IT Worker Sentenced To Seven Months After Trashing Company Network (theregister.com) 65
An anonymous reader shares a report: A judge has sentenced a disgruntled IT worker to more than seven months in prison after he wreaked havoc on his employer's network following his suspension, according to West Yorkshire Police.
According to the police, Mohammed Umar Taj, 31, from the Yorkshire town of Batley, was suspended from his job in nearby Huddersfield in July 2022. But the company didn't immediately rescind his network credentials, and within hours, he began altering login names and passwords to disrupt operations, the statement says.
The following day, he allegedly changed access credentials and the biz's multi-factor authentication settings that locked out the firm and its clients in Germany and Bahrain, eventually causing an estimated $274,200 in lost business and reputational harm.
According to the police, Mohammed Umar Taj, 31, from the Yorkshire town of Batley, was suspended from his job in nearby Huddersfield in July 2022. But the company didn't immediately rescind his network credentials, and within hours, he began altering login names and passwords to disrupt operations, the statement says.
The following day, he allegedly changed access credentials and the biz's multi-factor authentication settings that locked out the firm and its clients in Germany and Bahrain, eventually causing an estimated $274,200 in lost business and reputational harm.
These morons never learn (Score:2)
Yes, they will get caught. Yes, they will go to prison. And, yes, they will pay for the damage, probably for a long, long time.
Punishment isn't working. (Score:1)
Why do assume they will pay for anything instead of going bankrupt?
Hard time breaking rocks into gravel is real punishment. Confinement under lax modern conditions is not.
Re:Punishment isn't working. (Score:5, Interesting)
Related to that, even a harsh punishment doesn't necessarily mean that someone will make an illogical choice not considering the consequences; you will never stop 100% of issues like this because there will always be someone who misunderstands their situation and makes an illogical choice regardless of punishment.
Re: (Score:2)
"Punishment isn't working": you can't prove that because it's proving a negative. How many people thought about causing damage to their employer after getting laid off, but decided not to because they knew they would go to prison?
Related to that, even a harsh punishment doesn't necessarily mean that someone will make an illogical choice not considering the consequences; you will never stop 100% of issues like this because there will always be someone who misunderstands their situation and makes an illogical choice regardless of punishment.
Actually it's pretty easy to demonstrate via recidivism rates. If punishment is working, you'd see repeat offences going down, if it's not working you'd see more repeat offenders.
To save you the trouble of getting angry at google, you can get angry at me for telling you that countries with less harsh punishments have much lower recidivism rates and countries with harsher punishments tend to have more crime.
Prevention is a lot better than cure, realistically if treating prisoners like humans helps them
Re: (Score:3)
This guy's record will follow him his entire life. These days, it's really hard to get hired anywhere, particularly in IT, if you have a criminal record. That's pretty severe (and appropriate) punishment, in my opinion.
UK spent convictions (Score:4, Interesting)
After four years and seven months his official record will become invisible as it will be spent conviction. Even before that the information isn't normally easily available, though the publicity in this case has generated me be more of a problem for him, as an internet search will reveal him. So it may be less of a disaster than you think, though he may struggle.
https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2)
Interesting, the US doesn't have any such "spent conviction" law. Your past crimes can literally follow you the rest of your life.
Even in the UK, according to the Wikipedia article you linked, there is a long list of professions that are exempt from the law, so it does still narrow the potential positions that this man could hold.
Re: (Score:3)
This guy's record will follow him his entire life.That's pretty severe (and appropriate) punishment, in my opinion.
Nope, his notoriety will increase, the criminal record will be ignored and once he gets through the hard times of the hooplah he will be paid even more.
I say this because I have seen this *exact* situation before with a former colleague and it did wonders for his career. He basically did what everyone has thought about and paid for it - those types of experience carry value.
Re: (Score:3)
Nope, his notoriety will increase, the criminal record will be ignored and once he gets through the hard times of the hooplah he will be paid even more
Reality is that he didn't do anything requiring any marketable talent. Anyone can go and smash up things. And it is clearly evident to everyone that his actions were caused by utter uncontrolled stupidity.
You wouldn't give him a job as a taxi driver, because you'd have to fear that he smashes up all your taxis at any time.
