IT Admin Trashes Railroad Company's Network Before He Leaves (bleepingcomputer.com) 212
Catalin Cimpanu, writing for BleepingComputer: A federal jury in Minneapolis, Minnesota found a local man guilty of intentionally damaging his former employer's network before leaving the company. The man's name is Christopher Victor Grupe, 46, and from September 2013 until December 2015 he worked as an IT professional for the Canadian Pacific Railway (CPR), a transcontinental railroad based in Alberta, Canada. Things went sideways in December 2015 when CPR suspended Grupe for 12 days for yelling and using inadequate language with his boss. When the man returned to work following his suspension on December 15, management told Grupe they were going to fire him for insubordination. According to court documents obtained by Bleeping Computer, Grupe asked management to resign, effective immediately. He promised to come back the following days and return company property such as his laptop, remote access device, and access badges. He did return the items, as promised, but not before taking the laptop for a last spin inside CPR's network. Court documents show Grupe accessed the company's switches and removed admin accounts, changed passwords for other admin accounts, and deleted log files. When done, Grupe wiped his laptop and returned it to CPR's Minnesota office on December 17, two days after he resigned.
What an Idiotic Company (Score:4, Insightful)
Why do you leave somsone's access privileges in place when you're in the middle of firing them?
IMHO, they deserved what they got.
And programmer [Re:What an Idiotic Company] (Score:5, Insightful)
IMHO, they deserved what they got.
Re:And programmer [Re:What an Idiotic Company] (Score:5, Insightful)
Anyone who plans to sabotage anything like this on the way out the door deserves everything that comes to them
Sure, the sabotage was criminal and wrong. But leaving access enabled was still stupid, especially when they knew this guy was irrational and had anger issues.
Burglars should go to jail, but I still lock my front door.
Re: (Score:3)
Re: (Score:3, Funny)
The asshole IT admin wasn't smart enough to cover his tracks.
What the simple fuck did he think was going to happen next?
Getting railroaded?
Re: (Score:2)
No, getting caught.
And this is why you disable accesss..... (Score:5, Insightful)
*before* you tell someone you're going to fire them.
Re:And this is why you disable accesss..... (Score:5, Informative)
That assumes competent people, in HR as well as in IT. Competent people cost money, "management" does not want to spend money, obviously, if "management" tells an admin with full network access, they are going to fire him...
Re: (Score:3)
It also assumes you CAN disable access on everything the person has access to.
There's plenty of gear, often at the critical infrastructure level (be it network, power, building monitoring, fire suppression, alarm systems, etc.) that would need a manual touch to change out the lowest level password. Not everything integrates into AD or some management portal, and even the stuff that does usually has a lower-level mode of access.
Re: (Score:2)
Re: (Score:2)
Exactly, any life safety system that needed to be network accessible was on its own private vlan with a bastion host used for access, remove network account and you can't access the bastion host. For networking gear you set it up for AAA authentication and make it so local accounts can only be used if the AAA server can't be reached. That plus network monitoring to tell if the device is offline should mean there's no way to use a local login without it being known that it is happening. My goal has always be
and gear like that is at level where AD should not (Score:2)
and gear like that is at level where AD should not be and for stuff like fire suppression, alarm systems the alarm place has remote and do you want them to have remote into the your AD system? the fireman may need an printed admin or full rights maybe other then (account changes) password at the local command station as well.
Re:And this is why you disable accesss..... (Score:5, Interesting)
*before* you tell someone you're going to fire them.
CSB. One morning some 20 years ago I was in the sysadmin's office talking to him when some guy popped his head in and said he couldn't log in. Sysadmin said "damn, that wasn't supposed to happen until next week".
Sure enough, next week there was a layoff and the guy who couldn't log in was one of the head reductees.
Re: And this is why you disable accesss..... (Score:3)
Re: And this is why you disable accesss..... (Score:5, Interesting)
This may be problematic if you're going to fire the very person that would be performing said actions.
Who has only one person that has admin access to their systems?? What if that person gets hit by a car or quits without notice or something? Shit happen, after all.
