Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
The Courts Security The Almighty Buck IT

Man To Pay $300,000 In Damages For Hacking Employer (bbc.com) 69

An anonymous reader writes: A former private security officer in California must pay nearly $319,000 in damages for attacking his employer's computer systems. Yovan Garcia accessed payroll records at Security Specialists, which provides private security patrols, to inflate the number of hours he had worked. He later hacked the firm's servers to steal data and defaced its website. District Judge Michael Fitzgerald said Garcia had used the stolen data to help set up a rival business. Security Specialists first noticed issues with Mr Garcia's pay records in July 2014, about two years after he joined. In one example, they showed he had worked 12 hours per day over a two-week period and was owed 40 hours of overtime pay, when in fact he only worked eight hours per day.
This discussion has been archived. No new comments can be posted.

Man To Pay $300,000 In Damages For Hacking Employer

Comments Filter:
  • by HornWumpus ( 783565 ) on Thursday May 11, 2017 @01:53PM (#54401335)

    When I was a kid those of us that worked at 'Worlds of Fun' (an amusement park in Kansas City) discovered that their computerized payroll was STUPID.

    We never clocked out and got paid for 24 hours/day, 7 days/week. Some on the night grounds crew slept under the bridges, others and the day crew bought themselves season passes to exit and enter as customers (you couldn't get out the employee route without clocking out). Good times.

    Eventually they figured it out (it wasn't still going on 3 years later, when my younger brother worked there), but there were no consequences. Even though it had to be easy to find with a computerized report.

    • by Anonymous Coward on Thursday May 11, 2017 @02:04PM (#54401413)

      I had a CS Prof that told a story about the early mainframe days at my Uni. When he was a student, they used to give free computer time as rewards for bug reports. He and friends found that the payroll system had no security. Any mainframe user could alter records. So they reported the problem. A week later nothing changed, so they reported it again. Later, still no change.

      So they wrote themselves each a check for -1,000,000 USD.

      They were all called in the next day to explain how the payroll made nearly three million dollars.

    • by gmack ( 197796 )

      My high school's attendance system was worse.. It was designed for a single PC but someone (probably the vendor) had the idea to make it multi user by putting the data files on a network share. The result was that the last person to close the attendance software overwrote everything for the entire school with whatever was current when they opened the software.

      Some teachers were good and opened, did attendance then closed. Some opened it in the morning and closed during the evening. And some were Opening i

  • On the surface, this seems like such a stupid thing to do. It makes you wonder, though, the few cases like this we actually hear about must be in the minority, meaning people are getting away with stuff like this all the time. What leads a person to grow up to be so morally compromised as to think this kind of behaviour is acceptable?

    • by HornWumpus ( 783565 ) on Thursday May 11, 2017 @02:08PM (#54401435)

      If you're hourly, always keep a copy of your hours. Most bosses _will_ try to fuck you on hours, they won't do it on every check. You must continually spot check.

      It's really amazing, how their 'errors' always go one way.

      • by Pascoea ( 968200 )

        Most bosses _will_ try to fuck you on hours

        Most? You must have had a hard work upbringing. Granted yes, you are right, SOME bosses will screw you. Saying MOST will is a little unfair. The only examples I can think of where people claimed "their bosses were fucking them" was the people that tried to game the quarter-hour rounding rules on time clocks. They'd clock in 8 minutes past the hour, or clock out 8 minutes before quitting time and lose the full 15 minutes, then bitch because "they got fucked out of 15 minutes pay".

        • Everybody makes mistakes, but it's funny, how they always make mistakes in their favor. Even your example is an obvious 'always round down' scam.

          I've seen them simply convert minutes into decimal hours. 15 minutes equals 0.15 hours. Or just assume you took your hour lunch, but somehow always catch any long lunches you took.

          0.25 hours/day counts. You can mock someone for complaining about losing quarter hour, but can you also mock them for losing a quarter hour/day?

          You can quibble about the %, but do

          • Intel does their hourly employees at 6 min intervals, but always rounds down... thus:
            you come in at 8:03 am (8.05 am)
            to make up for it you stay till 12:03 before leaving to lunch (12.05pm)
            you would *expect* that interval to be an exact 4 hours, but somehow it always came out to 3.9 hours.
            We had a asshat manager who, if he didn't like you, would use this:
            If you came in late he would make sure you recorded it on your timecard as to the exact time you came in.
            He would then wait for you to leave to lunch and no

          • by Pascoea ( 968200 )

            Even your example is an obvious 'always round down' scam.

            Google "quarter hour rounding rules FLA". Employers are permitted to round to 15 minute increments. As long as the rounding is consistent, 7 minutes gets rounded down, 8 minutes gets rounded up. Not sure how this is an "always round down scam" If I clock in at 8:08 it gets rounded to 8:15, 8:07 gets rounded to 8:00, same thing leading up to the hour. Maybe a better example would have been the worker clocking in at 7 minutes before the hour.

            but do you advise young people to spot check their hours or not?

