News Disgruntled ex-employee costs company over $600,000 after he deletes all 180 of its test servers — found server deletion scripts on Google

[MJS WARLORD]

Back in the 1970's a pal of mine was given the job of installing word processor networks at our factory.
He found out he was going to be made redundant when he had finished the job. He knew that when he left all his contacts folders would be taken off him because they were technically company property.

As he was installing the equipment he " tested " it by copying 20 years worth of folders that contained details of every suppler he had ever dealt with. On his last day as he was leaving the boss asked him for the folders , he pretended to be angry but handed them over.

He then went to a rival company and used his copied folders to help him undercut his old firms contracts.
The end result was his new boss got lots of supplies cheaper than they had in the past and his old company lost orders because they could not compete with them.

 

[bit_user]

We all have to download the occasional personal file to our company laptops at least once and I’m just too paranoid to hand it back over.

I don't. My employer has a web portal I can access from my home PC, for things like downloading my W-2 form.

Anyway, their standard practice for reissuing laptops is to wipe the drive and reinstall. One time they didn't do that is when a guy was let go while working on a patent case. So, they imaged his drive before wiping and reinstalling it. In this case, I was hoping to convince them not to wipe it, because he went to quite some trouble to make it dual-boot between Windows & Linux and I seem to recall he had to wrestle with Bitlocker to make that work.

 

[bit_user]

He knew that when he left all his contacts folders would be taken off him because they were technically company property.

There's no "technically" about it. He was paid to collect and manage that information. It's not as if it was a personal hobby of his, that he did on his own time, and then the employer one day suddenly asserted ownership over it.

He then went to a rival company and used his copied folders to help him undercut his old firms contracts.

That's an open-and-shut case of IP theft. He's lucky he wasn't found out. If he were, he could've been sued for damages + punitive.

I'm sensing a lot of entitlement in this thread. You do not have a right to remain employed, barring some extreme incompetence or negligence. If you lose your job, through no fault of your own, you are not entitled to seek retribution. If you were improperly terminated, you can pursue litigation, but that's about it.

Just for some perspective, a common practice in the creative industry is for videogame and visual FX studios to have layoffs, once they launch a game or complete a movie. You crunch to get the project done on time and your reward is a pink slip and possibly less pay!

 

[hwertz]

Admitedly he was in QA, not deployment etc. But how good can you really be at IT (working at an IT services firm) if you have to google for scripts to delete VMs for the specific VM system you've been using the whole time? Seems like something where you'd read the docs and write your own script; or just run dd on the vm (if they arent using snapshots) or preferably the bare metal. (Or, you know, don't wipe stuff at all; I'm just saying I read that and was less surprised he was canned for job performance.)

Additional comment, who says they didn't have backups? They say they have 120 test systems and 13000 employees, that $680,000 could just be the "cost" of paying the QA dept to twiddle their thumbs while they are restored. Or, since they are TEST servers, maybe they aren't backed up and they just have a checklist to set one up from scratch (which could take some labor hours to do on all 120).

 

[USAFRet]

Admitedly he was in QA, not deployment etc. But how good can you really be at IT (working at an IT services firm) if you have to google for scripts to delete VMs for the specific VM system you've been using the whole time?

Exactly.
Sounds like a poor worker, that was let go.

 

[rockerrb3]

I think that that's a riot! Shouldn't have fired him!

 

[USAFRet]

I think that that's a riot! Shouldn't have fired him!

Why? They should keep a substandard worker around?

 

[kb7rky]

Guess he didn't cover his tracks very well, since he got caught.

How many other people get away with this kind of crap on a daily basis?

 

[USAFRet]

Guess he didn't cover his tracks very well, since he got caught.

How many other people get away with this kind of crap on a daily basis?

Things like this happening right after Employee X gets fired/laid/off/marched out the door brings BIG suspicion on Employee X.

People dumb enough to do something like this are probably dumb enough to leave a trail.

A competent reasonable person will just move on.

 

[bit_user]

A competent reasonable person will just move on.

I had a gratifying experience after being laid off from my first job. I think they targeted me because I was the youngest employee, although I'd already been working there longer than some of the others.

