Sysadmin Gets Two Years In Prison For Sabotaging ISP

After being let go over a series of "personal issues" with his employer, things got worse for 26-year-old network administrator Dariusz J. Prugar, who will now have to spend two years in prison for hacking the ISP where he'd worked. An anonymous reader writes: Prugar had used his old credentials to log into the ISP's network and "take back" some of the scripts and software he wrote... "Seeking to hide his tracks, Prugar used an automated script that deleted various logs," reports Bleeping Computer. "As a side effect of removing some of these files, the ISP's systems crashed, affecting over 500 businesses and over 5,000 residential customers."

When the former ISP couldn't fix the issue, they asked Prugar to help. "During negotiations, instead of requesting money as payment, Prugar insisted that he'd be paid using the rights to the software and scripts he wrote while at the company, software which was now malfunctioning, a week after he left." This tipped off the company, who detected foul play, contacted the FBI and rebuilt its entire network.
Six years later, Prugar was found guilty after a one-week jury trial, and was ordered by the judge to pay $26,000 in restitution to the ISP (which went out of business in October of 2015). Prugar's two-year prison sentence begins December 27.

Re:

[LordLucless]

The article names it as Pa Online.

Re:

[Big Hairy Ian]

Why didn't they disable his sign in credentials when they let him go? That's as amateurish as his hack!

Re:

[jellomizer]

It would depend on how well the prison is ran.
Often the jails are just filled with drug offenders. Not the harden criminals. For a nerd it would be like being at high school again.

However many IT Guys are just as big and tough as any other person who goes into prison. This is 2016 not the 1980's Revenge of the Nerds movies.

Re:

[haruchai]

"However many IT Guys are just as big and tough as any other person who goes into prison. This is 2016 not the 1980's Revenge of the Nerds movies"

Quite true. More than a few of the sysadmins I know are outdoorsy types in good shape and a couple are really big fella. The one I know who's most like Prugar is 6-2, 250 lbs. He may not be a streetfighter but he's far from the 1st person you'd think of trying to push around - although you're welcome to try.

Re:

[Joe_Dragon]

kick someone's ass the first day, or become someone's bitch. Then everything will be all right

Re:

[dbIII]

I have been told a weedy little guy with a shiv trumps a big guy that believes in fair play every time. It's not a holiday.

Re:

[ArmoredDragon]

No, not overweight. Sure, the WHO standard says BMI of 25 is the maximum for normal weight, and he's 25.1, but the WHO standard isn't as accurate as the NHANES II standard, which says he's of normal weight. This is because the former evens it to make it easy to do napkin math, whereas the later is based on hard math.

Nonetheless, how big he is would be somewhat relative. Since the average white male is 5'10", he's a little (but not a lot) short, and since his BMI is 25.1 he can't exactly be muscular. So yeah

Re:

[Outta_the_way_peck!]

Why couldn't he be muscular? You are assuming that weight is fat, which is the problem with any metric regard just height and weight. Per BMI, Dwayne Johnson is obese. Would you like to tell him that?

Re:

[ArmoredDragon]

You misunderstand. Yes, he can be muscular, but the problem is with his 5'7" and a BMI of 25.1, his average fellow inmate would likely be bigger and stronger.

Just to give you a frame of reference, Tom Cruise is the EXACT same height as the AC poster of 5'7" only Cruise weighs 201lbs, giving him a BMI of 31.5. If you look at Cruise in his movies, he's not really that big of a guy. Now consider that Arnold Schwarzenegger also had a BMI of 31.5 when he was in the first Terminator movie. Given that he is 6'2",

Re:

[Outta_the_way_peck!]

Where is your source for Tom Cruise being 201lbs? There is no way he weighs that much. Conor McGregor is 5'9" and 155. There is no way Cruise is packing another 45lbs on a shorter frame. AC poster being 2" shorter, yet 5lbs heavier, is probably not as small as you think.

Re: You Can't Do The Time

[Anonymous Coward]

I'm an inch taller and a couple of pounds lighter. People call me a rake. I can't see him being overweight.

Re:

[ArmoredDragon]

Well, define overweight please. I myself weigh 188lbs at 5'10 and have approximately 17% body fat. That is well within military standards, in case you were wondering.

