• @MTK@lemmy.world
    link
    fedilink
    English
    2624 months ago

    Up to 10 years is crazy. Sure, what he did was wrong, planned and malicious, and they claim it cost them tens of thousands of dollars. But 10 years? This is crazy for something that at worst would be a yearly salary of a single employee.

    Fucking capitalism.

    • @booly@sh.itjust.works
      link
      fedilink
      English
      604 months ago

      “Up to 10 years” is the maximum possible for that type of crime. Actual sentencing guidelines for a $500k loss for a first time offender will probably come out to about 2, maybe 3 years.

      In order for the recommended sentence to hit 10 years, we’d have to be talking about damage of over $550 million, or something like a long criminal history.

      Substantial disruption of critical infrastructure would get someone to around 5 years, as a reference.

    • @null_dot@lemmy.dbzer0.com
      link
      fedilink
      English
      314 months ago

      allegedly costing hundreds of thousands of dollars in losses.

      Also it’s sabotage, which might attract heavier penalties than mere theft?

      • @booly@sh.itjust.works
        link
        fedilink
        English
        164 months ago

        Actually for federal sentencing, property destruction is punished under the same table as theft. It’s mostly measured from the amount of loss to the victims, whether the person actually profited from it or not.

    • @PresidentCamacho@lemm.ee
      link
      fedilink
      English
      23
      edit-2
      4 months ago

      Now to make it worse, ask this, “If the corporation did 10 times this amount of damage, but to the general citizens of the country, how many people would go to jail?”

      That’s right 0 people would go to jail! And they would only be fined for no more than 10% of the profit they made while doing it. Maybe someone like a jr director of operations gets tossed in jail, but he wasnt really apart of the club.

      • @LifeInMultipleChoice@lemmy.world
        link
        fedilink
        English
        14 months ago

        Nah they would have added more fees to subsidize the protections they weren’t going to put in place. Then reach out to the government for subsidies to put these protections in place. Then give bonuses, stock buy backs and when it happened again, they’d raise the fees installed previously and consider making the upgrades if the fine threatened is high enough, if not they’ll pay the fine and buy back more stock and run an ad campaign to make the company look better.

    • @Jimius@lemmy.ml
      link
      fedilink
      English
      24 months ago

      “allegedly costing hundreds of thousands of dollars in losses.” It seems he was already messing with the systems while he was still working there. This is not a case of malicious compliance or they fired the only guy who knew how something worked. He was actively sabotaging the company’s network.

      “he apparently became disgruntled by a corporate “realignment” in 2018 that “reduced his responsibilities,”” So it’s not even like the company was being evil as they fired him while he was on PTO to take care of his daughter with leukaemia (or something). He would’ve been better off finding a new job if he was unhappy. Instead he made things far worse.

      But 10 years is way too high. Especially for a victimless crime with alleged “values” of loss. But otherwise he gets no sympathy from me.

    • @aquinteros@lemmy.world
      link
      fedilink
      English
      54 months ago

      he should have tried to overthrow the government, or stole classified documents. that’s a drastically lower sentence

  • Vanth
    link
    fedilink
    English
    374 months ago

    Initially makes me wonder how the employer could be so dumb as to give one employee so much access. But then I remember a former employer of mine did the same and worse.

    Colleague was known for writing his comments in such a way that only he could read them, including mixing in German (US based company doing all business in English). He was also the admin of our CAD system and would use it as leverage to get his way on things, including not giving even default user access to engineers he didn’t like. We migrated systems and everyone was thinking, “this is it, the chance to root this guy out of the admin position” and… they gave him admin access again. Not even our IT department had the access he had. I left before the guy retired / was fired, this post is making me wonder if he left peacefully or left bricking the CAD system out.

    • @ubergeek@lemmy.today
      link
      fedilink
      English
      44 months ago

      Initially makes me wonder how the employer could be so dumb as to give one employee so much access.

      Right now, just based purely on the access I need to do my day-to-day job involves me having access where I can pretty much nuke everything from orbit, with an ssh loop.

      At some point, you need to trust your employees, in order to get work done. Sure, you can lock it all down tightly, but then you just made work take longer. It’s a trade off.

    • @jaschen@lemm.ee
      link
      fedilink
      English
      64 months ago

      My previous work didn’t revoked my access to their CMS. I was so upset when they laid me off after telling them my wife is pregnant.

