Man To Pay $300,000 In Damages For Hacking Employer (bbc.com) 69
An anonymous reader writes: A former private security officer in California must pay nearly $319,000 in damages for attacking his employer's computer systems. Yovan Garcia accessed payroll records at Security Specialists, which provides private security patrols, to inflate the number of hours he had worked. He later hacked the firm's servers to steal data and defaced its website. District Judge Michael Fitzgerald said Garcia had used the stolen data to help set up a rival business. Security Specialists first noticed issues with Mr Garcia's pay records in July 2014, about two years after he joined. In one example, they showed he had worked 12 hours per day over a two-week period and was owed 40 hours of overtime pay, when in fact he only worked eight hours per day.
When I was a kid... (Score:3)
When I was a kid those of us that worked at 'Worlds of Fun' (an amusement park in Kansas City) discovered that their computerized payroll was STUPID.
We never clocked out and got paid for 24 hours/day, 7 days/week. Some on the night grounds crew slept under the bridges, others and the day crew bought themselves season passes to exit and enter as customers (you couldn't get out the employee route without clocking out). Good times.
Eventually they figured it out (it wasn't still going on 3 years later, when my younger brother worked there), but there were no consequences. Even though it had to be easy to find with a computerized report.
Re:When I was a kid... (Score:4, Interesting)
I had a CS Prof that told a story about the early mainframe days at my Uni. When he was a student, they used to give free computer time as rewards for bug reports. He and friends found that the payroll system had no security. Any mainframe user could alter records. So they reported the problem. A week later nothing changed, so they reported it again. Later, still no change.
So they wrote themselves each a check for -1,000,000 USD.
They were all called in the next day to explain how the payroll made nearly three million dollars.
Re:When I was a kid... (Score:5, Funny)
That reminds me of the time I read a comment on an online forum about someone who had a CS Prof that told him a story about the early mainframe days at his university. When he was a student, they gave free computer time as a reward for filing bug reports.
Him and his friends found that the payroll system had no security whatsoever and that any user could alter the records. So they reported the problem but a week later nothing changed, so they reported it again. Later, still no change.
So they wrote themselves each a check for minus one million dollars. They were all called in the next day to explain how the payroll system made nearly three million dollars.
And then when he posted that story online, some jerk told him that most of those stories are complete bullshit.
Re: (Score:3)
At the time, owned by the Hunt brothers. Same scumbags who lost most of their inherited money trying to corner the silver market, now only millionaires. Fuck em. Yes, I'm proud of every penny I took off them.
Re: (Score:2)
My high school's attendance system was worse.. It was designed for a single PC but someone (probably the vendor) had the idea to make it multi user by putting the data files on a network share. The result was that the last person to close the attendance software overwrote everything for the entire school with whatever was current when they opened the software.
Some teachers were good and opened, did attendance then closed. Some opened it in the morning and closed during the evening. And some were Opening i
Re: (Score:2)
As a consultant I've honestly billed 30+ hours in a day, without double counting. 15 of those hours were travel time. Didn't cross the dateline at exactly midnight, but close enough.
Re: (Score:3)
A strange game. The only winning move is not to play.
Would you like to play a nice game of chess?
What could possibly go wrong? (Score:2)
On the surface, this seems like such a stupid thing to do. It makes you wonder, though, the few cases like this we actually hear about must be in the minority, meaning people are getting away with stuff like this all the time. What leads a person to grow up to be so morally compromised as to think this kind of behaviour is acceptable?
Re:What could possibly go wrong? (Score:5, Informative)
If you're hourly, always keep a copy of your hours. Most bosses _will_ try to fuck you on hours, they won't do it on every check. You must continually spot check.
It's really amazing, how their 'errors' always go one way.
Re: (Score:3)
Most bosses _will_ try to fuck you on hours
Most? You must have had a hard work upbringing. Granted yes, you are right, SOME bosses will screw you. Saying MOST will is a little unfair. The only examples I can think of where people claimed "their bosses were fucking them" was the people that tried to game the quarter-hour rounding rules on time clocks. They'd clock in 8 minutes past the hour, or clock out 8 minutes before quitting time and lose the full 15 minutes, then bitch because "they got fucked out of 15 minutes pay".
Re: (Score:2)
Everybody makes mistakes, but it's funny, how they always make mistakes in their favor. Even your example is an obvious 'always round down' scam.
I've seen them simply convert minutes into decimal hours. 15 minutes equals 0.15 hours. Or just assume you took your hour lunch, but somehow always catch any long lunches you took.
0.25 hours/day counts. You can mock someone for complaining about losing quarter hour, but can you also mock them for losing a quarter hour/day?
You can quibble about the %, but do
Re: (Score:2)
Intel does their hourly employees at 6 min intervals, but always rounds down... thus:
you come in at 8:03 am (8.05 am)
to make up for it you stay till 12:03 before leaving to lunch (12.05pm)
you would *expect* that interval to be an exact 4 hours, but somehow it always came out to 3.9 hours.
We had a asshat manager who, if he didn't like you, would use this:
If you came in late he would make sure you recorded it on your timecard as to the exact time you came in.
He would then wait for you to leave to lunch and no
Re: (Score:2)
Even your example is an obvious 'always round down' scam.