That's as insane as telling someone they're being let go before you remove their credentials.
Re: And this is why you disable accesss..... (Score:4, Insightful)
Re: And this is why you disable accesss..... (Score:5, Funny)
What if that person gets hit by a car
Or a train...
Re: (Score:2)
Or a plane, boulder, tree, etc.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Our bus factor is 0.
Re: (Score:2)
Who has only one person that has admin access to their systems?? What if that person gets hit by a car or quits
It's not a big deal. That is why equipment and servers provide procedures that can be used to utilize physical access to reset the admin password without knowing the admin password.
Ideally you require all admin passwords be filed in a password management system, so when the admin is done, they hand over the keys to the password vault, and that is that.
Re: And this is why you disable accesss..... (Score:4, Insightful)
If you've only got one person who can do this, then you already have a very large problem.
Re: And this is why you disable accesss..... (Score:5, Insightful)
You basically need the IT head (who, if they can't be objective, can at least be counted on to be professional) in HR's office or on the phone before the fired employee leaves the room and make sure it's done.
Re: (Score:2)
Maybe we're living in an imperfect world, though.
We are. And companies without a business continuity plan such as "what happens if my admin gets hit by a bus" deserve everything they get.
Mind you I doubt this was actually the case and the result was far more likely HR incompetence than anything else.
Re: (Score:2)
These sorts of actions are the reason why more and more companies treat anyone being laid off as a hostile entity. Perp walked out the door, can't take person items with you (but with vague hopes that they will be mailed later). Then someone dumb in IT attempts to wipe their laptops soon, and someone in facilities starts to box everything up and put it into storage, leaving whatever project they were on in shambles.
I had three reports laid off in the past, two were out of the building before I even showed
Re: (Score:2)
Yeah... what a dumbass. Everyone knows that you remote into an unliked coworkers PC's with admin rights and make it look like they did the sabotage!
Geez... doesn't anyone read BOFH on The Register anymore?
Well... did they? (Score:5, Funny)
Re:Well... did they? (Score:5, Funny)
Re: (Score:2)
Here's hoping it goes something like this [youtube.com].
Re: (Score:2)
"According to court documents obtained by Bleeping Computer, Grupe asked management to resign..." What was management's answer when asked to resign? Did they?
Well, after they had had to deal with "inadequate language", how could they not resign?
I did not RTFA, but the language in the summary is rather tortured.
Re: (Score:2)
Inadequate language, indeed. Case in point.
Re:Well... did they? (Score:5, Funny)
Employee: "I've been working project you assigned me last but I don't have enough to get it done."
Boss: "Excuse me?"
Employee: "Do you not want me to the project or should I instead?"
Boss: "... Can you please use adequate language when speaking with me?"
Employee: "Go yourself."
Re: (Score:2)
LOL, I was thinking "leaving the --ing off of verbs" and things like that, but your example is better!
Re: (Score:2)
Re: (Score:2)
"According to court documents obtained by Bleeping Computer, Grupe asked management to resign..." What was management's answer when asked to resign? Did they?
It seems to me that the original article was written in Canadian and then run through Google translate to produce Slashdot English.
Huh? (Score:4, Informative)
ITYM "inappropriate."
inadequate language [Re:Huh?] (Score:5, Funny)
"...using inadequate language..."
I never realized it before now, but I have exactly that problem, inadequate language to deal with my boss
Re: (Score:2)
It was also pretty cheeky of him to "ask management to resign, effective immediately". :-)
Re: (Score:2)
Re: (Score:2)
"...using inadequate language..." ITYM "inappropriate."
Yeah, I loved that ... really, most profanity outbursts probably are the result of inadequate language, IMHO.
Re: (Score:2)
Yeah, I loved that ... really, most profanity outbursts probably are the result of inadequate language, IMHO.
Fuck off
https://www.sciencealert.com/s... [sciencealert.com]
Re: (Score:2)
At least he did not mess with the other switch (Score:2)
At least he did not mess with the other switches.
only $30,000 ?? sounds like the upgrade cost to (Score:2)
only $30,000 ?? sounds like the upgrade cost to get new hardware but it's not Millions from something derailing
Busted by the logging buffer... (Score:4, Informative)
So reading through the article, it looks like he was smart enough to get rid of the records of his access on the logging servers, but got caught because he forgot to clear the logging buffers on the network gear.