Re:Punishment isn't working. (Score:5, Insightful)
If that were the case, the death penalty would only be applied to the wrongly convicted or intentionally suicidal.
This is because of two interlocking facts: (a) most criminals are not terribly rational, in particular they tend to have broken time preferences. And (b) many crimes like this are "crimes of passion" - e.g. being stupid because you're super angry.
Making prisons more sadistic than they are now doesn't fix either of those things. You just make people more resentful and broken when they finally get out.
Re: (Score:2)
Re: Punishment isn't working. (Score:1)
Restitution for criminal conduct generally can't be discharged via chapter 7. This is different from civil liability.
Re: (Score:1)
Re: (Score:2)
A zillion years ago, I had a contract position at Disney. But I was a temp worker, so they didn't give me a desk. Or a phone. Or a PC to use. Or any official way to check my e-mail. But somehow they DID give me Forest Admin credentials for their ENTIRE Active Directory.
I was there for six months and when the full time replacement admin finally showed up, they had armed guards escort me out. My replacement let me know after the fact that someone done fucked up setting up my user account. I could've fucked th
Re: (Score:2)
You know who else doesn't seem to learn? All these companies with shitty IT policies who don't know how to secure their networks appropriately. There is at least one of these stories every year.
Re: (Score:2)
True. Does not help the person going to prison much though.
Re: (Score:2)
Re: (Score:2)
Just like it's each criminals first time.
...but why?? (Score:2)
Re:...but why?? (Score:5, Insightful)
People who are vengeful are often also not very rational in that emotional state, history is littered with examples of this and they seem incapable of extrapolating the consequence of their shortsighted actions. In this case, the dude's rampage came about because he was suspended from work which indicates he had already generated a fair amount of "friction" at his workplace.
Re: (Score:2)
People who are vengeful are often also not very rational in that emotional state, history is littered with examples of this and they seem incapable of extrapolating the consequence of their shortsighted actions. In this case, the dude's rampage came about because he was suspended from work which indicates he had already generated a fair amount of "friction" at his workplace.
A better question is "why are so many employees irrationally vengeful"?
I suspect we all know why but don't want to admit that the way the US allows employers to treat employees is horribly broken. Much easier to pretend they're just "wronguns" and offer thoughts and prayers for the quarterly results.
Re: (Score:2)
Sure, but a vengeful action that makes a person's situation worse is stupid regardless of what led up to it or how shitty the employer is. There's no rational reason at all for anyone to sacrifice themselves on the alter of shitty employers, especially since shitty employers tend to make sure they get their pound of flesh with some extra sprinkles on top.
Re:...but why?? (Score:5, Interesting)
Unfortunately for him I noticed some oddities with how things were broken and started digging. He ended up pleading guilty in federal court.
Re: (Score:3)
No, the guy he caught, lived up to the moniker.
Re: (Score:2)
Unfortunately for him I noticed some oddities with how things were broken and started digging. He ended up pleading guilty in federal court.
Wow, you really lived up to your Slashdot moniker!
He was let go for his anger management issues, and then turned around and vandalized his former employer, a charity BTW, and cost them thousands of dollars in services and time. So yea, not going to feel too bad about how it shook out.
Re: (Score:2)
Yeah those were the days. More than a decade ago I worked for a company that had an IT services business. They had a single administrative account that they used everywhere. All the IT staff, and many others, knew the password to this account. When I pointed out this security problem, they wanted to change it but couldn't, because it was hard-coded in so many places, and used in so many interconnected services, that changing the password would have brough down their entire operation.
Re: (Score:2)
Kinda happened to me when I left one company. I documented everything, but they couldn't find a replacement before I left so there was no in-person hand-over. Ended up doing a bit of consulting work to get them up an running again with things I was maintaining. Not malicious, they just didn't have anyone else with the right knowledge/skills to take over. I don't think they realized how much I was doing, how complex the systems were.
Re: (Score:2)
Re: (Score:1, Troll)
But seriously
You lost any ability for anyone to take you seriously after this beauty:
"Mohammed Umar Taj" seemed so nice and respectable
Re: (Score:2)
Maybe don't trash your company's network next time you get butthurt about your coworkers.
