Disgruntled Engineer Hijacks San Francisco's Computer System 1082
ceswiedler writes "A disgruntled software engineer has hijacked San Francisco's new multimillion-dollar municipal computer system. When the Department of Technology tried to fire him, he disabled all administrative passwords other than his own. He was taken into custody but has so far refused to provide the password, and the department has yet to regain admin access on their own. They're worried that he or an associate might be able to destroy hundreds of thousands of sensitive documents, including emails, payroll information, and law enforcement documents."
Backups? (Score:5, Funny)
Re:Backups? (Score:5, Insightful)
Re:Backups? (Score:5, Insightful)
Productivity? By a government agency?
This is not about productivity, it is about control.
Re:Backups? (Score:5, Insightful)
You are being disingenuous at best. Are your roads in order, is the traffic calm and orderly? Do you have electricity in your home? Are you being raided by armed bandits? what about clean water, can you drink the water coming out of your faucet? What about the mail, is it being delivered?
Need I go on? You are suggesting local, state and federal government do nothing.
Re:Backups? (Score:5, Funny)
>You are being disingenuous at best. Are your roads in order, is the traffic calm and orderly? Do you have electricity in your home? Are you being raided by armed bandits? what about clean water, can you drink the water coming out of your faucet? What about the mail, is it being delivered?
Are you saying if he gives up the password the potholes will be fixed, the traffic will flow, the mail will be on time and the water from the tap won't stink anymore?
Re:Backups? (Score:5, Interesting)
Nope. It's always backed up and the roads have lots of bumps and a few potholes.
Do you have electricity in your home?
Yes, at outrageous rates to California's energy policies.
Are you being raided by armed bandits?
No, but I don't need a police force for that. Just a gun. Except the SF doesn't want you to be able to have a gun.
what about clean water, can you drink the water coming out of your faucet?
I can't really comment on the water in SF--but if the city wasn't providing it, I'm sure the people could figure *something* out. And their solution would probably be cheaper.
What about the mail, is it being delivered?
FedEx, and UPS both courier mail across town and across the country. You can even pay bike messengers to deliver stuff.
You know--it's really amazing just how many solutions there are that don't end with "we need the government to do X"
Re:Backups? (Score:5, Insightful)
Re:Backups? (Score:4, Insightful)
Are you sure it's a UNIX variant? I assumed it was big iron, and I am not sure those have cd-rom drive. What's more, if he choose a REALLY good password, brute force decrypt might take a *long* time...
Re:Backups? (Score:4, Funny)
Re:Backups? (Score:5, Insightful)
That gets you into the operating system. Once you are there, what do you do? SQL databases can/should use passwords.
Web servers can/should use passwords.
Payroll systems MUST use passwords, with all data encrypted.
The above (and others) are where the problem lies, and no single user reboot will fix this.
Re:Backups? (Score:5, Interesting)
If the data is not encrypted it doesn't matter if the SQL DB uses passwords or not. Same for the webserver and other stuff.
I've patched programs stored in a DB without knowing the DB admin password, just by hexediting the DB files. Didn't have to wait for the vendor's developers in the USA to get back to us
As long as you have read access to the unencrypted data you have enough access - even if it means changing the drives and reloading the data.
Re:Backups? (Score:5, Insightful)
Worst. Idea. Ever.
You should be ashamed of yourself, not proud.
Re:Backups? (Score:5, Insightful)
No, it just means you got lucky. Plenty of bad ideas work, that doesn't mean they're the best idea.
Re:Backups? (Score:4, Insightful)
Re:Backups? (Score:5, Informative)
Pretty much all Unix systems are hackable with local access.
I'm guessing either the entire file system is encrypted, or the problem is getting into an application that's running under the OS. Most times the OS isn't the final gakekeeper in high security; the application itself may run everything encrypted, and may very well have no easy way to restore access if a password is lost.
Re:Backups? (Score:5, Insightful)
(windows systems too.. I mean it is a muni we're talking about..)
But yes.. physical access to a device trumps all. It's probably something like they only have -one- guy that knows what he's doing.. and he just went from being fired to Fed-pound-you-Penn
The perfect litmus test (Score:5, Interesting)
Actually, this is the perfect way to test the strength of symmetric encryption algorithms. For those cryptographers with tin-foil hats (http://www.schneier.com/essay-198.html), seeing how long it will take for various three lettered agencies to recover the data will illuminate a previously dark room containing the question, "How safe is your data really?" It seems to me that this guy is doing the whole cryptography community a favor.