Re:

[DMFNR]

Prison isn't like the movies, especially the medium to minimum security prisons this guy will likely end up in. I've seen some of the nerdiest guys come in to the joint and actually do pretty well. May as well have been the first time in their lives they actually were somewhat accepted in to a group. Sure, if you're the autistic type of nerd that wants to fight and argue over silly shit someone will probably kick your ass, otherwise if you stay out of the bullshit like gangs, drugs, and debt you'll proba

Re:

[ASDFnz]

And climb to the top of a ntpd tower with a rifle?

Doesn't quite have the same ring to it.

Re:He would have been better off ...

[TechyImmigrant]

... simply telling them he wasn't interested in helping them with the problem. If you're going to do something like this, you have to learn to balance ego and revenge.

And keep a copy of your stuff on hand before you get fired.

Re:

[MightyMartian]

I think his intent was to gain ownership of his scripts in the hops he could hide is tracks or at least obscure his sabotage.

Re: He would have been better off ...

[Anonymous Coward]

Which I don't get.

For one it doesn't sound like the company would know any better.

He could have hit this company up for a couple of grand owe day, did whatever he wanted with his scripts and nobody would have been the wiser.

Re:

[Z00L00K]

He could have placed them on a password protected VeraCrypt drive requiring a password after a reboot.

"No, I don't remember any password" is the answer when asked.

Re:He would have been better off ...

[AmiMoJo]

Real pros design their code with subtle flaws that will make it fail a few weeks after they get fired, and then obfuscate it in a way that looks like they are just a plausibly crap programmer. Throw in a few random frameworks for misdirection and convert the odd critical function to COBOL, and you have guaranteed employment for life.

At least, that's what I assume pros do, based on the code I have to maintain.

Re:

[MightyMartian]

I think a real pro doesn't build time bombs in his code. Not only is this idiot going to jail, but good luck finding employment in that field again. He should spend the rest of his sentence practicing "And do you want fries with that?"

Re:

[thegarbz]

... simply telling them he wasn't interested in helping them with the problem. If you're going to do something like this, you have to learn to balance ego and revenge.

And keep a copy of your stuff on hand before you get fired.

He wasn't charged with making a copy of the things he had. He was charged with breaking the system.

Re:

[TechyImmigrant]

... simply telling them he wasn't interested in helping them with the problem. If you're going to do something like this, you have to learn to balance ego and revenge.

And keep a copy of your stuff on hand before you get fired.

He wasn't charged with making a copy of the things he had. He was charged with breaking the system.

Yes. However the article said he deleted the files to cover his tracks while he was trying to get a copy of his code. If he had kept a copy, he wouldn't have had to log in then try to cover his tracks.

Re:He would have been better off ...

[Kjella]

And keep a copy of your stuff on hand before you get fired.

If you were doing it at work on company systems it's probably not "your stuff" anyway, it's probably small utilities he used to make his job easier. If you want to do something for yourself do it on your own time on your own machine, don't use any company resources and try not to do anything that would make them question your loyalty to your day job. Being a consultant or contractor is fine because everyone knows that. Being an employee with a secret double agenda is not.

Re:

[TechyImmigrant]

And keep a copy of your stuff on hand before you get fired.

If you were doing it at work on company systems it's probably not "your stuff" anyway, it's probably small utilities he used to make his job easier. If you want to do something for yourself do it on your own time on your own machine, don't use any company resources and try not to do anything that would make them question your loyalty to your day job. Being a consultant or contractor is fine because everyone knows that. Being an employee with a secret double agenda is not.

I'm aware of the ownership matter. But if you're planning to keep it anyway, it's better to not have to hack your old employer to get it.

Re:He would have been better off ...

[tsotha]

This kind of thinking is what got him in trouble. It's not your stuff. It's work for hire, and they own the copyright. If your company were to discover you took software with you (written on their time), and they actually cared, they could have you arrested for theft.

Re:He would have been better off ...

[ninthbit]

Arrested for theft? Not really.... they could sue for copyright infringement though.

Re:

[tsotha]

I think it's a lot more serious than that if you actually take the code.

Re:

[luis_a_espinal]

Remind me to never hire you.

No kidding. At least the OP had the sense of posting that as AC. Sadly the software industry is full of these wackos.

Re:

[david_thornley]

Almost everything I do on this job is highly specialized software that would be of no use to me on my own projects. They pay me to do this stuff, and they own it.