That seems like solid advice, no matter your name.
Reputational damage? (Score:5, Informative)
If the company didn't rescind his credentials immediately upon firing, that's all the reputation you need to know.
This is basic security practice taught in every 100 level IT security course.
Re:Reputational damage? (Score:4, Informative)
He wasn't fired immediately, he was suspended, and did the damage will still an employee.
Re:Reputational damage? (Score:4, Insightful)
...doesn't negate the question; why wasn't his account disabled? A suspended employee has no reason to access secure systems, this should be the default.
I'm having a hard time imaging a reason for suspension that wouldn't necessitate the need to disable his credentials.
Re: (Score:2)
Suspension is done with the assumption that the employee is coming back. At that point, they would have all access restored anyway. If the offenses were so severe that they would necessitate terminating access, they should just fire the employee. If they don't fire the employee, they have to continue to trust the employee, sooner or later.
Re: (Score:2)
Suspension means the employee isn't performing their job duties; hence they don't need access to the system. Same thing applies, admittedly to a lesser extent, to when admins go on vacations.
On top of that, suspensions are not done with the assumption that the employee is coming back; it's more of a "get the person out of here NOW while we build our termination case" type of thing. Suspensions are almost always for ethical reasons, which is precisely the type of person who shouldn't have access, and there
Re: (Score:2)
Find, you can look at suspension however you want to, but that's not how companies see it. It's not customary to cut off access to suspended employees, and certainly not employees who go on leave, at most companies.
As we can see here, disabling his credentials was clearly called for, so between yours and my perspectives, which would you say is more correct?
This is an egregious and unusual case. It's news because it's unusual, ordinary suspensions don't make the news because they are boring. So this case does not prove the rule.
Re: (Score:2)
That is how companies see suspensions, at least competent ones. And here, with this story, we see WHY.
But by all means, continue to believe otherwise in the face of contrary evidence. My contracting rates are very reasonable ( considering the alternative of course ), so it's in my best interest that more companies think as you do instead of following my advice.
Re: (Score:2)
And here, with this story, we see WHY.
This is an attempt to prove the rule, by citing an extreme case. This case is *not* typical, but rare. You completely ignored that crucial point.
You don't build your house with bullet-proof glass, despite the unlikely, but non-zero, probability that someone would shoot through them. You build your house to withstand risks that are probable enough to justify the expense.
The probability of a rogue employee will sabotage your company's entire operation, even an employee that is fired for cause, is remote, thou
Re: (Score:2)
Of course you design your policies and procedures to protect against rogue employees, particularly in IT and especially with admins who have greater levels of access.
Suggesting otherwise exposes your own ignorance as to how IT security operates in companies ( or how it's supposed to ). Everywhere I've worked, suspended employees were treated as terminated as far as their access to resources were concerned ( up to and including email ). Most places would ask you to tell them if you were traveling out of co
Re: (Score:2)
Your personal experience with employers is not representative. It certain differs from mine.
Like anything else, security is a cots/benefit question. You put your family at risk of bullet strikes, by not having bulletproof glass windows on your house and car. Why don't you do it? Too expensive.
Many, especially smaller, companies, have more lax security policies because they are expensive, and because they trust their people. Implementing rigid security policies costs time and money, neither of which are avai
Re: (Score:2)
Suspension is done with the assumption that the employee is coming back.
That's often not true. Suspension can often be done as part of an investigation where there's a suspicion that someone has done enough to be fired but the evidence isn't yet clear enough. The assumption is that, if the suspicion is confirmed they will be fired. Moreover, is has to be a suspicion of something potentially serious otherwise they would be allowed to continue work.
Re: (Score:2)
Suspension by definition means that there is not enough proven cause (yet) to fire the employee. If there were, they would fire the employee without a suspension. So suspension doesn't assume either that the employee is, or is not, coming back.
In this particular case, the company would have known at the beginning of the suspension, whether they planned to fire the guy or not. They would have known whether it was a formality or whether they were really trying to rehabilitate. The fact that they didn't disabl
Re: (Score:2)
In this particular case, the company would have known at the beginning of the suspension, whether they planned to fire the guy or not.
I don't find that clearly in either TFA or even the articles linked. How do you know that? I didn't see something clearly stating why he was suspended or wheter they were sure.