Re:Backups? (Score:5, Informative)
Unless you are inept, which, given that this is a government system, could be a plausible explanation here.
Re:Backups? (Score:5, Funny)
Re:Backups? (Score:5, Interesting)
Typically corrupted data is worse than destroyed data.
At least when the data is gone, the problem is a lot more obvious.
Imagine if the payrolls have been tampered with (payroll files are mentioned in the article) rather than destroyed. And the law (and other) documents have had the word "not" randomly removed in 0.5% of the occurrences
Re:ha (Score:5, Insightful)
Of course, if we all had wings, we'd fly. Then reality sets in. Can't change the past.
I'm sure he was plenty stable until he became disgruntled, otherwise he wouldn't have ended up with the admin passwords, no?
Re:Backups? (Score:5, Funny)
We're at 204. Pay up.
Re:Backups? (Score:5, Funny)
I'll put good money on him cracking before this article gets 200 comments.
We're at 204. Pay up.
Alright, it's in an untraceable paypal account. Obviously I'm not handing over the password.
Re:Backups? (Score:5, Funny)
This is why... (Score:5, Insightful)
...you disable his account *before* you tell him he's fired.
Re:This is why... (Score:5, Insightful)
Re:This is why... (Score:5, Insightful)
Re:This is why... (Score:4, Interesting)
fedex it. nothing at workplace is private from employer.
Re:This is why... (Score:5, Informative)
Private as in privacy, no. But private as in private property? Yes. If they don't allow someone to gather their things before they leave they could be looking at serious legal troubles.
No, it's pretty common practice. They can directly escort you out of the building without your personal property and they have a reasonable amount of time to gather up your stuff and get it back to you.
Things like car keys, wallet, jacket, briefcase, etc. yes. They'll escort you to your desk to pick those up. But gathering your pictures, books, etc. Nope. They'll do it for you or have you come back at a later date.
Re:This is why... (Score:5, Interesting)
He's a municipal employee. I don't know about San Francisco, but where I live, state or local government employee means union member, which in turn means he's very difficult to fire, except for the most egregious offenses. He's probably had an extensive disciplinary history to reach this point, which means he had ample time to see it coming and set this all up in advance.
Re:This is why... (Score:5, Interesting)
I would not be so sure. For it to be theft (in the UK at least) there has to be "an intention to permanently deprive"
Without this it is not theft. This is why someone who takes a car for a joyride is charged with "Taking without the owners consent" and not theft for example.
Therefore if it is not the employers intention to permanently deprive the ex-employee of their possessions then it is not theft, and they are in the clear.
Re:This is why... (Score:5, Interesting)
The employee is usually taken to one of the front meeting rooms under the pretense of an "important staff meeting". As soon as they leave their desk, someone swoops in and piles everything not owned by the company into a box, and takes it to reception. The employee gets their dismissal meeting from their direct boss with someone from HR present, and then they're taken to reception, given their box of stuff, and told to GTFO.
Network Operations gets the call to reset the ex-employee's password so they can't get in through the VPN (have to keep their account so someone can answer their email, etc), and work goes on.
The last thing the ex-employee gets to see on the way out is the hot receptionist. Could be worse.
Sorry for posting anonymously, but I don't feel like getting laid off if someone from work happens to recognize my username.
Re:This is why... (Score:5, Funny)
Not so easy for sysadmins (Score:5, Informative)
So, routing rules from home. Public SSH keys on various border-servers with my USB-drive having the private keys, etc. They're all used for doing my job, and if I'm fired (not sure why I would be though) I'll just move on to the next one without tainting my career and doing something stupid to burn bridges. However, I could see a *bad* sysadmin using these same tools and more to entrench himself so deeply that you'd almost have to rebuild the entire infrastructure from scratch to find all the back-doors.
If this guy was a real dick (but a clever+smart one), knew it, knew he was going to be canned, and prepared for it... then how are you going to know that your authentication methods, your binaries, or even your kernels haven't been messed with in some way? MD5 sums only go so far when you have hundreds of systems tied together.
RTFA (Score:4, Informative)
He was arrested AFTER he disabled everyone else's account.
What do you recommend they do next time, use a crystal ball or ouija board to predict who's going to pull such a stunt?
Re:RTFA (Score:5, Funny)
What do you recommend they do next time, use a crystal ball or ouija board to predict who's going to pull such a stunt?