So, what happened is that the CEO called, a few days later. It turns out they had another project that desperately needed someone to work on it, they had no engineering staff to spare, and it wasn't easy to find a decent contractor on short notice. So, he took me out to lunch and I held out for a good offer that the company had paid other contractors they got through an agency (the agency typically takes a pretty big cut).

It was a pretty short gig they brought me back for, but they had egg on their face and I had a little extra money that, along with my severance pay, meant I averaged more than my original salary until I started a new job that also paid substantially better. I found that new gig through a former coworker, who wouldn't have recommended me for it if I'd had a bad reputation.

I also was made an offer to sign on again at a higher salary, under a different team, but it would've meant relocating and I wasn't terribly interested in moving to work for a company that had just cut me loose.

It just goes to show that getting laid off sucks, but If you take it in your stride, sometimes it can be for the best.

 

[ViceKnightTA]

Sounds like the more subtle version of Milton Waddams from Office Space. It could have been much worse.

The fact that he was only able to touch test servers leads me to believe at least there was some level of SoD. Obviously this is a case of Principle of Least Privilege not being followed through. Who knows, even while during his time at the company they may have given him more than what he needed to do his job. Delete access on Test Servers? What did they forget to lock down root/sudo access? Sheesh

 

[USAFRet]

Similar but not identical, resulting in actual jail time. 15 years ago.

Terry Childs (network administrator) - Wikipedia

en.wikipedia.org

 

[ViceKnightTA]

I had a gratifying experience after being laid off from my first job. I think they targeted me because I was the youngest employee, although I'd already been working there longer than some of the others.

So, what happened is that the CEO called, a few days later. It turns out they had another project that desperately needed someone to work on it, they had no engineering staff to spare, and it wasn't easy to find a decent contractor on short notice. So, he took me out to lunch and I held out for a good offer that the company had paid other contractors they got through an agency (the agency typically takes a pretty big cut).

It was a pretty short gig they brought me back for, but they had egg on their face and I had a little extra money that, along with my severance pay, meant I averaged more than my original salary until I started a new job that also paid substantially better. I found that new gig through a former coworker, who wouldn't have recommended me for it if I'd had a bad reputation.

I also was made an offer to sign on again at a higher salary, under a different team, but it would've meant relocating and I wasn't terribly interested in moving to work for a company that had just cut me loose.

It just goes to show that getting laid off sucks, but If you take it in your stride, sometimes it can be for the best.

Also "Living well, is the best 'revenge'"...unfortunately they don't teach this stuff in college. It's part of one's character and upbringing.

I too was let go from one company, and on another, I was slowly losing runway. I ultimately found where I belonged thanks to connections during previous consulting gigs which fostered trust enough to choose me over some strangers in the candidate pool.

Sadly the companies I left either fell apart and got bought out, or they are only a shell of the company they used to be while I was there. To me that's enough of an "ego stroker". I don't need revenge because the other saying holds true too for both of us...

"Karma is a bitch, but oh such a sweet succulent bitch at times too if you just sit back and let her work her magic" 😌

 

[ViceKnightTA]

Back in the 1970's a pal of mine was given the job of installing word processor networks at our factory.
He found out he was going to be made redundant when he had finished the job. He knew that when he left all his contacts folders would be taken off him because they were technically company property.

As he was installing the equipment he " tested " it by copying 20 years worth of folders that contained details of every suppler he had ever dealt with. On his last day as he was leaving the boss asked him for the folders , he pretended to be angry but handed them over.

He then went to a rival company and used his copied folders to help him undercut his old firms contracts.
The end result was his new boss got lots of supplies cheaper than they had in the past and his old company lost orders because they could not compete with them.

It's a nice story....but I can't imagine it justifying the crime. What your pal did is company espionage at best and PII theft at worst, and the fact the new company blindly accepted these as 'marketing leads' means they were probably just as crooked as those telemarketer scammers. Then again that was all around the time of Nixon and Watergate so I suppose I shouldn't be surprised, might have even given your pal inspiration and precedent.

 

[USAFRet]

Back in the 1970's a pal of mine was given the job of installing word processor networks at our factory.
He found out he was going to be made redundant when he had finished the job. He knew that when he left all his contacts folders would be taken off him because they were technically company property.