If I do have anything I want to keep, I make sure I've got it while I'm still employed.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Z00L00K]

I agree.

If you think you have the ego of Jupiter you may put down some key stuff on a VeraCrypt partition/drive requiring a password or key file to unlock. Not everything, just some small pesky parts that's an annoyance if it's not in place. Like scripts for automatically mailing key users when stuff goes down. When it's no longer running they have to check everything manually. Such small details that can bug the heck out of people without stalling the operation.

The point of an effective sysadmin is to keep

Smart but foolish

[freeze128]

You gotta hand it to the guy for negotiating for the rights to the software. He kinda was *TRYING* to do the right thing by making sure he had the proper rights to the software (presumably before he sold it himself). A more unscrupulous man might just have stolen the software and used it to start his own business without any notification at all.

Re:

[gravewax]

ummmm the whole point was he did try to steal the software and scripts first, AFTERWARDS he tried to use the damage he caused as a negotiation tactic to gain legal access. Their was no kinda trying to do the right thing here.

Re:

[SensitiveMale]

You read it wrong. He wasn't trying to to the right thing. He stole the software and by doing that he inadvertently broke the system.

A smart man would have copied the software as he wrote it.

Re:

[RockDoctor]

A smart man would have copied the software as he wrote it.

Or done some of the development of the scripts on his home machines, on his own time, thus considerably muddying the issue of who actually owns the software.

E.g. - if you see a need for software at work, then do some developing of ideas at home. Maybe ask around here (under an account you don't use at work) to generate some footprint. Get some preliminary work done. Only then take the idea to work.

Me, I'm still trying to work out how to get contour

Re:

[maestroX]

He kinda was *TRYING* to do the right thing by making sure he had the proper rights

Or it was disaster management to claim the trashing of the ISP as a side-effect. What's the penalty for trashing your former employer?

Re:Smart but foolish

[ClickOnThis]

You gotta hand it to the guy for negotiating for the rights to the software. He kinda was *TRYING* to do the right thing by making sure he had the proper rights to the software (presumably before he sold it himself). A more unscrupulous man might just have stolen the software and used it to start his own business without any notification at all.

There is no way to parse what he did as the "right thing." He stole from his former employer and sabotaged their system. And then tried to extort them for the rights to his software.

He should have been a professional and just walked away. Or at least he should have talked to a lawyer about his claim to the software he wrote. Although most likely his employment agreement considered it a "work for hire" so he had no claim.

Re:

[Darinbob]

He sounds typical of the sort of guy who thinks what he rights at work should be his own property. And also typical of a fired-for-cause worker who won't just let things go and try to fix the problems that got him fired in the first place. People like that are why so many people are escorted out by security when there are layoffs.

Lucky he got off so light

[Anonymous Coward]

"Judge Rambo ordered Prugar to pay $26,000 in restitution."

I guess its better than getting sentenced by Judge Dredd.

Re:

[unixisc]

How do you pay $26k to an entity that's gone out of business? Just do the time - extend it by x months.

Re:

[gravewax]

you pay it to the owners of the business at that time, sounds like it was a small IS so should be a simple matter. does seem incredibly cheap damages bill for an ISP with 500 business and a few thousand general consumer customers when they were out for a week. Perhaps this conviction will lead to more civil lawsuits down the road.

Re:

[Anonymous Coward]

The bankrupt/out-of-business entity will still have a trustee/ownership of some sort, and creditors against that trustee/owner.

Re:

[Anonymous Coward]

Somebody still owns that ISP's assets. Two things, though...

1) Good luck getting $26K from an inmate - at a buck or two a day, twenty-six grand will take a lot longer than two years, and

2) If the courts determined that he only did $26,000.00 worth of damage, I'm guessing this ISP was probably already circling the bowl. After all, if he was solely responsible for breaking this ISP, one would expect a far higher award for damages, regardless of (1), above.

And just to ask - what about his (now ex-) fellow em

Re:

[Kjella]

Somebody still owns that ISP's assets. Two things, though...

1) Good luck getting $26K from an inmate - at a buck or two a day, twenty-six grand will take a lot longer than two years, and

Assuming he had zero assets before the trial. Any down payment on a mortgage, a car in good shape and you're pretty close.

2) If the courts determined that he only did $26,000.00 worth of damage, I'm guessing this ISP was probably already circling the bowl. After all, if he was solely responsible for breaking this ISP, one would expect a far higher award for damages, regardless of (1), above.