Minority Report for system administration activities? Sweet! ;-)
Read the Article - He wasn't fired. (Score:5, Informative)
Re:Read the Article - He wasn't fired. (Score:5, Interesting)
I've seen this sort of problem...it's really deadly. If you have somebody who has the keys to the entire computer system, is fully willing to snoop into people's personal data, and also is willing to really do some nasty things, you're in a bad situation. If you're going to fire him, do it fast and without warning...he absolutely can't know it's coming. With someone like that, you can't even discuss the issue via email with any other colleagues (i.e., he's probably reading your emails quite regularly).
If he has any time to stew about things, then odds are he'll setup a variety of back-doors or other ways he can royally mess things up. In the situation I've seen, the boss knew the sysadmin was screwing around...though there was no hard proof, the sysadmin also knew that he was essentially caught. But in his position, he basically had the office by the balls. It's a stalemate...unless you're willing to dump the guy and completely sanitize/overhaul anything he's touched on the network. And of course, who knows how much personal data he's copied off-site in the meantime.
Gotta post as A/C for this one...
Re:Read the Article - He wasn't fired. (Score:5, Funny)
Well, if they had nothing to hide then they have nothing to worry about right?
POWER TO THE PEOPLE! (Score:4, Funny)
Re:This is why... (Score:5, Funny)
Re:This is why... (Score:5, Funny)
Yes, but that involves a perilous trip through the cavernous sub-basement to some rarely touched master reboot switch, and while the system is restarting all the perimeter fences will be de-electrified and the motion sensors inactive. In movies, this situation inevitably leads to lots of screaming and mayhem.
Re:This is why... (Score:5, Interesting)
I'm guessing they are totally incompetent.
I used to work for the State (a very small state) and some dipshit "Security Director" over at the Department of Administration (all our Internet traffic went through there) decided that he didn't like all this traffic coming from my PC to an IP address that matched a "corporate domain name" (it was my own domain, and I'd login to my own webmail.) Basically this guy was (is) paid $150K a year, and all he does is install appliances and watch logs to try and catch people surfing the wrong web pages (he used to be a cop.)
He tried to fire me for "running a business from my desk" which of course I wasn't doing..
Anyways, he sent someone down to my office and they took my PC. Vista x86.
So they couldn't figure out how to login to the machine. The so-called security expert couldn't even create a boot disk or anything to get access. It's not like it was a crazy machine, it was a Dell Precision machine with a SATA RAID card. All they had to do was download the drivers from Dell and make a BartPE or something.
They basically told me that if I didn't give them my password I was fired. I absolutely REFUSED. Never do you ever need to have someone give you their password. A so-called security expert should know this.
So eventually I drove over there, typed in my password for them, and drove back to my office. They didn't find anything, obviously, and I got the machine back completely wiped two weeks later.
So yes, they are DEFINITELY INCOMPETENT! All IT management in state/government agencies are, and most of the people working for them as well. You move up in the government simply by not being fired and putting in more years than the next guy.
Re:This is why... (Score:5, Insightful)
The problem isn't true for ALL state/government agencies, the problem is -
I used to work for the State (a very small state)
A friend of mine worked for the FDNY in their IT department, they knew what they were doing. It all depends on where you work and the quality of IT staff available for work in the area.
Re:This is why... (Score:5, Funny)
They basically told me that if I didn't give them my password I was fired. I absolutely REFUSED. Never do you ever need to have someone give you their password. A so-called security expert should know this.
So eventually I drove over there, typed in my password for them, and drove back to my office. They didn't find anything, obviously, and I got the machine back completely wiped two weeks later.
What you should have done was give them some random string of gibberish (write it down and keep it yourself so you can repeat the same exact string when asked again). They still won't be able to get in. Finally, when you have to go over there and help them, pull out that little piece of paper and type that random gibberish in again. When you also get access denied, repeat a few times more slowly. Then finally turn around and look at the idiots and say "You broke it!".
Re:This is why... (Score:5, Funny)
Unless they are totally incompetent
They couldn't event successfully fire the guy.
-- Firefox isn't as as great as people claim it is.
Re:This is why... (Score:4, Insightful)
Except a lot of times someone is fired they know that's it's coming. It's possible this guy had set this all up in the case he got fired, and then we he saw it was going to happen he put it into motion. Article even says they tried to fire him before and he created his super password as a security device to keep his job. Now I'm sure the real irony here is that if this guy probably actually did his job instead of all this mess he probably wouldn't have been fired. I mean, this is a guy that's going to be looking at pretty serious jail time, and probably a severe restriction on his rights when he gets out. I like my job, but not enough to do something that's going to land me in the pokey.
