Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Crime Businesses IT Technology

Rogue System Administrator Faces 10 Years In Prison For Shutting Down Servers, Deleting Core Files On the Day He Was Fired (techspot.com) 237

Joe Venzor, a former employee at boot manufacturer Lucchese, had a near total meltdown after he got fired from his IT system administrator position. According to TechSpot, he shut down the company's email and application servers and deleted the core system files. Venzor now faces up to 10 years in prison and a $250,000 fine. From the report: Venzor was let go from his position at the company's help desk and immediately turned volatile. He left the building at 10:30AM and by 11:30, the company's email and application servers had been shut down. Because of this, all activities ground to a halt at the factory and employees had to be sent home. When the remaining IT staff tried to restart them, they discovered the core system files had been deleted and their account permissions had been demoted. Eventually the company was forced to hire a contractor to clean up all of the damage, but this resulted in weeks of backlog and lost orders. While recovering from the attack was difficult, finding out who did it was simple. Venzor was clearly the prime suspect given the timing of the incident, so they checked his account history. They discovered he had collected usernames and passwords of his IT colleagues, created a backdoor account disguised as an office printer, and used that account from his official work computer.
This discussion has been archived. No new comments can be posted.

Rogue System Administrator Faces 10 Years In Prison For Shutting Down Servers, Deleting Core Files On the Day He Was Fired

Comments Filter:
  • by xevioso ( 598654 ) on Friday March 31, 2017 @06:30PM (#54155221)

    I guess he did not like getting the boot.

  • by PPH ( 736903 ) on Friday March 31, 2017 @06:42PM (#54155309)

    It all happened so fast, officer. He ran that way. He was short, beige and had a tattoo that said Lexmark.

  • by somenickname ( 1270442 ) on Friday March 31, 2017 @06:49PM (#54155349)

    Those core files were probably stale anyway.

  • I don't quite get it (Score:5, Informative)

    by 93 Escort Wagon ( 326346 ) on Friday March 31, 2017 @06:54PM (#54155371)

    Are we supposed to be outraged or something? It sure sounds like the guy deserved to be fired - and, based on the actions he took after being fired, he deserves prison time and a significant financial penalty.

    • nah, everyone is supposed to rant and rave, and then they can run their sentiment-detection algorithms on the comment pool. it's kind of like a poll, but more participatory.

    • by pellik ( 193063 )
      We're supposed to be mildly amused. Not sure how much more you can expect from /. anymore.
    • Are we supposed to be outraged or something?

      Based on what he did, no. However we'd like to get more information on how he was fired. Everyone needs some respect in that case, especially someone who has admin access to all systems.

    • We should mostly agree that 'don't be stupid' is a good rule to follow. Though we man rant about having similar feelings about past employers, just not enough to take any such actions.

    • by AmiMoJo ( 196126 )

      Shouldn't have taken so long to fix I guess. VM restored from backup, base system installed fresh... But then again, maybe this is why they fired the guy.

    • to society? If you just want punishment for punishment's sake I guess there's that. He's a first time offender, the damage was minimal. Nobody got hurt, and they just needed a few contractors (read: Cheap Windows guys) to sort it all out. "Core Files" here if you RTFA means he broke the OS. He should get slapped with restitution equal to lost sales and the contractor hours + a little for pain/suffering (very little) and sent on his merry way. Maybe get some court mandated therapy. By the sound of it this w
      • By the sound of it this was a spur of the moment/rage thing.

        You're right, he's a genius that should be free! Because his "spur of the moment rage thing" involved him, in the hour after he was fired, to invent a time machine that allowed him to go back and make a collection of his co-workers account/password information and set up his back doors. What kind of person who has just been fired has the presence of mind to invent time travel in only an hour? A frickin' GENIUS, that's what kind.

        Oh, you didn't RTFA, did you. Nope.

        He deliberately, and meticulously plan

  • by sokk ( 691010 ) on Friday March 31, 2017 @07:12PM (#54155461)
    It's 2017. Everything should be running in VMs, and snapshots of those VMs should've been backed up. Guess the IT department wasn't up to scratch.
    • Catch-22: Who's in charge of backups?

    • Everything should be running in VMs,

      I am a VMS fan myself but I wouldn't recommend using it on a new project in this day and age. HP don't support it well enough.

    • He had physical access. What good is a VM?

    • That's a very 1990 way of looking at things in server space (IBM etc was doing it then). Zones (AKA containers) are a less wasteful way separate things and unlike recent VMs there is some consideration of security.
      "Everything" is a bad word to use when describing something outside of your own workplace in terms of what applies inside yours.