Probably. It could also be that it was easy to prove he did at least $26k worth of damage, he has no more assets and the trustee wants the bankruptcy settled and think the practical value of a higher judgement is zero. Except for when the RIAA/MPAA/BSA want big numbers for PR reasons, they're often willing to settle for what you have.

Re:

[Anonymous Coward]

>How do you pay $26k to an entity that's gone out of business? Just do the time - extend it by x months.

Well, the link says ISP, but the linked press announcement on the DOJ site says he only has to provide restitution, presumably to the owner at the time. Secondly, the article kinda makes it sound like the ISP went under because of this guys sabotage, but it really ceased because it has changed its name to Netrepid and discontinued its dialup network services which was under the Pa Online brand.

Re:

[AmiMoJo]

The money goes to the creditors of the defunct company, who likely lost out when it went bankrupt.

My mum had this happen once. She had an account in credit to the tune of about 3 quid. About six years after the company went bust she got a cheque for 7p. That's about $0.08. I don't know if they subtracted the cost of the envelope, postage and administration from what she was owed.

Re:

[Darinbob]

Or Judge Dread. Rude boys don't cry!

Re:

[Anonymous Coward]

I agree it's not hacking, but its also not legit. No longer an employee, he had no authorization to access the ISP's internal network even if he had the ability to do so. The CFAA is pretty clear on that.

Re:

[bws111]

Hacking is just a popular term with no legal meaning. The actual laws would have been against unauthorized access and causing damage. And yes, the access was clearly unauthorized regardless of the method used.

Re:

[ClickOnThis]

It can be assumed that if the username/password works access is authorized

Authorized by the computer system, yes. But not authorized by the employer.

Re:

[Xabraxas]

How did that work out for him? Not so good.

Re:

[jezwel]

Your assumption is incorrect.
You do not have authorised access after you are fired, regardless of whether you can still get into any systems, physical or otherwise.

Re:

[Half-pint HAL]

It can be assumed that if the username/password works access is authorized

Can I similarly assume that if your door's accidentally left unlocked I can walk in and leave with your computer?

Re:

[mark-t]

Uh. No. legit access stops as soon as he is terminated. Still having an old house key to a place that you used to live does not entitle you to go into that house uninvited at your own discretion

Re:

[alvinrod]

You can be charged with breaking and entering a property even if the door is unlocked so this is no different in that he unlawfully accessed a system that he no longer had a right to access. It doesn't matter if he or an ex has a valid key or not if they are no longer welcome on the property. In this case, termination of employment makes that pretty damned clear. It doesn't matter if the ISP was incredibly stupid and negligent in their own actions by not revoking the former employee's access credentials.

Re:

[Anonymous Coward]

It's like when you give your SO a key to your place, then forget to change the locks after you both break up.

That's still a B&E, bro.

Re:

[Xabraxas]

So pretty much in line with most stories about "hacking". Accessing a system that has a blank password is considered hacking to the media.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[SumDog]

They left an account open for him after he left. He should have just taken a copy before he left, or not even bothered with cleaning up the logs (they obviously would have taken the time to notice).

I don't think the punishment fits the crime here through. A few years in jail for being an idiot. It also kills any chance of employment later with that criminal record. It sounds like a shitty ISP anyway.

The reality is, code is the collective memory of a programmer. Most software devs always keep copies of their

Re:

[thegarbz]

He should have just taken a copy before he left

He didn't take a copy. He took them. No copy.

I don't think the punishment fits the crime here through. A few years in jail for being an idiot.

For being an idiot? How about for maliciously damaging a business both in terms of physical infrastructure and in reputation? How about the knock on effects on the 500 businesses? If you got fired from McDonalds and to get back at them you decided to burn your former store to the ground do you think it should just be met with a slap on the wrist?

It also kills any chance of employment later with that criminal record.

He didn't need a record for that. Just the warning sign "I attempted to destroy my former employer because they fired m

Re:

[stephanruby]

It sounds like a shitty ISP anyway.

Based on what? Based on an employee leaving? Or based on taking legal action against someone who (may have actually) destroyed your business?

No backups. No control version system. No removal of old credentials when employee is let go. That and the fact that the business is now bankrupt.

Re:

[cdrudge]

That and the fact that the business is now bankrupt.