Google "quarter hour rounding rules FLA". Employers are permitted to round to 15 minute increments. As long as the rounding is consistent, 7 minutes gets rounded down, 8 minutes gets rounded up. Not sure how this is an "always round down scam" If I clock in at 8:08 it gets rounded to 8:15, 8:07 gets rounded to 8:00, same thing leading up to the hour. Maybe a better example would have been the worker clocking in at 7 minutes before the hour.
but do you advise young people to spot check their hours or not?
To answer your question directly, yes, I would advise people to
Re: (Score:2)
Nowhere are you required by government to take your full lunch break. Employers are required to give you a lunch break, it can be a half hour, even there if you eat in 10 minutes there is no government rule requiring you to take the half hour. Of course employers with assembly lines etc will have everybody on/off together.
Personally, I'm so far past that stage of my employment life, it doesn't matter. But some kids are actually fool enough to trust their employers to be somewhat honest. The truth is, eve
Just about every small computer shop (Score:2)
Most of
Re: (Score:1)
my brother worked for did it to him at least once. He's clever (not enough to avoid fucking his life up so hard he worked at a series of small computer shops, but I digress), so he caught it every time,
So, being a crappy, worthless employee, he could only get crappy jobs at crappy places working for crappy bosses.
Go figure.
Re: (Score:2)
I have found that people who complain that all of their bosses are crooks, and all of their jobs suck, the most likely reason is that good bosses don't hire crappy employees.
Re: (Score:2)
Like attracts like.
Re: (Score:2)
If you're hourly, always keep a copy of your hours. Most bosses _will_ try to fuck you on hours, they won't do it on every check. You must continually spot check.
It's really amazing, how their 'errors' always go one way.
Be grateful when errors only go one way.
If you get overpaid, you're legally required to pay that back even when the fuck up is 100% their fault.
That being said, never a bad idea to keep your own records of your hours. Even if you dont get paid by the hour.
Re: (Score:2)
When Steven Hyde says stuff like that in That '70s Show, it's funny.
When it's real life, it's not funny anymore.
Re: (Score:2)
What leads a person to grow up to be so morally compromised as to think this kind of behaviour is acceptable?
Have you seen the people that run big business and government around the world today? This is child play compared to the shit that not only happens but is greatly rewarded. Ethics are gone in the world today.
Re: (Score:2)
Have you seen the people that run big business and government around the world today?
Today? You seem to be implying that things were better during some past golden age, when governments were all efficient and businessmen were altruistic. There is no evidence that corruption is worse today, and some evidence that things are getting better. Also, the public's perception of corruption tends to get worse during the times when corruption is falling the fastest, since tightening ethics often leads to more exposure and prosecutions that put corruption in the news.
Re: (Score:2)
What a load of bullshit. The almost complete disappearance of the middle class disproves every idiotic point you attempted to make.
Re: What could possibly go wrong? (Score:2)
Corruption is falling the fastest because people thing things are more corrupt than ever?
Want the fuck?
Doooo bomp bomp (Score:2)
Chk a chk ahhh... [youtube.com]
Not a good hacker... (Score:2)
A GOOD hacker would have covered his tracks so they didn't get caught..
Re: (Score:3)
If he had half a brain, he would have just increased his hourly rate.
Management sometimes looks at overtime totals.
Re:Not a good hacker... (Score:4, Insightful)
A better way would be to send all the rounding errors of the payment system into a separate account. Nobody's going to miss fractions of a cent.
Re: (Score:2)
Re: (Score:2)
Duh.
Also: it was actually done by a coder in the early 70s. It was legal at the time. That guy accomplished my life's ambition, He invented a new crime.
This is hacking now? (Score:2)
According to the Central District Court of California, Mr Garcia had obtained login credentials - without ever having been given them - and accessed the records without authorisation
So just using an account you are not authorized for is now hacking? It doesn't require circumvention or bypass of technical systems or finding interesting edge cases in the rules of the system any more? Sad.
Re: (Score:2)
So just using an account you are not authorized for is now hacking?
He didn't just "access" the account. He stole money and vandalized files.
It doesn't require circumvention or bypass of technical systems
I can steal the mail out of your mailbox without bypassing any technical systems. That doesn't make it legal.
Re: (Score:2)
Re: (Score:2)
"Hacking" isn't a legal term, it's a news reporting term. And like all news reporting, it's basically meaningless. The only meaningful information is "he did something, got caught, and is being punished." Everything else is buzzwords to sell advertising.
Unexpected twist in the story. (Score:2)
That's a bargain. (Score:2)
Considering he was able to use the data he took to launch a business of his own, $319K is a bargain. I mean, that's a cost of doing business expense if that's all he has to pay.
Re: (Score:2)
You're assuming his business is successful. Given he's an idiot, I think that's a bit optimistic.
Litigating incompetence (Score:2)
It's quite obvious that their processes were so poor that it could not even protect them from fraud. What this guys did was wrong, but frankly, as so called 'Security Specialists' they deserve it.
It's interesting to observe that there are still no damages against companies who maintain the same poor security when it leaks their customers identity data.
I wonder how quickly these security issues would be fixed if these companies could not litigate for damages causes by their own nonfeasance.
I've hacked my employer. (Score:2)
Okay, not really the same thing.