critical thinking.

          • by tlhIngan ( 30335 ) <slashdot@worf.ERDOSnet minus math_god> on Tuesday November 05, 2013 @01:23AM (#45333845)

            Reading about this whole Terry Childs thing on Slashdot has always amazed me. For what seemed like years, whenever this topic came up every post was flooded with "zOMG Terry Childs was justified because the mayor didn't know how to secure his servers!!!!" rhetoric. It seemed to make no sense except for geeks rooting for a fellow geek, regardless of what the real issues at stake were. Same goes for the teeming Slashbot hordes who insisted for months and months on Hans Reiser's innocence and how he was FRAMED, I TELL YOU. Or the people who previously would have condemned Kim Dotcom as a fraudster and spammer but who lionized him because the copyright police came after him. And frankly the same goes for the "zOMG Julian Assange was FRAMED by the CIA and the NSA because the MPAA owns Sweden or whatever" crowd. Occam's razor folks - if the US government wants to get their hands on somebody, they do what they tried to do to Edward Snowden, i.e. attempt to extradite them, not somehow make up fake rape charges in a separate country that doesn't even really like the US anyway.

            I suspect it's because we "tech geeks" as a group tend to self-identify and tend to think of us as "smarter than the rest of them". Except of course, we're not. Sure we know our ways around everything technological, but I'm sure there's plenty that don't know law (try getting the three sides of IP law straight - a lot of /. flamewars erupt from confusing patents with copyright and trademarks). Or medicine. Or any other thing, really.

            It's not unique to geeks either - I'm sure your local doctor's group or lawyer's group also think they as a whole are so much smarter than the rest of the world. Except of course, they're not - they know their field really well, but enter another field (try helping a doctor or lawyer with computer problems?) and boy are they clueless.

            It's the same with geeks.

            And unfortunately, sometimes this plays out badly - we think we know "the system" better than everyone, but then get slapped and made a fool of (see Hans Reiser, Terry Childs - ZOMG they know how to work the system!). Of course, all that happens is the prosecution takes advantage of this and easily paints a negative image on the person before the trial even begins. Of course, they were probably guilty, but damn, we didn't have to make it easier for them. (See Aaron Schwartz on how NOT to behave - you can be "on the right side" but if you act in ways the general public knowingly disproves of, you get vilified in the court of public opinion and make a prosecutor's job REALLY easy.).

            Some advice - learn etiquette and how "the proles" want you to behave (if that means having to wear a suit and dressing up, so be it), Even though everyone shouldn't "judge a book by its cover" guess what? Juries and prosecutors do. Don't make their life simpler by making it easy to paint you as an outcast who believes they're above social norms. And especially don't act smarter than the group, because you'll just come along and sound like a smartass instead.

          • by Lodlaiden ( 2767969 ) on Tuesday November 05, 2013 @01:28AM (#45333855)
            Was debating on modding (up)...

            Very simple response to the whole thing. You had 1 guy that was in charge of knowing ALL the passwords AND the ability to reset/change them AND you fired him? Whether or not the guy KNOWS the passwords by heart (and I don't even know my WiFi password by heart), my contract ends with you the day you fire me. If you want to hire me back as a contractor at a 1k/day rate, I will gladly find and open the password spreadsheet. Or you can pay the helpdesk guy to search my desktop and my fileshares.

            If you do not have the technical foresight to have a plan in case I get hit by a bus then you deserve to live with the consequences of me disappearing off the face of the earth, even if it's at your own doing. Especially if it's your doing.

            On the actual specifics of this one case, Terry probably was committing carreer suicide by not ensuring he left the place on good terms. You don't jerk with the CITY you live in. You might be able to pull that crap with some small companies, but throwing both fingers high in the sky at the entire CITY is asking for some rebuttal.
          • Comment removed based on user account deletion
          • by AmiMoJo ( 196126 ) *

            There is evidence that the charges against Assange are bullshit, and the US government did in fact try something similar with Snowden early on by trying to make out his girlfriend was some kind of undesirable. We actually know that is Standard Operating Procedure thanks to previous leaks of internal CIA manuals.