No they didn't. They just shut down the dialup and email service [netrepid.com]. It's hard to imagine that in the age of broadband and fast cellular data connections covering most of the country that dial up service would be popular and/or profitable. Same would go for email hosting.

Re:

[thegarbz]

No backups.

We don't know that. What we do know is they were down a malicious system admin.

No control version system.

We don't know that. What we do know is they were down a malicious system admin.

No removal of old credentials when employee is let go.

This we do know. And if you set your standards by this fact than you're quite the fussy man.

That and the fact that the business is now bankrupt.

We don't know that. What we do know is that they went out of business. Maybe they sold up. Maybe they were sued into oblivion. Maybe maybe maybe.

What we do know is that it was a smaller outfit. What we do know is that the admin likely didn't have to deal with ra

Re:

[LordLucless]

Based on what? Based on an employee leaving? Or based on taking legal action against someone who (may have actually) destroyed your business?

Because deleting a couple of log files shut them down, and they'd fired their sysadmin while apparently not having anyone with the capacity to diagnose and fix such a problem.

Re:

[thegarbz]

Because deleting a couple of log files shut them down,

WTF is it "Base all my knowledge on unknown assumptions that fit my narrative day?

and they'd fired their sysadmin while apparently not having anyone with the capacity to diagnose and fix such a problem.

You Fortune500 employees really have lost your sense of reality haven't you. But whatever stick with your baseless narrative that includes a small company having a sudden spat with an employee magically having the resources to replace and completely fully train replacement system admins before the old one leaves, let alone have the skills to instantly solve an issue caused by a malicious attack that also attempted to cover its

Re:

[don.g]

The reality is, code is the collective memory of a programmer. Most software devs always keep copies of their work, usually not to resell or reuse (you can't and shouldn't, unless you're an idiot and want to end up like this guy), but more as a reference (How did I do that? I had an example somewhere).

Really?

I don't have a copy of the software I worked on at my last two employers and would consider taking a copy before I left a gross breach of trust.

I have a copy of work I've done while self-employed, as I

Re:

[Anonymous Coward]

I always take a copy of the code I've written. Posting anonymously for obvious reasons.
The code will be interesting to me for much longer than it will be interesting for the company, and probably for long after the company exists.

Re:

[newcastlejon]

Posting anonymously for obvious reasons.

Because you lack the courage of your convictions?

Re:

[AmiMoJo]

I find that often a problem can re-use some open source or personal code I have already written. In that case I keep any non-proprietary changes/improvements, with my employer's permission. They understand that it's better for them that way, as they get a tested and mature bit of code in less time than it would take me to write it from scratch again.

Most embedded developers I know have personal code libraries like that, and most don't even rise the issue with their employer.

Re:

[phantomfive]

As making a living out of being all things 'admin' (sys/network/engineering, ect.), he totally deserves this. This guy is total amateur-hour and quite simply deserves what he got.

It's a non-violent crime. He wasn't even trying to hurt anyone, that was an accident. Prison doesn't seem excessive to you? He should be forced to pay damages and be done with it.

Re:

[amiga3D]

He could have gotten up to 30 years and 250,000 dollars in fines. Fooling with computer systems ranks up there with murder.

Re:

[phantomfive]

Fooling with computer systems ranks up there with murder.

Um, seems reasonable.

Re:

[sjames]

When I do contract work, I always request that any credentials I might have had be revoked, both to encourage good practice and to make sure I don't get blamed for whatever might happen after I leave.

Sometimes they do and sometimes (after entering anopther contract with them) I find my old creds still valid.

Re:

[mrchaotica]

sometimes (after entering anopther contract with them) I find my old creds still valid.

Do you write a penalty (e.g. extra payment) into the contract for when that happens?

Re:

[sjames]

A haven't thus far, but I am considering it seriously.

Deserves is a strong word

[DarthVain]

There are people who do violent crimes or crimes that physically hurt people and get less than 2 years of prison.

