IT Admin Trashes Railroad Company's Network Before He Leaves (bleepingcomputer.com) 63
Catalin Cimpanu, writing for BleepingComputer: A federal jury in Minneapolis, Minnesota found a local man guilty of intentionally damaging his former employer's network before leaving the company. The man's name is Christopher Victor Grupe, 46, and from September 2013 until December 2015 he worked as an IT professional for the Canadian Pacific Railway (CPR), a transcontinental railroad based in Alberta, Canada. Things went sideways in December 2015 when CPR suspended Grupe for 12 days for yelling and using inadequate language with his boss. When the man returned to work following his suspension on December 15, management told Grupe they were going to fire him for insubordination. According to court documents obtained by Bleeping Computer, Grupe asked management to resign, effective immediately. He promised to come back the following days and return company property such as his laptop, remote access device, and access badges. He did return the items, as promised, but not before taking the laptop for a last spin inside CPR's network. Court documents show Grupe accessed the company's switches and removed admin accounts, changed passwords for other admin accounts, and deleted log files. When done, Grupe wiped his laptop and returned it to CPR's Minnesota office on December 17, two days after he resigned.
IMHO, they deserved what they got.
How does this get modded up?
Anyone who plans to sabotage anything like this on the way out the door deserves everything that comes to them if they get caught.
Anyone who plans to sabotage anything like this on the way out the door deserves everything that comes to them
Sure, the sabotage was criminal and wrong. But leaving access enabled was still stupid, especially when they knew this guy was irrational and had anger issues.
Burglars should go to jail, but I still lock my front door.
*before* you tell someone you're going to fire them.
This may be problematic if you're going to fire the very person that would be performing said actions.
Who has only one person that has admin access to their systems?? What if that person gets hit by a car or quits without notice or something? Shit happen, after all.
That's as insane as telling someone they're being let go before you remove their credentials.
If you've only got one person who can do this, then you already have a very large problem.
You basically need the IT head (who, if they can't be objective, can at least be counted on to be professional) in HR's office or on the phone before the fired employee leaves the room and make sure it's done.
"According to court documents obtained by Bleeping Computer, Grupe asked management to resign..." What was management's answer when asked to resign? Did they?
Well, after they had had to deal with "inadequate language", how could they not resign?
I did not RTFA, but the language in the summary is rather tortured.
Inadequate language, indeed. Case in point.
Employee: "I've been working project you assigned me last but I don't have enough to get it done."
Boss: "Excuse me?"
Employee: "Do you not want me to the project or should I instead?"
Boss: "... Can you please use adequate language when speaking with me?"
Employee: "Go yourself."
ITYM "inappropriate."
inadequate language [Re:Huh?] (Score:2)
"...using inadequate language..."
I never realized it before now, but I have exactly that problem, inadequate language to deal with my boss
It was also pretty cheeky of him to "ask management to resign, effective immediately".
:-)
"...using inadequate language..." ITYM "inappropriate."
Yeah, I loved that
... really, most profanity outbursts probably are the result of inadequate language, IMHO.
At least he did not mess with the other switches.
only $30,000 ?? sounds like the upgrade cost to get new hardware but it's not Millions from something derailing
So reading through the article, it looks like he was smart enough to get rid of the records of his access on the logging servers, but got caught because he forgot to clear the logging buffers on the network gear.
Hope it was worth it!
"We've found you SO insubordinate that we have to FIRE you from the company. But yes, we trust you Mr NetAdmin, to take your company laptop home with you."
Jesus. He's in trouble, but I hope for humanity's sake THEY didn't reproduce.
What gets me is that people remember this stuff forever. About fifteen years ago, I was hired on as a consultant to clean up after an admin was fired, and said admin left many logic bombs (custom compiled init daemons that checked files, and if the files that if were not manually touched every week or so, would start writing garbage on random drive sectors, as well as resetting encryption on backup tapes to passwords from
/dev/urandom, ensuring the data backed up would be useless.) Years later, this guy c
They call him a "Professional" ? On what basis ?
Technically, a "professional" is someone who gets paid for their work, nothing more or less. You're using "professional" in the slang sense.
Professionals do not scream at other people and use profanity, let alone to their bosses.
You can get into real trouble w/o doing any of those things. I once had a new manager (who was, "a quick learner") who wanted me to put a Fiber Channel card designed for a PC into a $200k HP server to, "see if it would work". I replied, very politely, but in front of other people, "Do you even know how computers work?" I got fired the next day. (Which, turns out, was for the best. I got another job within a month at the same pay. Had that one for 16 years.)
Lesson learned: Don't let people push your butto
I replied, very politely, but in front of other people, "Do you even know how computers work?"
"Do you even know how computers work?" is not a polite response no matter what tone of voice you used.
So, did everyone in the room burst out laughing?
:-)
Sometimes, a remark like that is totally justified. Unfortunately, in the corporate world and in gov't, it's the "Yes" men that are retained along with their incompetent managers. Those who dare speak the truth are doomed in such organizations.
Fortunately, incompetent organisations usually lose out in the marketplace to more competent competitors, so it all works out in the end (eventually).
Professionals do not scream at other people and use profanity, let alone to their bosses.
You sure about that? I suspect Bobby Knight would disagree [youtu.be]
You need a proper organisation in place to do that. Your IT chief needs a deputy who has access to this stuff and who management can trust.
... suspended Grupe for 12 days for yelling and using inadequate language with his boss.
So, he wasn't rude enough?
I think this was probably supposed to be "inappropriate" language, rather than "inadequate"
First off they didn't revoke his access keys immediately after firing him/letting him resign - for INSUBORDINATION of all things
Then it took them 3 weeks to figure out anything had been done, almost a day to figure out they just had to reboot the switches and then they had to call in specialists to figure out how to check the switch logs.
And boy howdy he sure showed them!
Choo Choo Motherfucker!
Seriously, if you have suspended/fired/asked someone to resign, Why on Earth would you not either take their security token, or revoke it?
They didn't immediately turn off his access??
I mean, I've been in I.T. for about 30 years now and I know there's really nothing "good" that will come of trying to mess up the corporate networks or computers on your way out the door if you're let go.
But that said? This article really doesn't tell us anything about what the guy was angry about? If you're screaming at your boss, that tells me one of two basic things. Either A) you're just that unprofessional and have anger issues, or B) the company is doing something SO wrong, internally, that they've created a situation where YOU could become the "fall guy" for major problems set up to happen, and you have reason to confront them angrily.
(Even if option B is true? This assumes you've already exhausted other avenues to get your message across.)
I agree though. This railroad obviously has shoddy H.R. policies for handling terminations, in any case. Why would you let someone back onto your network once you terminated them?