      But I ain’t that stupid.

    • partial_accumen
      link
      fedilink
      English
      44 months ago

      Initially makes me wonder how the employer could be so dumb as to give one employee so much access.

      The amount of access he had doesn’t surprise me. He’d been there for 11 years already likely working on many things as he interacted with systems in the course of his legitimate work. While its possible to set up access and permissions in an organization utilizing the “least privilege principle”, its expensive, difficult to maintain, and adds lots of slowdowns in velocity to business operations. Its worth it to prevent this exact case from the article, but lots of companies don’t have the patience or can’t afford it.

  • @Korkki@lemmy.ml
    link
    fedilink
    English
    884 months ago

    Why do kill switches when you can just hog all the work of maintaining some critical part of the infrastructure and make it’s functioning and maintenance so opaque and impenetrable that the employer can’t replace or fire you without their shit catching fire soon after. It doesn’t have to be malicious or illegal.

    https://youtu.be/0jK0ytvjv-E

    His efforts to sabotage their network began that year, and by the next year, he had planted different forms of malicious code, creating “infinite loops” that deleted coworker profile files, preventing legitimate logins and causing system crashes

    I wish this guy was were actually politically motivated, but he seems to have been just really petty minded person.

    • @ubergeek@lemmy.today
      link
      fedilink
      English
      34 months ago

      so opaque and impenetrable that the employer can’t replace or fire you without their shit catching fire soon after.

      Somehow, that’s the kinda roles I always land in lol

    • Jo Miran
      link
      fedilink
      English
      264 months ago

      Why do kill switches when you can just hog all the work of maintaining some critical part of the infrastructure and make it’s functioning and maintenance so opaque and impenetrable that the employer can’t replace or fire you without their shit catching fire soon after.

      This is literally my firm’s core business practice. We’ve been at it for so long that at this point we have to be included in competing bids because we are the only ones in the world that can do certain specific things.

    • @Railcar8095@lemm.ee
      link
      fedilink
      English
      134 months ago

      That’s what my old company used to do. You did this? Do a KT to some underpaid remote employee and when they leave it’s again your responsibility to maintain it, alongside the new bugs and spaghetti they introduced.

      We once told a SP50 customer that we would not provide a business critical service because an employee went on sabatical for a month and she had the only working version on her cookery computer. At that point the customer was so integrated with us that it would take them years to replace us.

  • @TheBananaKing@lemmy.world
    link
    fedilink
    English
    1524 months ago

    I worked for a company once that installed a remote-activation killswitch in their drivers, as a secret weapon to force the customer to stay current on their maintenance contract.

    The CEO was a fuckup however, and the code killed their system even without being activated - resulting in a bunch of angry phonecalls and some of the most egregious lying I’ve ever heard.

    god, he was a piece of shit

    • palordrolap
      link
      fedilink
      224 months ago

      Naturally. Advantage, privilege and money should only be in the hands of those who run large companies or better.

      If that made you angry, bear in mind that’s what most top level company executives think. Well, actually they don’t think it, they know it unconsciously as the true order of the universe they inhabit and they get really uncomfortable should it even look vaguely like someone might be trying a competing philosophy to their own.

      To be fair though, most people get really uncomfortable when something might undermine even part of the philosophy they live by.

  • Sundray
    link
    fedilink
    English
    594 months ago

    For the last time, I didn’t leave a kill switch – I just refused to document anything!

  • @eran_morad@lemmy.world
    link
    fedilink
    English
    474 months ago

    I’m the lone human being who understands the code behind the byzantine financial operation of my org. No kill switch necessary.

    Pro tip: your poorly thought out business rules can lead to stupidly complex processes.

    • @Monument@lemmy.sdf.org
      link
      fedilink
      English
      134 months ago

      I work on a small team and recently realized my boss is falling victim to survivorship bias. Another colleague and I handle our work, which is mission critical to the org, competently and fairly opaquely, only raising issues as they arise. However some other members of our team have less critical but more visible work that they tend to bungle. The department invests hiring dollars, training efforts, and materials purchases in service of remediating those issues. But my colleague and I are both burned out, eyeing the door, and fully aware there’s no one who understands what we do or is capable of doing it within our organization - aside from each other, but our respective scope of work is non-overlapping and there’s truly not wiggle room to cross train or support each other’s work. I’ve said all I know to say to leadership about this issue but they seem willfully ignorant.