            I agree with your general point, but there is such a thing as being too sceptical and making no effort to find out about things you have dismissed as paranoid ranting early on.

      • by EdIII ( 1114411 ) on Tuesday November 05, 2013 @12:55AM (#45333757)

        A password is not property and it cannot be "taken" as if it were a physical object. It merely represents a shared secret between one or more parties and a backend system that attempts to authenticate access.

        To say theft is wildly inaccurate and illogical.

        If the employee is the only one in possession of the shared secret and refuses to divulge that information to a party that does have physical ownership over the devices being protected I have a very hard time understanding how it's theft.

        Those responsible parties should have maintained access at all times. In this case, he had established that password while gainfully employed by them, and was perfectly in his rights (work policies outlining what they are) to establish the password. If no policy was in place for him to print it out, hand it to his superiors, and let them secure it, then some accountability rests with the management.

        Once he was let go I see no difference between "I don't remember" and "I don't wish to say". I've quit before and was asked on many occasions if I remembered passwords, specifics of certain processes, etc. My answer was simple, "I don't work for you anymore and this conversation is not appropriate". I never set any passwords to restrict access higher up than me. I also made sure that all of the passwords were known by my superior.

        Did he specifically set a password in a premeditated fashion to prevent proper operation of the networks? In this case, he did and then admitted that he did . That's what the legal focus should be on. Not theft or some intellectual property mangled interpretation bullshit. Those arguments are quite frankly extremely detrimental to our overall freedom at this point. We need to swing that pendulum over the other way with a more sophisticated understanding of what is actually going on.

        I don't have a problem that he is going to prison for about a year. What I have a problem is that he is going to prison for not divulging a shared secret that should have never been set by policy, and one he is not obligated to reveal once terminated.

        Put him in prison for willful property damage or some other infraction designed to punish somebody by damaging property past a certain extent. Not theft.

        The vast majority of these cases, especially these so called intellectual property cases, need to be decided in civil court, not criminal.

    • Exactly (Score:5, Insightful)

      by SmallFurryCreature ( 593017 ) on Tuesday November 05, 2013 @02:57AM (#45334059) Journal

      These articles show you that a lot of nerds really are totally incapable of dealing with normal society.

      If you changed the locks on your employers buildings and refused to hand over the keys, what do you think would happen? So why should digital keys/passwords be any different?

      Some dweebs seem to construct fantasy worlds around themselves and since they lack interaction with other people becomes convinced that these fantasy worlds are real. Childs seems to have done so, he believed he was the only one fit to access these systems, that they were his babies and only he could properly care for them.

      I am not sure he should go to jail for it. He should however get mandatory treatment, if needed in a padded cell with a lock. If he asks for the keys, tell him you don't think he is capable of properly dealing with it.

    • I want to believe you on this, but there are some realities in this which are being overlooked. Each device is 'vulnerable' to physical access. You could say this was by design. If Childs had died instead of being fired, how would they have handled this differently? What they would do if he had died is exactly what they should have done when he was fired.

      There are some realities about IT which some people are unwilling to face. First and foremost of this is that IT should be considered to be an area in

  • by dukeblue219 ( 212029 ) <dukeblue219@a[ ]com ['ol.' in gap]> on Monday November 04, 2013 @10:07PM (#45332815) Homepage

    I don't have a problem with this. The company may have been dumb to put this much power in one person's hands, and perhaps they got what they had coming in someone's eyes, but it doesn't excuse this behavior. If I had the only key to the server room and got fired but didn't turn in the key, I would expect retribution of some form, especially if the office had a steel door that took weeks to break down.

