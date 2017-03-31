Rogue System Administrator Faces 10 Years In Prison For Shutting Down Servers, Deleting Core Files On the Day He Was Fired (techspot.com) 39
Joe Venzor, a former employee at boot manufacturer Lucchese, had a near total meltdown after he got fired from his IT system administrator position. According to TechSpot, he shut down the company's email and application servers and deleted the core system files. Venzor now faces up to 10 years in prison and a $250,000 fine. From the report: Venzor was let go from his position at the company's help desk and immediately turned volatile. He left the building at 10:30AM and by 11:30, the company's email and application servers had been shut down. Because of this, all activities ground to a halt at the factory and employees had to be sent home. When the remaining IT staff tried to restart them, they discovered the core system files had been deleted and their account permissions had been demoted. Eventually the company was forced to hire a contractor to clean up all of the damage, but this resulted in weeks of backlog and lost orders. While recovering from the attack was difficult, finding out who did it was simple. Venzor was clearly the prime suspect given the timing of the incident, so they checked his account history. They discovered he had collected usernames and passwords of his IT colleagues, created a backdoor account disguised as an office printer, and used that account from his official work computer.
An admin can still override authentication. Whats needs is to bring the new admin in before you sack the old one. He removes admin privileges from the guy being sacked. That, or isolate the system from the outside world for a while but in this day and age that may be impossible from a business perspective.
in this case, they did remove admin privileges from the guy being sacked, he used other people's accounts to access things remotely.
Two Factor authentication could have blocked that by preventing him from impersonating other admins.
It is scary just how hard it can be to detect a rogue employee trying to sabotage you. There are only a few things you can actually do to limit impact to a reasonable level.
That's the wrong way to go about that. If you're going to go to that length you might as well make it a subtle surprise for the future. And think about it, if you're really such a good employee that a company would be devastated to lose you it should be evident when you leave by the fact that you're no longer doing the job.
Do the best job you can. Sometimes that works out to be unappreciated, but then you get to move on to a more lucrative position and the company gets to try to find someone to fill your
I don't quite get it (Score:3)
Are we supposed to be outraged or something? It sure sounds like the guy deserved to be fired - and, based on the actions he took after being fired, he deserves prison time and a significant financial penalty.
Backups? (Score:2)
Catch-22: Who's in charge of backups?
Sloppy. (Score:3)
Come on, people, if you are going to get revenge on the company that canned you, you're supposed to set up a daemon on day one that checks to see if you have logged in the last month and then begins corrupting backups as they are made for the next 5 months, at which time it will execute a total system meltdown that results in total data loss! I swear, you youngin's know nothin' about properly destroying the lives of those who have wronged you!