Folks can see the writing on the wall (Score:5, Interesting)
Firing someone for poor performance (as opposed to firing someone for a single unacceptable action) takes time....and MUCH coordination...at least everywhere that I have worked.
In a decently managed environment, the employee knows in advance that his management views his/her performance as unacceptable since the manager has discussed it with the employee and laid out a plan for improvement. Even an average employee could see the writing on the wall weeks/months in advance...but this individual was also using his administrative access to monitor related email messages.
If his group comprised even a moderately-sized MIS group, you could pull his admin responsibilities and transfer him to a role with lesser rights during the period of performance review and monitoring...but this individual was most likely hired to do this very specific job...and there may not have been another position in to which he could transition naturally...even temporarily.
My question - where are the backup tapes? Pull the tapes from a date prior to his manipulation of the system. Presumably, it should not be that long ago if they were ensuring that at least one other admin had routine access to the system. In such a case, they should have known within 24 hours that he had done something. If, on the other hand, he was a one man show, then I think that they are screwed until he gives up his password...which he will. Mark my word.
Dennis Nedry? (Score:5, Funny)
Next thing you know, we'll have some dinosaurs on the Presidio.
Countdown... (Score:5, Insightful)
Idiotic new law in 5...4...3...
Tried to fire him? (Score:4, Insightful)
"Childs has worked for the city for about five years. One official with knowledge of the case said he had been disciplined on the job in recent months for poor performance and that his supervisors had tried to fire him."
How the hell do you "Try to fire" someone .. either you do it or you don't.
(And please .. no Yoda BS. If you go back and look at when Yoda was first introduced as a character he didn't do that cutesy backwards sentence construction. That came later. So I put it in the realm of Jar Jar - obnoxious character development)
Got to love damage assessments (Score:5, Interesting)
Especially when it makes a crime a Felony. That is one of the four felonies charged to him. The other three are all related to tampering with a computer network.
While this guy is obviously an idiot for thinking he could blackmail a government entity I am quite pleased the security on the system is sufficient to make it hard to get into when strong security is put into place. In other words, nothing annoys me more than so called secured systems having some means of password decryption, let alone the ones that allow admins to see them plain text.
what is going to interest me is how many years they will attempt to land on him. Just how offensive to society is this type of crime versus murder or rape. It seems that every new crime invented by the government gets stronger penalties than existing ones; if only to make it appear more valid. After all the penalty wouldn't be so severe if it were not really a crime now would it?
Re:Got to love damage assessments (Score:5, Interesting)
Re:Got to love damage assessments (Score:4, Insightful)
You're quick to play the fear card, aren't you? Even considered a position in the Bush administration?
You can't use 'what ifs' to try and pin a more serious crime on someone. Its tyrannical, because essentially your 'what ifs' are subjective and thus you are using your own opinions to override the law.
Job Posting (Score:5, Funny)
Large municipal department of technology seeking software engineer for a multimillion-dollar computer system. At least 5 years of previous experience required. Must be able to gain administrative access to a system where the password is not known. Hiring immediately!
Re:Job Posting (Score:5, Funny)
what a selfish asshole (Score:4, Insightful)
ok, you're mad at your employer, perhaps there reasons for firing you are invalid
but taking it out on third parties, such as with locking up law enforcement documents that might decide the guilt of hardcore criminals: you're a selfish asshole for setting up that scenario
maybe you didn't deserve to be fired
but now you deserve to rot in jail for how you responded to your firing
he confused it with the terrorist business plan (Score:5, Funny)
Step 1: make bomb
Step 2: go to spice market
Step 3: asplode self and random shoppers
Step 4: Prophet
I smell a rat (Score:5, Insightful)
"At a news conference announcing Childs' arrest, District Attorney Kamala Harris was tightlipped about what his motive may have been."
I think there's more going on here than we're being told.
Re:I smell a rat (Score:4, Informative)
FTFA:
"At a news conference announcing Childs' arrest, District Attorney Kamala Harris was tightlipped about what his motive may have been."
I think there's more going on here than we're being told.
You have to understand the nepotism and corruption that runs SF. The DA is purportedly Willie Brown's ex-girlfriend. She probably hasn't been told what to say yet because her handlers have been locked out of their computers. They have to cover up the corruption that contributed to this (or was merely exposed) first, then they'll decide what he did and throw the book at him.
What no golden handshake... (Score:5, Insightful)
That director over there, he gets a golden handshake as he goes out the door... You want to keep him sweet because he knows where all your dirty secrets are and could cause all sorts of trouble for your operation.
