I’ve thought a lot lately about Michael Thomas, a moron who caused criminal amounts of damage to his former employer in the process of quitting. From The Register[0]:
As well as deleting ClickMotive’s backups and notification systems for network problems, he cut off people’s VPN access and “tinkered” with the Texas company’s email servers. He deleted internal wiki pages, and removed contact details for the organization’s outside tech support, leaving the automotive software developer scrambling.
The real-life BOFH then left his keys, laptop, and entry badge behind with a letter of resignation and an offer to stay on as a consultant.
More than a decade ago I did some consulting for a company that had this happen. They fired their sysadmin and he basically ransomed them, logging in through dozens of back doors to disrupt their business. My first call was to the local police department. This was before these types of crimes were very prevalent; we were lucky that the larger Californian city these crimes were in had a detective with an idea of what to do. Let me tell you: hiring the guy back was never on the list (though pretending to, and meeting up with the guy to grab him, was what the FBI wanted to do). If you do this to someone and they invite you back in to talk or rehire you, and you go, you deserve everything you get because you’re dumb.
Whistleblowing aside, if you’re playing Michael Thomas in a story like this there is absolutely nothing you can say to law enforcement to keep them from throwing you in jail. Think about it. On one side you have a business with a demonstrable material loss because of your actions. On the other side, you’re saying “BUT THEY WERE MEAN TO ME.” And unlike my story above, set in the early ‘oughts, there are actually laws and law enforcement professionals now that will bust your ass and make the charges stick. The process will be years long, too. Mr. Thomas pulled his stunt in 2011, and they finally got around to convicting him. Do you really want to waste that much of your life, with something like that hanging over your head that’ll ultimately destroy your life and career, because of something that felt good for a few minutes?[1]
Beyond all of that, what bugs me the most is how many ways this guy could have screwed with them and gotten away with it. I’m bothered for two reasons:
1. It speaks to how much trust we place in system administrators, and how system administrators need impeccable ethics as well as good judgement. We can implement all the security in the world and, usually, it still comes down to needing to trust a person. Hiring the right people is SO important.
2. It also bothers me because the guy was JUST. SO. DUMB. In a couple minutes over lunch some colleagues and I had ten different, solid, ideas for ways to screw with someone’s systems, mostly based in real-life experience with well-meaning dumbasses. Some highlights were: change the netmasks in their DHCP pools to non-standard ones (e.g. 254.192.138.0) so it’s pretty random what works and what doesn’t, any manner of trickery with scheduled tasks/at/cron, off-hours system shutdowns that look like scripting errors, and redefining localhost (we just had this happen in our Active Directory with someone trying to join an Ubuntu host… OMFG). Extra points if it all just looks like errors, or makes them think you’re an idiot if & when they find the problem. Though in smaller communities that may backfire — people do talk to one another.
Interestingly enough, though, nothing any of us suggested was inherently destructive, just annoying. And when it comes down to it, none of us would actually do any of it, choosing instead to drink a beer and move on with our lives. That, perhaps, is the biggest lesson in the Michael Thomas story. As cathartic as it may be to stick it to the man, if you don’t like your job it’s always a better choice to just simply find a different one and politely move on.
[0] “I was authorized to trash my employer’s network, sysadmin tells court” – The Register, 23 Feb 2017
[1] Get your mind out of the gutter, kids are great.
Comments on this entry are closed.
There was a guy I worked with probably 10 years ago that was a contract sysadmin for a tiny oil company. He’d wanted them to convert his position to a perm hire(he was their only IT guy for that region) but instead they decided to promote the IT person from a company they’d just acquired to be the sole IT person for both divisions, and terminated his contract.
He didn’t take it well, and had all sorts of remote access still enabled(I want to say it was via gotomypc installed on various workstations that he’d jump though, or something like that) and he started popping in and doing all the little oddball annoying things you described. When that didn’t get their attention he escalated…and when you monkey with the leak detection system on an oil platform the FBI gets “really” interested in things.
I never did hear how it all ended, but the last thing I found online about it he was looking at a possible plea deal for 10 years in prison.