Hope it was worth it!
Re: (Score:2)
looks like he was smart enough to get rid of the records of his access
Smaaary....Riiight... because that would totally not have been obvious. Guy with anger management issues is fired, returns his laptop 2 days later, wiped, logs are wiped, and all the passwords are changed so nobody can get in. We shouldn't need log files to see what happened.
The physical-world equivalent here is the bank fires the one person with access to the vault, and the next day the vault is empty. The former employee shows up to return a giant empty bag with dollar signs all over it. The surveilla
Stupidest managers ever (Score:5, Insightful)
"We've found you SO insubordinate that we have to FIRE you from the company. But yes, we trust you Mr NetAdmin, to take your company laptop home with you."
Jesus. He's in trouble, but I hope for humanity's sake THEY didn't reproduce.
Re:Stupidest managers ever (Score:4, Insightful)
As a Canadian who is familiar with various aspects of CP Rail, yeah, they are *that* stupid. The only reason they're profitable is inertia and little competition other than CN, who also has similar intelligence problems.
Re: (Score:2)
Yup. When an employee is in a loud shouting contest with management, the person is going to be fired 99.9% of the time. Why waste 12 days of cooling off time? And why not confiscate the laptop immediately? Vaguely sounds like union rules or an overly restrictive set of procedures to follow.
As for the employee, it seems like he expected a chance to not be retained and he got his revenge only after being officially terminated.
Re: (Score:3)
No, you just don't get it.
The physical laptop is not what really matters. A laptop can be copied. Revoking the credentials is what should have been done.
It's just like if your bag gets stolen and someone drops your credit cards and your house keys on the front porch of your house. It's nice that those items made their way back to you, but it doesn't mean it's over and you better be sure to change your locks and cancel those credit cards in case someone made copies and eventually tries them out. It's the onl
So they have an opening now? (Score:1)
Every month... (Score:1)
Re: (Score:2)
What gets me is that people remember this stuff forever. About fifteen years ago, I was hired on as a consultant to clean up after an admin was fired, and said admin left many logic bombs (custom compiled init daemons that checked files, and if the files that if were not manually touched every week or so, would start writing garbage on random drive sectors, as well as resetting encryption on backup tapes to passwords from /dev/urandom, ensuring the data backed up would be useless.) Years later, this guy c
Re: (Score:2)
No need to watch, what I put on the internet. ...
Forr an idiot like that I don't want to work anyway
Re: (Score:2)
You hit the nail on the head. Last year, I had a job interview where posts I made back in the early 1990s in sci.crypt, comp.sys.mac.*, alt.sex.cthulhu, and other newsgroups actually were questioned. Thankfully I got an offer, but went with another place. The Internet does not forget.
Re: (Score:2)
You would be surprised. The only reason I have a FB, LinkedIn, and Twitter account is that when I was interviewed and said that I didn't have one, the interview pretty much ended on the spot. To a lot of HR people, no FB or LinkedIn is like not having E-mail or a phone.
So, I got a Twitter account, followed some random big named companies... good enough. Similar with FB, and LinkedIn has some random ramblings on it pointing to my public Git repo.
Re: (Score:2)
Not every places uses HR for hiring technical people, at my last two employers HR is only involved in posting the available position and filling out the HR paperwork once the candidate has been selected. It might be a bit of a self-selection process because I don't have a degree and so won't make it past the HR filter at places that use them.
IT Professional ?? (Score:4, Interesting)
Re: (Score:3)
They call him a "Professional" ? On what basis ?
Technically, a "professional" is someone who gets paid for their work, nothing more or less. You're using "professional" in the slang sense.
Re: (Score:2)
Technically, a "professional" is someone who gets paid for their work, nothing more or less. You're using "professional" in the slang sense.
A professional is also someone who is worth what they get paid. A professional attitude is not just about being in it for the money -- it's also about making an effort to do one's job well.