    • "The company" in this case was San Francisco city hall. Local governments aren't exactly known for their IT prowess.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      This is subtly different. In my eyes, once the employee has been fired, they are really under no obligation to help their now ex-employer with much of anything. Of course, having a password in your head and a key in your pocket are different things, the company has the burden of due diligence to be sure you turn in the key, security badge, whatever before you walk out the door. If they don't have a password, that's their own fault. The key and lock equivalent would be I get home, having just been fired,

  • How, how HOW (Score:5, Insightful)

    by Anonymous Coward on Monday November 04, 2013 @10:07PM (#45332819)

    HOW!(!) is this a surprise to anybody? It's extortion, plain and simple.

    • Re: (Score:3, Informative)

      by dukeblue219 ( 212029 )

      Yep. He didn't even just conveniently "forget" the password after he was fired, but apparently set this all up well in advance to intentionally disrupt their business. Dumb move.

  • Exactly right (Score:5, Insightful)

    by Pirulo ( 621010 ) on Monday November 04, 2013 @10:08PM (#45332825)
    The passwords are like the key to the office. You have to return them.
  • by Anonymous Coward on Monday November 04, 2013 @10:11PM (#45332843)

    I've simplified the submission:

    Withhold Passwords From Your Employer, Go To Jail?

    Yes

  • History rewritten (Score:5, Insightful)

    by guruevi ( 827432 ) on Monday November 04, 2013 @10:12PM (#45332849)

    Terry Childs did not want to divulge the passwords to an entity that didn't have the right to said passwords. There are several other red flags in this case but $1.5M to regain access over some routers? Seems like gross incompetence on various levels.

    • Terry Childs did not want to divulge the passwords to an entity that didn't have the right to said passwords.

      So what's the "real" history here? How could the company not have the right to the passwords?

      • Re: (Score:3, Insightful)

        by Anonymous Coward

        How could the company not have the right to the passwords?

        The company DID have the right to the passwords, Childs simply tried to argue that since he "built" the system and all it entailed, it was his personal property.

        Which was a fucking stupid argument.

      • Re:History rewritten (Score:4, Informative)

        by Fallen Kell ( 165468 ) on Monday November 04, 2013 @10:33PM (#45333031)
        He was asked to give the passwords over during a meeting with several people who had not signed the appropriate papers for having said access and had not been documented by information/system security for having a right to the passwords. There was also a conference call being held on the phone in the room with unknown persons who would have then also been privy to the password divergence. Terry simple say "no" to diverging the passwords in that location, at that time, in that manner. In his contract, he had a duty to protect the passwords, and he was still an employee at that time. Giving up the passwords in that location at that time would have been a breach of his contract and he could have been fired on the spot for doing so. He was placed in an impossible situation, where they were firing him if he gave them the passwords or didn't give them the passwords. At that time, no one from security had authorize anyone else to have the passwords, and as such, Terry did the only thing he felt was correct, which was to attempt to give them to the only person who was in charge of the system, which was the mayor, who could then give them to whoever he felt like, in whatever manner he thought he should since it was not written in any contract that he had to protect the passwords or be fired for giving them to someone who had not filled out the proper paperwork and been given approval to have them and doing so in a location where only the person who had been authorized to have them would receive them.
        • He did not just refuse in that one instance. He was then fired and still refused to give the passwords to his duly authorized replacement. Had he felt he was improperly fire a wrongful dismissal suit was in order not withholding passwords.

        • Re:History rewritten (Score:5, Interesting)

          by MoFoQ ( 584566 ) on Monday November 04, 2013 @11:17PM (#45333277)

          His lack of finesse and social skills coupled by the complete (technical) incompetence of those at city hall definitely contributed to his downfall.
          If I recall, didn't Kamala Harris put the passwords into public record, thus forcing the city IT department to go around and changing passwords on all devices to prevent from someone from "f*cking sh*t up"?

          The funny thing is that the statute (California Penal Code Sec. 502(c)(5)) mentions "disrupts or causes the disruption of computer services or denies or causes the denial of computer services" yet....during this whole fiasco, the network was rock-f-ing-solid (at least until the passwords were put into public record without seal).