The sysadmin, youre going to kick out the door becuase hes blue colar... Oh, wait a minute... He really does know where all your dirty secrets are and really can bring your operation to its knees. In fact hes far more dangerous going out the door than the exec... pity you didnt think of that.
Execs are heaved out the door all the time for being incompetent, but its done with kid gloves because theyre deemed to be potentially damaging... And they wear a suit.
Word of advice: if youre sacking somebody who can bring your operation to a grinding halt, make sure you you keep them sweet, regardless of the job they do for your organisation. Its simple business.
Unpatch windows (Score:5, Funny)
Thats why you run unpatched windows, it will take only 4 minutes to get access.
on any Linux system you can: (Score:5, Informative)
in
root:$2$3bJ7DS4R$rV45lDlqNsfDRntfO1NCk0:14069:0:::::
look exactly like this:
root::14069:0:::::
this and you can log in to root without any password
maybe other *nixes are close enough to do the same (BSD or solaris)
on ubuntu the root shadow is a little differrent since it is disabled with an asterisk:
root:*:14069:0:::::
just remove the asterisk
Re:Not on any Linux system (Score:4, Interesting)
Pfft. That's irrelevant if you've got physical access. You'd either pull the drive in question and attach to another operational machine, then change /etc/shadow, or you boot from a LiveCD and do the same.
I'd assume there are other layers of security, though (poss. including encryption), and TFA doesn't say what operating system it runs on.
Well no wonder! (Score:4, Funny)
From TFA: "Prosecutors say Childs, who works in the Department of Technology at a base salary of just over $126,000"
No wonder he was disgruntled, that's not even a living wage in San Francisco.
Gruntled (Score:4, Insightful)
They're coming down heavy on this guy... (Score:4, Insightful)
because
They're worried that he or an associate might be able to destroy hundreds of thousands of sensitive documents, including emails, payroll information, and law enforcement documents.
Yes - that's the reason.
Not because he showed up their complete incompetence and made them look like fools and now they want retribution. Protecting the public's right to privacy - yes, that's the reason.
Technologists Unite!! (Score:4, Interesting)
None of us know all the facts of the situation, but I think it's pretty obvious that this guy was just trying to maintain his livelyhood through a misguided attempt at job security. If we had an IT Union looking out for our careers that gave us some sort of protection against the arbitrary whims of upper-management, then maybe this wouldn't have happened.
As for the idea that the guy might have shared his password with some unscrupulous feind... how many of you, had you actually been given admin access to SAN FRANSISCO would really share that password with anyone? Drastic, misguided, sure... but stupid? Come on, there had to be a reason he got the job in the first place.
New expression: (Score:4, Funny)
Motive and Salary (Score:5, Interesting)
Seems kind of funny that the article reports the DA is "tightlipped" about his motive. Makes me wonder if he is 'disgruntled' for a reason that would embarrass the agency if it got out.
Also pretty funny that they go into great detail about his salary, which seems kind of low to me for the area or at least average. Sounds like they are trying to make him seem unsympathetic in the public eye.
Technical background (Score:5, Informative)
For those who wonder what kind of working environment DTIS has:
PeopleSofts HRMS 8.x application software.
PeopleTools 8.4x, PeopleCode, SQL, SQR, COBOL, Application Engine, Oracle and HP/UNIX.
IBM hosts and DB2
Microsoft SQL Server 2000
Just look for open positions and you know what they are running.
Just stupid.... (Score:4, Interesting)
I used to work at a bank. I was the "cash control teller" which means that I counted every single cash shipment into and out of the bank branch. Sometimes 1/2 million dollars.
You know what? It isn't worth it. It isn't enough to live a good life on. If you get caught, the benefits do not out weight the risks.
The same thing with this sort of hack. The guy screwed himself. He's ruined and will serve time in prison. "Everyone" (with any skills) knows you can get into any system you can physically touch.
What is he going to get for his trouble? Will they pay him off and set him free? HA! no way. The worst that will happen is that they'll employ someone's 12 year old nephew to crack the system. Pay him off with a couple XBox games or a new PS3.
Unstable (Score:5, Insightful)
Back in the 80's I had an analyst working for me that seemed to become more unstable as each day passed.
We had a big project that he was working on and making great progress but then he started feeling like the software he created was his and not the company's.
I talked it over with the regional VP as we did not have any reason to fire this guy but yet feeling more flaky with him all of the time.
Plus replacing him would set the project back months.
So I went in each evening (only lived a mile from the office) and made a backup of the files just in case.