As far as the rest, et me just rearrange a little what you said.
The fact that they didn't disable his credentials, implies that they thought he was coming back.
however suspension doesn't assume either that the employee is, or is not, coming back.
Even if you are pretty sure he's coming back after suspension, you can't actually ever be fully sure. The employee might just get resentful at what they think is unfair treatment and leave anyway. I might deliberately leave something open to see what they do, but I would
Re: (Score:2)
My question is simply, if they didn't intend to reinstate him, why *didn't* they disable his credentials?
You are also right, why didn't they do so regardless? That's a good question. But if they did intend to fire him, they would very likely have immediately disabled his credentials.
Re: (Score:2)
...doesn't negate the question; why wasn't his account disabled? A suspended employee has no reason to access secure systems, this should be the default.
I'm having a hard time imaging a reason for suspension that wouldn't necessitate the need to disable his credentials.
Totally agree about this. There's another way of thinking about it. These are your colleagues, possibly even friends. You have no idea what stress they have been under. Maybe they have some disease in the family or financial problems. Maybe they are under major stress. They may not be thinking straight. They might go home and have their partner scream at them about being useless. It might be int he middle of some kind of mental breakdown that they go crazy and damage a system they would never do anything ba
If he really wanted ... (Score:5, Funny)
[Saw this posted elsewhere]
Re: (Score:2)
you've never been to Yorkshire, have you? The urban areas have attracted substantial immigration from the Indian subcontinent, so the name isn't a surprise to Brits.
Re: (Score:2)
Yorkshire is about 8% Muslim.
BTW, India is 80%Hindu (also the seat of Yoga and (Score:2)
Used to be 100% Hindu before barbaric Islamic invasions.
Re: BTW, India is 80%Hindu (also the seat of Yoga (Score:2)
Hinduism is not a warmongering culture like the Jihadi Islamic hatemongering invasionist mindset
The Rg Veda, 5000+ years old says that God is the Consciousness within all.
Our way is that of Yoga and
meditation https://www.perplexity.ai/sear... [perplexity.ai] âïðY(TM)ðYðY--ðY'ðY®ðYðYðYðY
Re: (Score:2)
It's a good general rule about Hinduism to resist any claim about what it does or does not believe. As the Thugee cult's existence reveals, some elements are rather aggressive (yes, I'm aware that the origin of Thugees is not disputed, but noone denies they MIGHT have had a religious motivation).
And the various pre-Muslim empires on the Indian subcontinent didn't happen spontaneously by mutual agreement, did they?
https://en.wikipedia.org/wiki/... [wikipedia.org]
Every religion has its dark bits and currently fashionable bit
Remember Goa (Score:2)
There was a significant Christian presence, which claims descent from missionary efforts by St Thomas. There's the little matter of the Jains. And then there's the BHUDDISTS, who started in India. And the Sikhs...
So no - 100% is not a good claim.
The 7 month jail senence is the easy part. (Score:2)
My guess his financial asset capacitor is going to get discharged in a civil proceeding. The guy might be walking around with no shirt afterwards, if you know what I mean.
There's always two sides. (Score:2)
You lose your temper. Do something of questionable judgement. Momentary satisfaction as you see them scramble to replace you.
Side #2: You still have to work there. It sucks because you kinda liked the guy causing all the problems. You understand his reasoning, but you're trapped because you're definitely not in a position to do something similar. So you save your own ass.
I see both sides. The corporate money usually wins. An unfortunate fact of
Re: (Score:2)
But I don't dismiss the disgruntled employee's claim.
What claim is that? There's nothing in TFS or TFA that indicates the ex-employee has attempted to justify his behavior at all.
Additionally, you missed...
Side #3: You've known the guy was an immature ass for quite some time, and warned your superiors that best practices dictate every bit of access he had should be rescinded right away and every password he had access to be changed immediately - but they neglected to act.
Re: (Score:2)
What claim is that?
You fired the "immature ass" and left him in full control of passwords etc. What did you expect? It's the classic case of expecting professionalism while not projecting professionalism. They don't give a fuck about this guy. Why should he give a fuck back?
That explains one thing (Score:2)