News Disgruntled ex-employee costs company over $600,000 after he deletes all 180 of its test servers — found server deletion scripts on Google

[Admin]

NCS forgot to delete a former employee's access credentials, allowing him to install delete scripts that wiped out all 180 of its testing servers.

Disgruntled ex-employee costs company over $600,000 after he deletes all 180 of its test servers — found server deletion scripts on Google : Read more

 

[bit_user]

I had a coworker who deleted his hard drive, when he left the company. I was able to recover the filesystem, undelete files he had removed, and found he had accessed the laptop from machines on his home network. Can't say any more about that.

Had he not deleted the filesystem, I wouldn't have even thought to recover the deleted files and check to see what it was he was trying to cover up.

 

[chaz_music]

How about this one:

When landlines were still being used, a fired telecom worker got even by taking an arc welder and frying the underground cables at their termination point. It was all over the news because of the damage it caused, including peoples' phones and modems. It spawned many copycat acts.

I was a former manager, and I learned from stories like this that it is important to communicate clearly to poorly performing employees and to try to motivate them. Blasting someone out of the blue (usually out of anger) is tasteless and does little to help the company or the employee, and it can lead to actions like this if the employee is unstable. And a manager that does that without prior communication is just acting as an entitled horses' backside.

But, I did have an employee that kept a machete in his car "just in case", and I told him to make sure there wasn't one in his desk "just in case".

 

[OLDKnerd]

Well when you let someone go, and especially under not relaxed circumstances, you better make damn sure that person do not have any access to any of your stuff.
Countless videos of people fired getting " even " with their employer.

 

[pug_s]

That's what happens when you let foreign consultants work in your IT infrastructure.

 

[bit_user]

That's what happens when you let foreign consultants work in your IT infrastructure.

It's unfair to generalize from this single example. I'm 100% certain there are oodles of examples that don't involve a foreign worker.

 

[bit_user]

Well when you let someone go, and especially under not relaxed circumstances, you better make damn sure that person do not have any access to any of your stuff.

In some countries, a layoff (i.e. reduction in force), where employees aren't being terminated for any fault of their own, requires them to be given advance notice. So, there'd be an overlap period where they're still employed but aware that their employment will soon end. However, I think nobody says they have to be given the same responsibilities as before they were given notice. So, that could be the workaround many employers take.

 

[Notton]

There is too much to speculate from this short story.

Obviously the worker should have talked to a lawyer to try to get monetary compensation from the company.
If the company did something wrong under the law, it could potentially have costed them way more than $600k in civil and federal/state courts.

However, that's not to say that labor rights laws are perfect by any means. Sometimes you, as a worker, have no recourse against the company.

 

[A Stoner]

Obviously, he really was an underperformer and incompetent considering how easy he made it for them to identify him and capture him.

 

[TJ Hooker]

In some countries, a layoff (i.e. reduction in force), where employees aren't being terminated for any fault of their own, requires them to be given advance notice. So, there'd be an overlap period where they're still employed but aware that their employment will soon end. However, I think nobody says they have to be given the same responsibilities as before they were given notice. So, that could be the workaround many employers take.

This be what you were getting at with your last couple sentences but:

The law may require the business to continue paying the employee for X amount of time, but I doubt the law requires the business to actually provide them access to anything. So all company property is taken back, building access/logins revoked from the second the employee steps into that meeting, immediately after which they are escorted out of the building. Even though they may still be getting a paycheck for some arbitrary amount of time after. At least for employees who had access to critical resources.

 

[PEnns]

"the authorities found the scripts he used on NCS’s servers, as well as his Google search history for scripts to delete virtual servers."

So this really smart but vengeful IT guy doesn't erase his browsing history??

 

[COLGeek]

That's what happens when you let foreign consultants work in your IT infrastructure.

No, this myopic and offensive statement is not what necessarily happens.

In a globally connected world, international team members are a reality for most companies. Might be time to broaden your perspective.

I have personally seen this happen with US citizens, who held clearances at the time of the transgression, do such things. Nationality is not a factor here.

Poor dismissal and permission policies are the real issues here.

 

[bit_user]

This be what you were getting at with your last couple sentences but:

The law may require the business to continue paying the employee for X amount of time, but I doubt the law requires the business to actually provide them access to anything. So all company property is taken back, building access/logins revoked from the second the employee steps into that meeting,

This happened to some people I worked with, and that's not how it was handled, though I'm a little foggy on the details because I wasn't directly in touch with them during that time period. As I understand it, they continued to have logins and access to the building, though I'm not sure how much work they got done in those final days.