The project was successful and in retrospect making the backups kept me sane and kept the pressure off of him that he would feel if I was nervous or watching him too closely.
It seems we attract those things we fear.
Dealing with brilliant but somewhat unstable (supposedly) individuals is a tricky balance and occasionally the situation can tip in the wrong direction.
Sounds like this case in SF tipped all the way.
Declare him a terrorist (Score:5, Funny)
1. declare him a terrorist
2. torture him
3. ???? [redacted for national security reasons]
4. password!
Re:I had a dream... (Score:5, Insightful)
No, not all of us do. Especially those of us who don't do things that get ourselves fired.
Re:I had a dream... (Score:5, Insightful)
.
or sued. or jailed.
or would rather not spend the remainder of our prime earning years shelving stock at WalMart or flipping burgers for McD.
Resignation Letter (Score:5, Funny)
Here it is...
Dear Mr. Baker,
As an employee of an institution of higher education, I have few very basic expectations. Chief among these is that my direct superiors have an intellect that ranges above the common ground squirrel. After your consistent and annoying harassment of my co-workers and me during our commission of duties, I can only surmise that you are one of the few true genetic wastes of our time.
Asking me, a network administrator, to explain every nuance of everything I do each time you happen to stroll into my office is not only a waste of time, but also a waste of precious oxygen. I was hired because I know how to network computer systems, and you were apparently hired to provide amusement to your employees, who watch you vainly attempt to understand the concept of "cut and paste" as it is explained to you for the hundredth time.
You will never understand computers. Something as incredibly simple as binary still gives you too many options. You will also never understand why people hate you, but I am going to try and explain it to you, even though I am sure this will be just as effective as telling you what an IP is. Your shiny new iMac has more personality than you ever will.
You wander around the building all day, shiftlessly seeking fault in others. You have a sharp dressed, useless look about you that may have worked for your interview, but now that you actually have responsibility, you pawn it off on overworked staff, hoping their talent will cover for your glaring ineptitude. In a world of managerial evolution, you are the blue-green algae that everyone else eats and laughs at. Managers like you are a sad proof of the Dilbert principle.
Seeing as this situation is unlikely to change without you getting a full frontal lobotomy reversal, I am forced to tender my resignation; however, I have a few parting thoughts:
When someone calls you in reference to employment, it is illegal for you to give me a bad recommendation as I have consistently performed my duties and even more. The most you can say to hurt me is, "I prefer not to comment." To keep you honest, I will have friends randomly call you over the next couple of years, because I know you would be unable to do it on your own.
I have all the passwords to every account on the system and I know every password you have used for the last five years. If you decide to get cute, I will publish your "Favorites," which I conveniently saved when you made me "back up" your useless files. I do believe that terms like "Lolita" are not viewed favorably by the university administrations.
When you borrowed the digital camera to "take pictures of your mother's b-day," you neglected to mention that you were going to take nude pictures of yourself in the mirror. Then, like the techno-moron you are, you forgot to erase them. Suffice it to say, I have never seen such odd acts with a ketchup bottle. I assure you that those photos are being kept in safe places pending your authoring of a glowing letter of recommendation. (And, for once, would you please try to use spellcheck? I hate correcting your mistakes.)
I expect the letter of recommendation on my desk by 8:00 am tomorrow. One word of this to anybody and all of your twisted little repugnant obsessions will become public knowledge. Never f*ck with your systems administrator, Mr. Baker! They know what you do with all that free time!
Sincerely
David Blocker
Network Administrator
Re:I had a dream... (Score:5, Funny)
I've been in a position to do this (I was still rooted from home in three systems, and though they changed the passwords, they didn't kick active sessions) and all I did was change the MOTD to "When firing a user with root access, make sure to abort existing sessions."
Professionalism is key if you expect to be trusted with access to big sexy systems.
Re:I had a dream... (Score:5, Funny)
[...] trusted with access to big sexy systems.
Mmm, fat chicks... <drool>
Re:I had a dream... (Score:5, Informative)
Re:I had a dream... (Score:5, Insightful)
My temptation was excessively high. I got the shaft for no good reason, and I was told that either I'd resign or they'd sue me for some kind of breach of contract: they didn't want to have to pay my unemployment, so they made this threat...I can't even remember what it was about now, but I do remember that the PHB...
Oh wait, I remember, it was an Arcview [esri.com] application that had never gotten completed because the demographic data was hung up at the state level, and he kept calling it Arcserve [ca.com]. So yea, I'm sitting there listening to this fat idiot with the bad hairpiece threatening me with a breach of contract dealing with a Windows backup program which we didn't even sell.