      In the MS world VMs are the bandaid solution to poor resource management by an OS. Outside of the MS world there is less need and very frequently you want a piece of h
      • That's a very 1990 way of looking at things in server space (IBM etc was doing it then). Zones (AKA containers) are a less wasteful way separate things and unlike recent VMs there is some consideration of security. "Everything" is a bad word to use when describing something outside of your own workplace in terms of what applies inside yours. In the MS world VMs are the bandaid solution to poor resource management by an OS. Outside of the MS world there is less need and very frequently you want a piece of hardware (or a cluster) to be dedicated to a single task - so a VM is pointless in that situation apart from convenience of backups (which once again outside of the MS world is trivially easy).

        A VM, is pointless?

        In the real world you properly assess risk and impact, define an SLA, virtualize all critical servers in VMWare, and run encrypted snapshot backups multiple times a day, written to tape nightly and kept offline as well as offsite, away from any risk of "rouge" attack. Proper snapshots capture the entire server (including those pesky "core system files"). Had they used and protected VMs properly, it would have likely resulted in little more than getting admin rights back and restoring t

    • by rtb61 ( 674572 )

      Kind of make you wonder who should be gaining a custodial sentence the wacko help desk dude or the crap sys admins, I mean, really, really bad sys admins. The help desk guy did, should only be a overnight fix. For them to claim damages the bulk of which is as a result of incompetence is kind of extreme. Sorry nothing more than a tiny bit of incompetent vandalism, the rest that is incompetent sys admins and the crazy help desk dude basically did management a favour in letting them know how incompetent their

      • by rtb61 ( 674572 )

        Whoops forgot the required car analogy. It was like the help desk guy cut them off and as a result of really poor management all four wheels fell of the car when they swerved due to no lug nuts, the front of the car dug into the road, the car then flipped and went off a cliff. Dude just cut them off, the wheels should never have fallen off.

    • by arth1 ( 260657 )

      It's 2017. Everything should be running in VMs

      Including the host? And the host that the host runs as a guest on? And the host that the host that the host runs as a guest on?
      In your world view, I guess it's turtles all the way down.

      and snapshots of those VMs should've been backed up.

      Right, because a sysadmin can never manipulate backups...

  • by ooloorie ( 4394035 ) on Friday March 31, 2017 @07:13PM (#54155465)

    They are a bloody nuisance and just take up disk space.

    • Thanks for that. Of note:

      "a list of account usernames and passwords for network systems and services" -- Not of his coworkers.
      "Venzor allegedly used a separate Lucchese network account named elplaser" -- Does not say he created it like the 1st article.

      Strange that there is a delta in the information provided by the two articles.

  • Sloppy. (Score:5, Informative)

    by Gravis Zero ( 934156 ) on Friday March 31, 2017 @07:32PM (#54155593)

    Come on, people, if you are going to get revenge on the company that canned you, you're supposed to set up a daemon on day one that checks to see if you have logged in the last month and then begins corrupting backups as they are made for the next 5 months, at which time it will execute a total system meltdown that results in total data loss! I swear, you youngin's know nothin' about properly destroying the lives of those who have wronged you! ;)

    • Re:Sloppy. (Score:5, Interesting)

      by onepoint ( 301486 ) on Friday March 31, 2017 @08:35PM (#54155823) Homepage Journal

      And while I know you are sarcastic, it's people that think in this manner that ruin people's lives for years. I Almost lost my company if it was not for my backup policy. I would do back-ups monthly myself on Saturday morning and retrieve the cassettes Sunday afternoon, take them home and store. an employee that I fired for doing something real bad did a time bomb on the payroll system and sent a system-wide delete. well long story short, 3 days of employee's working part time with note pads I got a basic restore done, then one system at a time did re-installs ... 2 weeks later we were back in business.

      to this day I keep backup's of data, spare computer laptops just in case, and 1 month payroll and 1 month of expenses LOL never again I hope

      if the business would have failed, it would have cost 38 people's employment and my business ruined.

      safe to say, that I never let only 1 person handle backing up the systems ever

      • by arth1 ( 260657 )

        And while I know you are sarcastic,

        He wasn't. He was joking. Sarcasm is a form of irony that targets one of the listeners/readers. This was neither irony nor did it target someone.

      • And while I know you are sarcastic, it's people that think in this manner that ruin people's lives for years.

        indeed. some people have not faced exceptionally emotionally stressful situations or do not know how to properly cope with strong emotions. At our core, we are still just animals that have only recently begun to act (slightly more) civilized.

    • I was accused of doing this at a former employer. I was fired for "job abandonment" and later that day some of their systems went down. Fortunately, it was easy to prove I wasn't responsible. There's no internet in the intensive care unit. (Which was why I didn't show up for work or call in sick.)