Re: (Score:2)
That's what I meant by the slang sense, but isn't technically part of the what "professional" means. The only difference between a "professional" and an "amateur" is that the professional gets paid.
Re: (Score:2)
You include management when you mention professional attitude being about more than just money and making an effort correct?
Well sort of, but not really. Obviously management has an interest in having professionals who do their jobs well. But so do the members of a profession, because it adds to the inherent value of what they do. They can market themselves as highly competent practitioners who can be counted on to do the job right.
Companies do not own professions. Their practitioners do.
Re: (Score:2)
Professionals do not scream at other people and use profanity, let alone to their bosses.
You can get into real trouble w/o doing any of those things. I once had a new manager (who was, "a quick learner") who wanted me to put a Fiber Channel card designed for a PC into a $200k HP server to, "see if it would work". I replied, very politely, but in front of other people, "Do you even know how computers work?" I got fired the next day. (Which, turns out, was for the best. I got another job within a month at the same pay. Had that one for 16 years.)
Lesson learned: Don't let people push your butto
Re: (Score:3)
I replied, very politely, but in front of other people, "Do you even know how computers work?"
"Do you even know how computers work?" is not a polite response no matter what tone of voice you used.
Re: (Score:2)
It's polite compared to what came to my mind, "are you fucking stupid?"
Re: (Score:2)
I replied, very politely, but in front of other people, "Do you even know how computers work?"
"Do you even know how computers work?" is not a polite response no matter what tone of voice you used.
I actually wasn't trying to be snarky, I was so startled by the insistence to try something so obviously stupid that I was genuinely curious. As I said, lesson learned.
Re: (Score:3)
So, did everyone in the room burst out laughing? :-)
Sometimes, a remark like that is totally justified. Unfortunately, in the corporate world and in gov't, it's the "Yes" men that are retained along with their incompetent managers. Those who dare speak the truth are doomed in such organizations.
Fortunately, incompetent organisations usually lose out in the marketplace to more competent competitors, so it all works out in the end (eventually).
Re: (Score:3)
There are no FC cards designed for a PC, there are only PCI, PCI-X and PCIe FC cards, the only difference between one for an HPUX box and an x86 server might be the firmware flashed on it. It's possible there were Sun specific adapters and they were still producing non-pci models in 1997 when FC first came out, but every card I've dealt with even on Solaris was just a PCI(x) card with a custom firmware image (on QLOGIC cards you can flash back and forth).
Re: (Score:2)
Professionals do not scream at other people and use profanity, let alone to their bosses.
You sure about that? I suspect Bobby Knight would disagree [youtu.be]
Their Fault (Score:2)
Re: (Score:2)
You need a proper organisation in place to do that. Your IT chief needs a deputy who has access to this stuff and who management can trust.
Re: (Score:2)
All of the servers I manage have this setup, where the owner of the server has a protected Cert kept off site, in their control and if they ever need access to the infrastructure, they can use
inadequate language? (Score:5, Funny)
... suspended Grupe for 12 days for yelling and using inadequate language with his boss.
So, he wasn't rude enough?
Re: (Score:2)
Re: (Score:2)
whaddya wanna bet (Score:3)
First off they didn't revoke his access keys immediately after firing him/letting him resign - for INSUBORDINATION of all things
Then it took them 3 weeks to figure out anything had been done, almost a day to figure out they just had to reboot the switches and then they had to call in specialists to figure out how to check the switch logs.
And boy howdy he sure showed them!
In other words (Score:2)
Choo Choo Motherfucker!
Seriously, if you have suspended/fired/asked someone to resign, Why on Earth would you not either take their security token, or revoke it?
Wait, what?? (Score:2)
They didn't immediately turn off his access??
Not enough info here to judge him..... (Score:3)
I mean, I've been in I.T. for about 30 years now and I know there's really nothing "good" that will come of trying to mess up the corporate networks or computers on your way out the door if you're let go.