What a moron.
Anyway the "contract" was a complete handshake agreement, no paper work, no actual project specs, nothing, and the ball was in the clients court anyway, and in my opinion, they had no real interest in it in the first place. Basically he was trying to force me out to isolate one of the partners (my actual boss), and he was a real asshole about it.
So I had a moment, when I realized I had basically unlimited access, where I was tempted. I'm not a fuckup like the guy in San Fran either; I could have set shit in motion that would never have been caught, and I knew the state their backups were in.
But I'm a professional, and while I never would have been caught, I wouldn't have felt like I could be trusted with the big systems, wouldn't have been able to sit in an interview and say that my personal integrity matters more to me than just about anything.
Re:I had a dream... (Score:5, Interesting)
Talking of what people want to do to their employer... There was this large semi state-owned telecomms company (and a much-hated monopoly for very long in our dear country) that I contracted at. This happened after I moved to another job, but I still had contact with a lot of ex-coworkers. Allegedly a middle management type was sacked, and a few days afterwards he came in again (no idea how he got past various access controls) to (literally) make a stink: he had several shopping bags containing excrement (human, apparently, though it probably was not all his own), which he managed to smear across his own as well as his ex-boss' desk and office wall before being apprehended. Now the office building was one of these modern new agey glass and concrete monstrosities and consisted of 4 floors of open plan desks, with a large opening down the center the same shape and size as the huge lobby and indoor garden on the ground floor - thus no way to contain the "spill".
Apparently, this is one of the more widespread fantasies employees at that place have.
Not to give anyone any ideas or anything....
I did it too, on a smaller scale (Score:5, Interesting)
I didn't actually intend to. This was about 15 years ago. I got hired to take care of payroll at a warehouse, which was a completely paper-based process. I suggested that I could transfer the whole operation onto a computer and be more efficient. They said go ahead, but for security be sure to password protect it.
It ended up taking me only a couple of hours to do what had been an all-day job, and naively I told them this and suggested that there were other areas of operation in the plant I could similarly improve. Instead, the next day they canned me - they wouldn't say why, only "It just isn't working out."
The day after that I was glumly poking through the classifieds when I got the call
"Hi, how are you doing?"
"Well, I'm unemployed. That doesn't help."
"Ah, yes... well. Say, you know your payroll system? It's password protected."
"Yes, I know. You asked me to do that." A little bubble of joy started in my chest.
"Well, could you tell me what the password is?"
"I could... but I don't work for you any more, do I?" Then I hung up.
Oh, all the raw data was still available on paper, but I'll bet it took them weeks to straighten it all out completely.
Re:I had a dream... (Score:5, Interesting)
Re:Frankly (Score:5, Insightful)
Re:Frankly (Score:4, Informative)
That's because the anglo-saxon culture has a visceral hatred of everything that comes from the State. Anglo-saxons find that the State is the embodiment of evil, that it cannot do anything good and they will always try to gut it to it's simplest expression.
This dates back to 1215 when weak king John (Jean d'Angleterre [wikipedia.org]) got bullied by his barons and signed the magna carta [wikipedia.org] which essentially robbed him of most of his power. Thus started the notion that people other than the king could earn more power to the point of rivalling the State.
At the beginning, this was restricted to nobility, but when the industrial revolution saw the bourgeois rise to unprecedented wealth, to the point of even eclipsing the State's, the bourgeois managed to totally subvert the State and effectively gut it to an almost nonexistent value during victorian times.
Such distrust of the State is not found amongst other cultures. For example, the French have no problem with an overbearing State that nitpickingly regulates every aspect of their life, but since their culture will not demean the State, working for the State is not viewed as something bad, and the State will have no problem in recruiting competent people which will insure that whatever action the State takes, it will be done competently. Witness, for example, the network of high-speed trains ran by the French State Railroad, all developped by the State-Owned railroad. The same comment can be made about the extensive network of french nuclear power plant, all operated by a State agency, and exporting power to the rest of Europe.
Re:Frankly (Score:5, Insightful)
A reputation, based on people with a serious ideological axe to grind. Blind faith in the market producing magical efficiency gains is contrary to everything I have seen during my professional life, both in the public and private sector. From my perspective, I have never seen one bit of evidence to show there is any truth to it outside the imaginations of Tory politicians.
Furthermore, people like you who are so besotted with 'market forces' did attempt to introduce them to public services in the UK, and it has been an unmitigated disaster. The inability of internal prices to truly reflect the quality of services has resulted in huge waste, massive bureaucracy and a decline of standards. Now, the ideologues are at it again trying to push for a new round of 'targets' in the NHS. They never learn.