          Not sure why the attorney didn't bring this point up.
          If I was Terry Childs, I'd fire the attorney and then sue the city for breach of contract (oddly, for at least the same amount).

    • Terry Childs didn't have the right to decide who got the passwords and who didn't. He was no longer an employee.

  • by Anonymous Coward on Monday November 04, 2013 @10:13PM (#45332861)

    "I don't remember."

  • by Ukab the Great ( 87152 ) on Monday November 04, 2013 @10:14PM (#45332875)

    There's far more significant knowledge you take with you that you're not legally required to give up (procedures setting stuff up, what vendor bugs to work around, what authentication scheme, whatever). No need to go to jail over passwords when there's plenty of other petards for a former employer to hoist themselves on.

    • Yeah, I was just wondering the same thing. I mean, I agree with the others here who believe that employees have a responsibility to hand over passwords when departing, but where does it stop? After all, if we have a responsibility to hand over our memory of that item, why not others? If I'm the only person who knows how to run a system, do I have a legal responsibility to document it fully before I depart, even if I live in a place with at-will employment in which I'm supposed to be able to just get up and

  • What system is there no way to reset the passwords? I'm having a hard time thinking of an OS/Embedded device that doesn't have a password reset mechanism or a means to overwrite the previous password with a boot disk
    • Have you never heard of systems that are encrypted? There's no shortage of things that don't give solid means to reset them without loss of data.
  • Next time (Score:2, Interesting)

    just root the servers, give the passwords back the change them.

  • by gweihir ( 88907 ) on Monday November 04, 2013 @10:17PM (#45332911)

    Any sane organization of this size has a password policy that ensures critical passwords are recoverable. Any sane organization makes sure to not have a single-person dependency like that.

    But Childs really lost context: It was not his network. He had no business trying to enforce anything. The SF IT department may run their networks as stupidly as they chose, and while this may lead to criminal and civil liability on their part, it does not lead to any accountability towards Childs.

  • by PPH ( 736903 ) on Monday November 04, 2013 @10:18PM (#45332917)

    ... passwords were in a sealed envelope in my desk drawer, locked. That way, if I got hit by a bus, the boss could break into the desk and hand envelope over to my replacement.

    When I left, I handed him the key to my desk and said, "You know where they are."

  • by Riceballsan ( 816702 ) on Monday November 04, 2013 @10:26PM (#45332983)
    I know long before the terry childs case, I remember my IT teachers explaining that if you took off with passwords etc... to anything they didn't have an account over, the standard response is to hire some rediculously overpriced person who is paid by the hour to gradually break into it, then have the courts foot you the bill. I don't get why this is shocking. The Terry Childs case was a bit of an exception, namely because of his claim that the person who he was under the impression he was supposed to give the information too, was not present. IE childs was not saying he wouldn't give the password unless he was rehired or paid. He was explicitly saying he was going to give the password, but not to the middle manager who was asking him for it. Child's case he could have been screwed either way, giving the admin password to someone who shouldn't have it, makes you liable for the damages they cause... but refusing to give the password, is also a suable offense. If you know who has the rights to the password, and have access, there's no room for debate at all
  • by pla ( 258480 ) on Monday November 04, 2013 @11:46PM (#45333435) Journal

    Your employer owns their hardware, including the "keys" to get into it.

    Childs screwed up by withholding entirely the wrong sort of information. You don't pitch a fit and refuse to give them the passwords - You give them exactly what they've asked for and then watch in glee as they realize they don't have the faintest clue of what to do with those passwords.

    Picture a fairly simple small-scale corporate WAN. Three separate subnets. Nothing massive in scale.

    Now imagine they "no longer need your services" after three years of uninterrupted service.

    Now imagine that you haven't persisted the router configs and they lose power.

    Now imagine a non-technical city manager trying to figure out why he can't get to facebook, and demanding passwords from you.

    When you stop laughing...