From the sounds of this story it *was* amateur hour, and he went to far and made a mistake. Like you I keep copies of my scripts etc, but I have no illusions about ownership, and franking they are welcome to them if the next guy can even figure it out. However I'd take my stuff to help me on my next gig, though I not go as so far as to try and delete them from company systems. That said the mista

Snoop on that

[XSportSeeker]

For anyone still wondering why the snooper charter is a very very bad idea... and this is only a single problem out of a huge list.
Here's what to expect:

https://www.wired.com/2013/09/... [wired.com]
http://animalnewyork.com/2014/... [animalnewyork.com]
http://www.kiro7.com/news/inve... [kiro7.com]
http://www.nbcnewyork.com/news... [nbcnewyork.com]
http://wncn.com/2016/02/10/nc-... [wncn.com]
https://psmag.com/when-your-st... [psmag.com]

https://www.techdirt.com/artic... [techdirt.com]

Most of these are coming directly from security agencies and the police itself, but what do people think will happen once ISPs a

Right criminal, wrong crime

[sir-gold]

It sounds like most of the punishment was based on the (accidental) disruption to the ISP, rather than the actual hacking and theft of code.

This is a bit like sending someone to prison for arson, because they knocked over a gas space heater while robbing a store.

Re:

[tomhath]

If someone is burned to death you would be guilty of murder. So yea.

Re:

[Bing Tsher E]

But almost certainly not guilty of arson.

Mixed feelings

[DaMattster]

On one hand, I cheer Prugar because I have been fired from jobs and I was told that I am "not a team player." Never mind that I had one of the highest issue solve rights and work completion rates of my team and department. Yes, I am socially awkward and have a disability but, when the day is said and done, isn't a job about productivity? Firing someone because you feel threatened by them is evil. On the other hand, I think that two wrongs don't make a right. I believe he would've been better off asking for

Re:

[Shimbo]

The company did nothing wrong - Prugar is an asshole who deserved what he got. If you think that he suddenly developed an attitude problem and a complete lack of professional integrity after he got fired without cause, then Occam's razor says you're wrong.

And, no a job isn't purely about personal productivity. As a sysadmin you need to document the fuck out of things, and nurture your team so they can handle things without you being around 24/7, because shit happens. If you have a sysadmin that doesn't do t

Re:

[Dagger2]

Identifying with a jerk who put his company out of business because he couldn't walk away, not so much

According to this [netrepid.com], PA Online were a dial-up ISP that went out of business in 2015 (after being acquired in 2013, so really it's more like the dial-up branch of the combined company got shut down). Given that this story is about events from 2010, I think it's more likely that they got shut down because they were a dial-up ISP in 2015 rather than because of anything this guy did 5 years previous.

I admit the summary does try quite hard to give you the wrong impression, but blaming it on this guy definitely is

Let that be a lesson

[Cyberpunk Reality]

for anyone in a similar position.

Make sure you build in _delayed_ time bombs, and _wait_ a while before wrecking your former employer. And if they ever ask you to help, tell them to shove it.

Sysadmin and personal issues with Pa Online

[khz6955]

'Prugar worked as a systems administrator for Pa Online until June 2010, when after a series of "personal issues" with his employer, he was let go.'

What was the nature of these "personal issues" Prugar had with Pa Online?

Re:

[DarthVain]

If I had to guess it was about what IP rights he retained to his scripts/software work given what transpired. The ISP disagreed with his opinion and fired him. He said fine, and took all his work back, inadvertently taking the ISP offline when he messed up deleting user logs after the fact. Then in a fit of hubris when the company came to him he decided to rub their noses in it. To which the company came to the conclusion that perhaps it wasn't a coincidence. FBI etc...

But who knows really, could be he was

Amateur hour strikes again

[ErichTheRed]

OK, the ISP in question should have known that this guy was a sysadmin and revoked all of his credentials as soon as he was terminated. But, even if I have a key to my old house, I can't just walk in, turn on the TV and make myself a sandwich when someone else owns it (or is renting it from me.) That part of the story is why the jail time is warranted. Sysadmins should be professionals...yes, I know very few businesses treat them as such, but acting professionally is the first step to being recognized as on

Re:

[quetwo]

I'm imagining a situation where this kid was the rock-star of the organization, which was pretty weak in the IT side. He wrote the systems that controlled everything, and he probably setup all the servers, etc. Since he was pretty young, he didn't use proper AAA systems, and probably created logins for himself on all the systems. He probably knew all the back-doors and other ways to get into the systems since he built it.

When he got fired, his employer probably removed his key-card access (if they used on

Re:

[Infiniti2000]

No it wasn't, but AC empowers people to let their inner dick shine through.