      Now my medical alarm has a Pi attached that will tweet my family...and my employer.

      They didn't offer to re-instate me either. Cool beans. I was about to quit anyway because they were not nice people. Always, but al

  • by Anonymous Coward on Friday March 31, 2017 @08:08PM (#54155715)

    Don't get me wrong, this guy certainly deserves punishment if guilty, but 10 years? Did any CEOs or politicians get 1 day of jail time for the 2008 financial crisis?

    • by gweihir ( 88907 )

      CEOs and politicians are not accountable for their actions these days. Their crimes are "to big to be punished".

  • by GoChickenFat ( 743372 ) on Friday March 31, 2017 @08:39PM (#54155845)
    This guy had that kind of access, and knowledge for that matter, as a help desk employee? The article is confusing but who puts a sys admin on the help desk with any ability to access all company servers in the first place?

    ...and I found my answer...a company that is dumb enough to run it's entire business applications from a single server. http://www.kvia.com/crime/fbi-... [kvia.com] "Investigators learned that the server controlled the company's production line, warehouse, distribution center and its ability to take orders."
    • Re:Help Desk?!? (Score:5, Interesting)

      by dbIII ( 701233 ) on Friday March 31, 2017 @10:49PM (#54156309)

      a company that is dumb enough

      The answer is "small" not dumb. If there isn't a lot to do a single server can get the job done.
      If I was in that situation I'd want to keep the server hardware up to date and have a working older server ready to turn on when something goes wrong, but I don't see that a single server was the problem here.

    • by AK Marc ( 707885 )
      I've worked at places where the CIO was the only IT employee. A biased article looking to vilify could call him the "help desk guy".
      • I've known a 'CIO' that had to get approval for any expense greater than $50.

        He had negotiated the title in lieu of a raise. Moron. He was still just the 'computer guy'.

    • ...a company that is dumb enough to run it's entire business applications from a single server. http://www.kvia.com/crime/fbi-... [kvia.com] "Investigators learned that the server controlled the company's production line, warehouse, distribution center and its ability to take orders."

      Uh, a company "dumb enough"? This "single server" is also known as an ERP system. And a shitload of large companies around the world run ERP systems. The dumb part is not protecting them with a valid DR strategy.

      • um...yes, worked on plenty of them for several companies - SAP, JD Edwards, etc. and it's not a requirement that they run on a single server - unless you count a custom cobol program running on a mainframe in the 90's but those were staffed with 24/7 "computer operators" who basically managed massive amounts of tape backup libraries. And what you're actually referring to needing is a business continuity plan (BCP) of which disaster recover (DR) is just one part of that plan. So given that, in this story t
  • I suppose the exit interview did not go well.

    Curious writings though: "What happens though if the person being fired is an IT system administrator in charge of managing those accounts?" "Venzor was let go from his position at the company's help desk and immediately turned volatile."

    Something's missing. They call him an IT system administrator in one sentence, then say he was a part of the company's help desk in the next. Collecting usernames and passwords, this I see, and an account 'disguised' as a printer

    • for smaller or medium size businesses it is not uncommon for admins to also be helpdesk people.
    • by arth1 ( 260657 )

      and an account 'disguised' as a printer...

      If they used a really old Unix server, chances is that the lp user account didn't have a password by default.

  • by dbIII ( 701233 ) on Friday March 31, 2017 @10:09PM (#54156175)
    It seems the hype and hysteria over computer issues is still ongoing.
    • I would like to know what the sentence would have been if he'd taken a baseball bat to the server and backup media instead of using electronic means.

      • by dbIII ( 701233 )
        Better example - probably just a warning and good behavior bond instead of a possible ten years.
    • He didn't get 10 years, 10 years is the maximum he CAN get under the law. though this arsehole looks like he probably deserves the maximum
    • by gweihir ( 88907 )

      It is. People are still exceptionally stupid and this is one thing they understand even less (it that is possible).

  • by onkelonkel ( 560274 ) on Saturday April 01, 2017 @09:21AM (#54157433)

    I used to work at a $Very Big Transportation Company from 1982 to 1998. They are now clients of our company. Earlier this year Transportation Company needed to give me access to some of their systems. My old username and account, from 1998, were still in their systems.

    • I got laid off from eBay in 2009. A few years later I came back to eBay to do a PC refresh project. When I needed to fix a problem for a user and got prompted for an admin password, I typed in the old password and it worked. When I brought it to management's attention, they changed the admin password — and gave me the new admin password. When I had a job interview at eBay a few years ago, they were taking security more seriously as they were hiring remediation techs to fix the Heartbleed Bug [heartbleed.com].

My idea of roughing it is when room service is late.

Working...