As he was installing the equipment he " tested " it by copying 20 years worth of folders that contained details of every suppler he had ever dealt with. On his last day as he was leaving the boss asked him for the folders , he pretended to be angry but handed them over.

He then went to a rival company and used his copied folders to help him undercut his old firms contracts.
The end result was his new boss got lots of supplies cheaper than they had in the past and his old company lost orders because they could not compete with them.

So basically, your pal was an asshat.

 

[ViceKnightTA]

So basically, your pal was an asshat.

No no, that would be unfair to asshats. Read my reply, its better.

 

[FoxTread3]

NCS forgot to delete a former employee's access credentials, allowing him to install delete scripts that wiped out all 180 of its testing servers.

Disgruntled ex-employee costs company over $600,000 after he deletes all 180 of its test servers — found server deletion scripts on Google : Read more

June 15, 2024 - I note from the first dozen or so comments posted here. Concentrate on the subject of the article exclusively. Here's my rant. In my opinion, the Tech industry and those that use its tools and services. Have been like blindfolded individuals "bumping into" one problem or issue after another with no guard rails. The point is Tech systems are extremely vulnerable because the people that are creating them, and using them. Are not taking worse case scenarios into consideration. It is relatively easy for bad actors, and/or people with a grudge, political and social activists. To do extensive damage to essential services. It happens all of the time. There is no excuse for systems not being safe guarded with redundant security protocols, including human oversite at various levels. Systems that should not be connected to the internet like utilities for "convenience" is inexcusable, and fool hearty. Lastly, the insane rush to computerize everything from access to office buildings, residences, and bank accounts. Is going to come back and bite a lot of people in very sensitive areas. When your banking system goes does down, and you have no physical funds. Who yah gonna call? People in New York City that lived and worked in buildings whose security required using swipe cards for entering and exiting the premises. Found that they could not exit or enter those buildings. Because a storm had knocked out the electricity in many areas. The blind acceptance of Tech controlling everything, with no manual backups, is an unnecessary and stupid thing to do. I'm by no means anti-Tech, but those who create devices and systems, and those that use them. Have to spend the money and time to protect them.

 

[USAFRet]

June 15, 2024 - I note from the first dozen or so comments posted here. Concentrate on the subject of the article exclusively. Here's my rant. In my opinion, the Tech industry and those that use its tools and services. Have been like blindfolded individuals "bumping into" one problem or issue after another with no guard rails. The point is Tech systems are extremely vulnerable because the people that are creating them, and using them. Are not taking worse case scenarios into consideration. It is relatively easy for bad actors, and/or people with a grudge, political and social activists. To do extensive damage to essential services. It happens all of the time. There is no excuse for systems not being safe guarded with redundant security protocols, including human oversite at various levels. Systems that should not be connected to the internet like utilities for "convenience" is inexcusable, and fool hearty. Lastly, the insane rush to computerize everything from access to office buildings, residences, and bank accounts. Is going to come back and bite a lot of people in very sensitive areas. When your banking system goes does down, and you have no physical funds. Who yah gonna call? People in New York City that lived and worked in buildings whose security required using swipe cards for entering and exiting the premises. Found that they could not exit or enter those buildings. Because a storm had knocked out the electricity in many areas. The blind acceptance of Tech controlling everything, with no manual backups, is an unnecessary and stupid thing to do. I'm by no means anti-Tech, but those who create devices and systems, and those that use them. Have to spend the money and time to protect them.

Not sure what your point is.

Yes, it happens.
Yes we all know WHY it happens.
And yes, we all know how to prevent it from happening.
(at least I do)

If his managers and company had proper procedures in place, and actually followed them...we would not be reading this.
This situation has been repeated many times over the last few decades. One prominent link above, Terry Childs.

All you can do is make efforts to prevent it happening within your sphere of influence.
I know I try mightily.