            To answer your question directly, yes, I would advise people to

            • Nowhere are you required by government to take your full lunch break. Employers are required to give you a lunch break, it can be a half hour, even there if you eat in 10 minutes there is no government rule requiring you to take the half hour. Of course employers with assembly lines etc will have everybody on/off together.

              Personally, I'm so far past that stage of my employment life, it doesn't matter. But some kids are actually fool enough to trust their employers to be somewhat honest. The truth is, eve

        • my brother worked for did it to him at least once. He's clever (not enough to avoid fucking his life up so hard he worked at a series of small computer shops, but I digress), so he caught it every time, but usually when he got hired on the other two or three employees had the same done to them for years and the boss didn't stop until they were called out. The most common scam is working them through lunch for free. Usually with a cheap pizza to shut them up. But rounding "errors" were popular too.

          Most of
          • by taustin ( 171655 )

            my brother worked for did it to him at least once. He's clever (not enough to avoid fucking his life up so hard he worked at a series of small computer shops, but I digress), so he caught it every time,

            So, being a crappy, worthless employee, he could only get crappy jobs at crappy places working for crappy bosses.

            Go figure.

        • by taustin ( 171655 )

          I have found that people who complain that all of their bosses are crooks, and all of their jobs suck, the most likely reason is that good bosses don't hire crappy employees.

      • by mjwx ( 966435 )

        If you're hourly, always keep a copy of your hours. Most bosses _will_ try to fuck you on hours, they won't do it on every check. You must continually spot check.

        It's really amazing, how their 'errors' always go one way.

        Be grateful when errors only go one way.

        If you get overpaid, you're legally required to pay that back even when the fuck up is 100% their fault.

        That being said, never a bad idea to keep your own records of your hours. Even if you dont get paid by the hour.

    • by geek ( 5680 )

      What leads a person to grow up to be so morally compromised as to think this kind of behaviour is acceptable?

      Have you seen the people that run big business and government around the world today? This is child play compared to the shit that not only happens but is greatly rewarded. Ethics are gone in the world today.

      • Have you seen the people that run big business and government around the world today?

        Today? You seem to be implying that things were better during some past golden age, when governments were all efficient and businessmen were altruistic. There is no evidence that corruption is worse today, and some evidence that things are getting better. Also, the public's perception of corruption tends to get worse during the times when corruption is falling the fastest, since tightening ethics often leads to more exposure and prosecutions that put corruption in the news.

  • A GOOD hacker would have covered his tracks so they didn't get caught..

  • From the article:

    According to the Central District Court of California, Mr Garcia had obtained login credentials - without ever having been given them - and accessed the records without authorisation

    So just using an account you are not authorized for is now hacking? It doesn't require circumvention or bypass of technical systems or finding interesting edge cases in the rules of the system any more? Sad.

    • So just using an account you are not authorized for is now hacking?

      He didn't just "access" the account. He stole money and vandalized files.

      It doesn't require circumvention or bypass of technical systems

      I can steal the mail out of your mailbox without bypassing any technical systems. That doesn't make it legal.

      • by Nkwe ( 604125 )
        I should have been more clear. I wasn't saying that what the guy did was or should be legal. I was lamenting over the loss (or change) of the meaning of the term "hacking" in general. Hacking used to mean finding an edge case or a loophole in a technical system and hacking used to require a high level of skill and understanding of a system, so much so that those performing hacking (hackers) were looked up upon and revered -- sometimes to the point of being given a pass for breaking or bending rules and laws
    • by taustin ( 171655 )

      "Hacking" isn't a legal term, it's a news reporting term. And like all news reporting, it's basically meaningless. The only meaningful information is "he did something, got caught, and is being punished." Everything else is buzzwords to sell advertising.

  • After he agreed to pay $319,000, the man claimed he accidentally made some mistake and paid back twice. He demands the former employer check his computer systems and if they find $638,000 credit from First Magical Bank of Lalaland, dated 2017 Feb 30, confirmation number 123412341234 they must return the "excess" payment.
  • Considering he was able to use the data he took to launch a business of his own, $319K is a bargain. I mean, that's a cost of doing business expense if that's all he has to pay.

    • by taustin ( 171655 )

      You're assuming his business is successful. Given he's an idiot, I think that's a bit optimistic.

  • It's quite obvious that their processes were so poor that it could not even protect them from fraud. What this guys did was wrong, but frankly, as so called 'Security Specialists' they deserve it.

    It's interesting to observe that there are still no damages against companies who maintain the same poor security when it leaks their customers identity data.

    I wonder how quickly these security issues would be fixed if these companies could not litigate for damages causes by their own nonfeasance.

  • I put icons with silly names on his desktop.

    Okay, not really the same thing.

I do not fear computers. I fear the lack of them. -- Isaac Asimov

Working...