      When one of us goes, I think the other will follow quickly. Hiring takes almost 2 months at my work, so the gap/lack of knowledge transfer will make for a huge shit show.

      • @sexual_tomato@lemmy.dbzer0.com
        link
        fedilink
        English
        24 months ago

        You burning out is a process failure. Work normal hours and let shit fail 🤷‍♂️. Say the reduction in hours is “health related” so they can’t pry.

        • @Monument@lemmy.sdf.org
          link
          fedilink
          English
          1
          edit-2
          4 months ago

          It’s not quite like that. My workplace is surprisingly good on the hours, they just aren’t great on responsibilities or scope.

          It’s… a lot of work in very broad specialties, with little backup.

  • @S13Ni@lemmy.studio
    link
    fedilink
    English
    1284 months ago

    Lol everyone probably fantasizes about such thing sometimes, but even if you weren’t caught, it’s not worth it to personally be bitter like that.

    Just got laid off and could had done the same. Except I don’t have to. Internal systems are so bad and undocumented and I was like only IT specialist there who could use linux, and so many things related to core businesses were just basically behind me.

    The kill switch has made it self. Funny how I would have written more documentation if I ever was given the time.

    • @kameecoding@lemmy.world
      link
      fedilink
      English
      114 months ago

      I didn’t plant anything and I could still brick the production backends of a former employer because some poor ass decisions were made when choosing technologies and then when I pointed it out that it’s pretty bad the technology was stuck with so literally all it takes is sending 2-3 requests so all pods die.

      But why do it.

      • @S13Ni@lemmy.studio
        link
        fedilink
        English
        104 months ago

        Similar cases with my old company. In my case people who would had suffered the most direct consequences would had been my colleagues who I respect.

        But I could totally cause trouble without any backdoor access.

    • @prole@lemmy.blahaj.zone
      link
      fedilink
      English
      264 months ago

      but even if you weren’t caught, it’s not worth it to personally be bitter like that.

      Really depends on what you do for a living… Non-profit? Sure. Weapons manufacturer? Fucking have at it.

      • @kkj@lemmy.dbzer0.com
        link
        fedilink
        English
        184 months ago

        But don’t be stupid about it. Stash a date somewhere that you manually update every so often (so that it’ll stop being updated if you’re fired) and then add a bunch of random waits whose durations scale with the time since that date. If you’re worried that the code will be found, comment it with some bullshit about avoiding race conditions.

        …and now I can’t use that idea, since this comment would be used in court. If I did it to a weapons manufacturer, they’d probably get the death penalty somehow.

      • @S13Ni@lemmy.studio
        link
        fedilink
        English
        124 months ago

        Fair but I wouldn’t ever work for weapons manufacturing. Also sabotage in that context would have heavy punishment, and at worst could cause collateral damage.

        • @prole@lemmy.blahaj.zone
          link
          fedilink
          English
          44 months ago

          I was using that as an example because it was the worst thing that came to mind. There is a whole gradient between non-profit and weapons manufacturer.

    • @heavydust@sh.itjust.works
      link
      fedilink
      English
      67
      edit-2
      4 months ago

      Same for my last job. My bosses and managers harassed and insulted me. They said I was useless and stupid.

      I quit with 3 months of “notice” (standard in France to help you find a new job). They didn’t care during those 3 months. In the last week they panicked because they could not find a replacement that did everything I fixed every day.

      I also interviewed my replacement, a junior out of school with big diplomas. When I asked if he knew Linux, he said “not really.” I thought “they are fucked with this guy.” They wanted to hire him because he was the son of some guy. I said to my boss that he would be a perfect fit for the company.

      Unknowingly I was the kill switch. I sent them one last email with all the information they needed and told them to go fuck themselves in a polite way.

  • Cinder Bloc
    link
    fedilink
    English
    604 months ago

    Every person that has worked in a sysadmin type role, has joked about doing something like this. Very few actually carry through with it. So, in a way, I kinda like this guy for actually doing it, even if he didn’t cover his tracks very well.

    • Bahnd Rollard
      link
      fedilink
      English
      384 months ago

      IT work is feast or famine.

      “IT people, your not doing anything, what the hell do we pay you for?”

      “IT people, everything is on fire, what the hell do we pay you for?”