Re:Frankly (Score:5, Insightful)
In the scenario you descibre, the streets would become choked with dirty, unsafe buses and traffic would grind to a halt. This, in fact, happens.
Like so many market fundamentalists, you just can't see how easily your ideology falls flat on its face in the real world, or you would've seen the flaw in your own argument.
You are essentially laying all inefficiency at the feet of the 'state' - i.e. any actor that isn't an entrepreneur - and then using that as 'proof' that the entrepreneur is more efficient. This is what people smarter than you refer to as 'circular logic'.
Perhaps, when you've grown up, experienced the real world a bit and stopped reading Ayn Rands bullshit, you might get a clue.
Re:Frankly (Score:4, Insightful)
Re:Frankly (Score:4, Funny)
Re:Just hack *his* hack (Score:5, Insightful)
If you need a recognized code of ethics to tell you that sabotaging your ex-employer's system isn't right, then no code of ethics can help you. Unfortunately this guy screws it up for all of the honest techs who work hard to earn the trust which they need for doing their jobs.
Integrity (Score:5, Informative)
If you need a recognized code of ethics to tell you that sabotaging your ex-employer's system isn't right, then no code of ethics can help you.
Integrity and reputation is typically more profitable than malice and destruction.
I've been in the business a few years, and as you get older, you acquire positions of trust. You have too, you can't be "starting out" your whole career. This sort of behavior is a deal breaker. No one will hire him.
When laid off or fired. Collect your stuff, shake hands with your boss, tell them what is left to be completed, politely and with insight, try to be constructive with any discussions on the exit interview. Even a complete moron will leave a better impression than the greatest genius.
Once out, have a beer or two. Calm down. If you'r any good at all, when they are picking up the pieces of the layoff, they'll remember you attitude and professionalism and probably pay you contractor wages to do stuff while you collect unemployment and look for a new job.
Re:Just hack *his* hack (Score:4, Interesting)
Re:Apparently they dont have other competent engin (Score:5, Funny)
Number one rule in IT. If i have PHYSICAL access to a system i can get in. Some way, some how.
Government Agency rule number one: If I have PHYSICAL access to a criminal, I can get information. Some way, some how.
Yep (Score:4, Interesting)
In this case, it isn't even anything sinister. Basically they get a court order compelling him to give up the password. If he refuses, he's in contempt of court and they'll lock him up until he does. If that's for the rest of his life, well then that's how it goes. He has no grounds at all to challenge such an order so any appeals will get shot down.
Basically they can just keep him in jail until he decides to give up the password. Most likely, this wont' be long at all. Sounds like this guy isn't a hardened criminal, just an asshole with an over inflated sense of self importance. I'm guessing after a few days he'll realise how much this sucks, and his lawyer will explain that he is in fact just going to sit here until he gives it up, and that the ultimate sentence he'll get will only get worse the longer he stonewalls.
This is not new (Score:4, Interesting)
Been around since the time of Juvenal's Satires (which would be the third or fourth century AD, I think, unless someone wants to look it up and correct me).
Think for a moment. If you are a senior IT administrator or a senior programmer, unless you're in a very rigorous environment, your actions are most likely not subject to peer review. No-one has time. Right?
How many times do we see the argument "it's open source, anyone can read the code" immediately presented with "but who does"? Now consider that there are millions of people using Linux who potentially could read the code and who are likely working with it because they have a personal passion; but a handful of people who potentially could review your work, but are unlikely to have any deep yearning to do so because, well, they've got their own work to do.
In this kind of situation, you either have to have a mandated peer review regime (time consuming and expensive) or an independent audit (ditto). Both of these are, for reasons of practicality, likely to hit only subsections of what needs to be reviewed.
It's a trust thing. If you can trust your admins. And if you can't...well, who admins the admins?
TERRORISM?! (Score:5, Insightful)
Get fucked, asshole. The last thing this country needs is for butthurt pussies to define another ordinary crime as "terrorism" because they think a particular perp should be punished more "as an example" or because they're afraid.
This is not terrorism. It's an act of sabotage by one individual (who should undergo a psych eval) who should be prosecuted to the extent of the law, and to a lesser extent it's a failure of leadership for his bosses.
Re:Welcome to Information Terrorism (Score:4, Insightful)
Comment removed (Score:4, Interesting)
Re:I bow to his guts (Score:5, Insightful)