    Yes, you can still thoroughly document your infrastructure for your successor, for the (most likely) scenario where you peacefully move on and want to help the poor bastard out. But if you suddenly find yourself "redundant", well, "here you go, all the passwords. Good luck, and I charge $1500/hr as my standard consulting rate".

  • by shentino ( 1139071 ) <shentino@gmail.com> on Monday November 04, 2013 @11:49PM (#45333447)

    After finding out that he concealed material information during a background check, my opinion is that his permission to touch the network at all, even within the scope of his employment duties, was procured fraudulently and his entire CAREER with the city has been one huge social engineering attack, starting when he lied about his criminal history to people who almost certainly would have had ample grounds to decline to have hired him in the first place.

  • by Todd Knarr ( 15451 ) on Tuesday November 05, 2013 @12:38AM (#45333653) Homepage

    ... go to jail. Go directly to jail. Do not pass Go, do not collect $200. Nobody's surprised by this. It's his employer's network, after all, it's their passwords. If they decide to replace you as sysadmin, the only right you have is to insure they and not you are responsible for any problems that ensue (eg. "I will not give you my current password. I will initiate the password change process, enter the current password, and then wait outside the room while my replacement enters his new password. If there are any difficulties, I will assist by re-entering my password and/or unlocking the system until my replacement has successfully changed the password to something not known to me. This is to insure that after the hand-off I no longer have any access to the system.").

    And yes, I've done the moral equivalent of that. Not with a root account, obviously, but when leaving a job I would deliberately fail enough login attempts to lock my user account and made sure they had notice of this and I had a paper trail proving they did. I figure that way they don't have to worry about me accessing the systems, and I don't have to worry about being accused of messing with them after I've left (well, I could be accused but I had the evidence to counter the accusation).

  • by bradley13 ( 1118935 ) on Tuesday November 05, 2013 @01:58AM (#45333945) Homepage

    There are two groups arguing here - I think both may be missing the point.

    Group 1: The passwords belong to your employer, turn them over. It's his fault, because he refused.

    Group 2: He may have been paranoid, but he was really just following policy: don't give passwords to unauthorized people.

    Regardless of which side you are on, ask yourself this: How would this scenario have played out if he worked for a private company? Consider that, in the end, he *did* hand over the passwords to the mayor, i.e., the "big boss". What would a private company have done?

    - They wouldn't be claiming $1.5 million in damages - an absurd figure.

    - They wouldn't try to prosecute him and throw him in jail. Bitter firings happen, life goes on.

    - The *only* likely retribution would be: "don't use us as a reference".

    Sending the guy to jail and suing him for more than his net worth? It takes a government to waste resources on that sort of idiotic vengeance.

  • by JDG1980 ( 2438906 ) on Tuesday November 05, 2013 @03:41AM (#45334185)

    To me, these two paragraphs from the court document are the most damning evidence against Childs:

    Disabling Console Ports. The jury learned that if the console port – the physical means of access to the network on the device itself – is disabled, then the administrator cannot login to the system using what is regarded as the "port of last resort." On July 8 – the day before he was placed on administrative leave – Childs disabled the console ports on all five core devices, preventing the possibility of any password recovery.

    Applying Access Controls. Childs also applied access controls to core devices that required that all administrative access had to be achieved by means of one particular computer, even if the access codes were known. He set up these access controls on core devices on the morning of July 9.

    It's not just that he did these things – which were highly questionable, but might possibly have had some legitimate justification – but that he did them immediately before being placed on administrative leave, when he knew his employers wanted to relocate or fire him. The timing leaves little doubt of his intent.

  • by dskoll ( 99328 ) on Tuesday November 05, 2013 @07:20AM (#45334827) Homepage

    The password is not the real issue here... it's a distraction. The real issue is that Terry Childs apparently deliberately caused a lot of unnecessary expense and hassle to his employer. It doesn't really matter whether he did it by withholding a password or going through the drop ceilings cutting ethernet cables... the net effect was the same.

No spitting on the Bus! Thank you, The Mgt.

Working...