But that said? This article really doesn't tell us anything about what the guy was angry about? If you're screaming at your boss, that tells me one of two basic things. Either A) you're just that unprofessional and have anger issues, or B) the company is doing something SO wrong, internally, that they've created a situation where YOU could become the "fall guy" for major problems set up to happen, and you have reason to confront them angrily.
(Even if option B is true? This assumes you've already exhausted other avenues to get your message across.)
I agree though. This railroad obviously has shoddy H.R. policies for handling terminations, in any case. Why would you let someone back onto your network once you terminated them?
Re: (Score:2)
Sure there's enough info. What could possibly justify him committing an illegal act of industrial sabotage?
I will judge him. Whatever the situation he was in, he made the wrong decision. Management hurt his feelings? Management raped babies and shot his dog? Doesn't matter. Either way given what he did and what the jury found it sounds like he's up for some time to reflect on his actions.
Stories (Score:2)
Yea, we had a senior DBA way back in the late 80's who quit in a fit of rage, but first formatted his DOS drive. It took me a few minutes to bring up Norton Utilities and undelete everything. A year later, he tried to come back and we declined to even interview him.
[John]
This is why we'll never be taken seriously (Score:2)
People who are somewhat career-minded in the IT field should take this as a "what not to do when you're fired" lesson. Our field is surprisingly small, more so once you get into a specialized industry. Nothing good will ever come of some stupid revenge you get on a bad employer...walking away and getting another job is the mature, grown-up thing to do.
If a doctor got fired from a hospital, would his last action be to order a fatal dose of medication for all his patients? Probably not, if he didn't want to g
Re: This is why we'll never be taken seriously (Score:4, Insightful)
If doctors were treated as badly as IT, a lot more people with be afraid to go to the hospital.
Idiot network admin. (Score:3)
The rail road should consider itself lucky it got off with just this much damage. It could have been a lot worse.
Canadian Pacific was actually his second choice (Score:2)
First he wrecked the entire IT system of Air Canada and completely deleted the company’s customer service capability, but found that nobody noticed, because AC always runs that way.
Re: (Score:2)
because AC always runs that way.
Now that's funny! Mod him up, please. Although the above comment was in jest (I think), I am Canadian and can completely believe that this might have happened at Air Canada. And at Rogers Cable too. It would explain so much. My god, that guy really did get around! I'm still chuckling ...
Stupidity on both sides (Score:3)
NEVER burn your bridges (Score:4)
This guy will likely never get hired as an IT staffer again. Sure the company was going to fire him, but in the modern world of "All we can confirm is that he was employed here from X to Y" his reason for departure was going to be an interview question, not something that was going to come up in reference checks. Now even ignoring that searching for his name is going to bring this up, he can't network for jobs with anyone he worked with, anyone who know those folks, and probably out to the second degree.
I guess that's one way to make sure you follow through on your dreams of a career change.
Re: (Score:2)
It's people like that... (Score:2)
...that give Canadians a bad name. Now we don't think they're all Dudley Dorights.
E
reboot fixed it was the plan to have stuff fail an (Score:2)
reboot fixed it was the plan to have stuff fail an then get his job back as being the only person who knows about the network?
How appropriate... (Score:2)
...it's a trainwreck.
Proving once again... (Score:2)
The value of documentation.
Re:Not guilty (Score:4, Funny)
Why, because of his exemplary professional behavior? Also, who would be insane enough to hire him now?
Equifax Argentina division, he would most likely do a bang up job securing their servers. At least he knows how to effectively lock down and change admin passwords in a Windows server setup which is a skill that seems to elude Equifax IT specialists.
Re: (Score:2)
Little hands, little balls.
Re: (Score:2)
Naw, you'd need bigger balls than that. Remember, any sufficiently advanced level of ignorance is indistinguishable from chutzpah.
Re: (Score:2)
This is just preliminaery
phone.display.poop_emoji
vr_subsystem.aroma.disperse('hydrogen_sulfide')
phone.vibrate
I am an angel investor and would like to offer you $10,000,000 for a 51% stake.
Re: (Score:2)
You realize that one of the iPhones first mega successful apps was a fart app, which was funded.
Re: (Score:2)