 

[TJ Hooker]

This happened to some people I worked with, and that's not how it was handled, though I'm a little foggy on the details because I wasn't directly in touch with them during that time period. As I understand it, they continued to have logins and access to the building, though I'm not sure how much work they got done in those final days.

Luckily I haven't had to experience it myself, nor have any of my close coworkers, but that (the way I described earlier) is apparently how it's done at my work (defense company) when the split isn't mutual.

 

[bit_user]

that is apparently how it's done at my work (defense company) when the split isn't mutual.

Is it ever truly mutual? IMO, the main distinction is when it's being done as a reduction in force (layoff) vs. being terminated with cause. I guess someone voluntarily taking an "early retirement" package is the closest you might find to a "mutual decision".

BTW, the location in question was Belfast, NI. So, anyone with more specific information about the employment laws there can feel free to pipe up.

 

[TechnoBob1987]

I had a coworker who deleted his hard drive, when he left the company. I was able to recover the filesystem, undelete files he had removed, and found he had accessed the laptop from machines on his home network. Can't say any more about that.

Had he not deleted the filesystem, I wouldn't have even thought to recover the deleted files and check to see what it was he was trying to cover up.

These are the best kinds of workers - They know that they have done something wrong, so they try and hide their tracks, but they don't know enough to do a thorough job at it. Throughout my professional life I have had several instances similar to this, and inevitably these individuals didn't think through their plan very well at all.

 

[TJ Hooker]

Is it ever truly mutual? IMO, the main distinction is when it's being done as a reduction in force (layoff) vs. being terminated with cause. I guess someone voluntarily taking an "early retirement" package is the closest you might find to a "mutual decision".

BTW, the location in question was Belfast, NI. So, anyone with more specific information about the employment laws there can feel free to pipe up.

Yeah, "mutual" isnt the right word. Maybe "employee-initiated", i.e. when the employee retires or quits. In contrast to employer-initiated, i.e. layoff or firing.

 

[UnforcedERROR]

I'm not vindictive enough to do these kinds of things, no matter the circumstances. That said, it's interesting how little employers consider these kinds of acts. I departed a job a few years back, and since I use the same file system at my current job I know that I was never removed from my previous job's access. These are all cloud documents, they are the only permanent storage of said company, and it baffles me that there's both a lack of redundancy and disregard for potential tampering. I did not leave on bad terms, but I know multiple previous employees who did. I could absolutely see this happening in the future.

 

[bit_user]

Maybe "employee-initiated", i.e. when the employee retires or quits.

You just reminded me that one job I quit left my building access and login enabled for several weeks afterwards, so I could continue helping out on a project I was involved in. After a while, the IT guy got nervous and said he was going to cut me off, which was fine with me since I was under pressure of deadlines at my new job.

 

[purposelycryptic]

Having a proper backup infrastructure is important for many reasons - this is clearly one of them. At the very least, the periodic full backups shouldn't be accessible through the same system (or ideally just stored on entirely disconnected drives, in a physically locked room somewhere), just so that if a malicious actor gains access, regardless of how, you aren't entirely screwed.

 

[bill001g]

"the authorities found the scripts he used on NCS’s servers, as well as his Google search history for scripts to delete virtual servers."

So this really smart but vengeful IT guy doesn't erase his browsing history??

The could have gotten it from google based on his IP and a warrant. It is very scary what google keeps long term and will hand over to governments.

 

[TomLS]

The rule is to remove credentials at least 2-3 days before his last. He can use his final days training his successors.

 

[USAFRet]

Poor dismissal and permission policies are the real issues here.

QFT.

 

[Ewitte]

The IT company seems incompetent as well. Why weren't his credentials not disabled? It wouldn't cost that much money unless they didn't have proper backups!

 

[brandonjclark]

You know what they say about Singapore, right? "It's a FINE city."


This isn't a disparagement of the city, either. They will happily agree to this statement.

Over two years for test servers sounds about right for Singapore.

600k for DELETING (un-allocating and reducing costs) sounds about right.

It's a FINE for unauthorized access. TWO AND HALF YEARS FOR A WHITE COLLAR CRIME.