 

[FoxTread3]

June 15, 2024 - My dear fellow vet. As I pointed out initially in my comments. I am using this particular incident to point out what I see is an extremely dangerous trend in society world wide. I'm sorry that I have not been able to express my concerns in away that you can follow. Once again, I am NOT focusing on the "micro" of this article, I am focusing on the "Macro" of what I see is an existential threat to modern society. The blind use of advanced Tech in ways that are unnecessary and poorly protected. In my opinion is a recipe for extreme disaster. Once again, if you would like me to expand on my thoughts I will, but I believe I was very explicit in my original comments if you care to review them. Stay well.

 

[CmdrShepard]

Someone wants to be that the employee did install all those servers in their spare time (or even while working unpaid overtime) to help the company and they didn't show any appreciation for their work?

 

[USAFRet]

Someone wants to be that the employee did install all those servers in their spare time (or even while working unpaid overtime) to help the company and they didn't show any appreciation for their work?

Ummmm....no.

 

[bit_user]

while working unpaid overtime) to help the company and they didn't show any appreciation for their work?

If you work unpaid overtime, make sure it's either doing work you find personally rewarding/educational, or that it's for a boss who will take care of you. Otherwise, you could get twice as much work done as the dude in the next cubicle and get paid no better for it. And it would be your fault, not the company's, as you're the one who gave them something of value without any arrangement or understanding of getting anything in return. You have no right to get upset over it, after the fact.

 

[CmdrShepard]

If you work unpaid overtime, make sure it's either doing work you find personally rewarding/educational, or that it's for a boss who will take care of you. Otherwise, you could get twice as much work done as the dude in the next cubicle and get paid no better for it. And it would be your fault, not the company's, as you're the one who gave them something of value without any arrangement or understanding of getting anything in return. You have no right to get upset over it, after the fact.

In the country I am in unpaid overtime is illegal, but not so long ago many companies expected you to put in unpaid overtime "if there's a work demand" (and of course there always is with incompetent management) if you wanted to remain employed. Some people today who aren't in a very good bargaining position (read not educated and tech jobs) still have to work unpaid overtime because alternative is being unemployed.

So no, it's not always your fault -- it's the fault of the system that allows exploitation.

 

[bit_user]

So no, it's not always your fault -- it's the fault of the system that allows exploitation.

Apologies, I do understand your point and yes it happens.

I meant that someone working unpaid overtime and somehow expecting to be rewarded for it. In that case, consider that companies tend to be cheap and will generally take advantage of anyone willing to exploit themselves on the company's behalf. "Don't assume there's a pot of gold at the end of that rainbow" is all I was trying to say.

I once really killed it on a big, long project. Worked like 70+ hour weeks for months on end. Towards the end, my boss' boss gave me a little reward that amounted to a pat on the head. There was a financial component to it, but it was insultingly small. It took all the willpower I could muster to be gracious and not throw it in his face.

At some jobs, you're paid generously and just expected to do whatever it takes. But, none of my coworkers were working quite that hard and it's not like my base salary was above industry average, either.

Anyway, I guess my point is that the company wasn't wrong, I was. I don't really regret it, since I did believe in the project. I just thought my sacrifices would've been better recognized and rewarded. Live and learn.

 

[CmdrShepard]

I meant that someone working unpaid overtime and somehow expecting to be rewarded for it. In that case, consider that companies tend to be cheap and will generally take advantage of anyone willing to exploit themselves on the company's behalf. "Don't assume there's a pot of gold at the end of that rainbow" is all I was trying to say.

I understand, but people do think along the lines of "company has a hard time now I will help them out, they might reward me when they are doing better". It might be irrational to think like that, but hope is the basis of human survival. You can't blame people for having hope -- you should blame those exploiting it.

I once really killed it on a big, long project. Worked like 70+ hour weeks for months on end. Towards the end, my boss' boss gave me a little reward that amounted to a pat on the head. There was a financial component to it, but it was insultingly small. It took all the willpower I could muster to be gracious and not throw it in his face.

Then you know how it feels. By the way, that amount of overtime is illegal here and in many other countries in EU and not only how much but when is also heavily regulated.

Now just imagine someone who needs to feed a family or is older and who can't afford to be picky about the kinds of jobs they take and even with unpaid overtime being forbidden by law you still get a lot of desparate people who get stepped on because of extreme power disbalance between employers and employees.