This is a most excellent place for technology news and articles.
Dude should have just added comments indicating that the code was part of some security test but was unfinished and extremely dangerous.
Change a few file names, add a comment how it will never run under normal circumstances, and you've got plausible deniability.
Honestly, if I had done something like this and they twigged to it, I’d consider just fucking off and joining the French foreign legion.
I actually think I want to give this guy a pat on the back
Every person that has worked in a sysadmin type role, has joked about doing something like this. Very few actually carry through with it. So, in a way, I kinda like this guy for actually doing it, even if he didn’t cover his tracks very well.
So he was pissed because they gave him less work to do???
I'm trying to understand it
IT work is feast or famine.
"IT people, your not doing anything, what the hell do we pay you for?"
"IT people, everything is on fire, what the hell do we pay you for?"
How is that feast or famine
I think they mean in terms of workload, not like pay or something. Either you have a lot of work, or very little work. But when you're needed, you're needed urgently.
i goes it is ON not OR
your honor, I would move to dismiss on grounds that my clients actions were based as fuck.
I'd argue that he gave them extra code, a bonus if you will.
I’m disappointed they found so much in his search history. Do these people not have phones? In this day and age with everyone carrying a smartphone, there’s no excuse for using work computers for personal activities
The smart criminals never get caught...
That's why you only hear about the dumb ones
Did it say they went through his work search history? Everything you search on Google with your IP or through your account is recorded, in case law enforcement knocks. Don’t think using a phone protects you. Use a trusted VPN in a separate browser if you want to search for things and not have them show up in court.
I think that what happens on a work computer, a work network, belongs to the company and they are free to check it at will.
However my phone, and what happens on the network it’s attached to are between me and my provider, and usually needs a warrant for someone to look through.
In this day and age with everyone carrying a smartphone, there’s no excuse for using work computers for personal activities
There are plenty of reasons, mostly amounting to "Nobody tends to give a fuck" and "I'm not running out to buy a second high end laptop just to casually browse the web from my couch on the weekend".
What you've got is a very poorly enforced, very draconianly executed set of deliberately vague and inarticulate rules that vary from company to company. And none of that really has anything to do with the "kill switch" thing. In the same way you might say "Well but obviously nobody should smoke weed in a state that criminalizes it! That's just stupid!" when you've got the police tearing apart a particular person's house for a completely unrelated issue, based on an officer's exclamation of "I smell weed!" at the front porch.
Just accept you live in a police state and stop buying into excuses made to surveil and punish.
I’m not running out to buy a second high end laptop just to casually browse the web
Even the cheapest laptop or tablet will cover that need
But when you’re at work, planning criminal activities, the least you can do is save your searches for “how to be a criminal mastermind” on your personal phone
don't underestimate how lazy and stupid even the smartest person can be.
I feel targeted :-)
Don't worry, we don't underestimate with you. :)
Weird that these protections exist for corporations that aren't actually people but no protections exist for the person who was fired.
Exactly my thought. A corporation destroys people's lives by firing them? Nothing. Someone actually pushes back? Suddenly the government gets involved.
We never left serfdom.
Everyone you have ever met is a servant of the ruling class.
You have never met a ruler and probably never will.
Eg pictures of dozens of police protecting tesla dealerships
yeah it's pretty crazy. almost like government is for some things and not others, and knows it, like maybe laws were always just an excuse and tool for victim blaming. or something.
Up to 10 years is crazy. Sure, what he did was wrong, planned and malicious, and they claim it cost them tens of thousands of dollars. But 10 years? This is crazy for something that at worst would be a yearly salary of a single employee.
Fucking capitalism.
Don't F with the power grid.
owned by the Ohio- and Dublin-based power management company Eaton Corp.
https://en.m.wikipedia.org/wiki/Eaton_Corporation
Sentences are always harsh for anything to do with those who provide for public utilities.
@[email protected] has a comment about sabotage, which was likely a factor combined with this to drive max recommended sentencing.
Now to make it worse, ask this, "If the corporation did 10 times this amount of damage, but to the general citizens of the country, how many people would go to jail?"
That's right 0 people would go to jail! And they would only be fined for no more than 10% of the profit they made while doing it. Maybe someone like a jr director of operations gets tossed in jail, but he wasnt really apart of the club.
Nah they would have added more fees to subsidize the protections they weren't going to put in place. Then reach out to the government for subsidies to put these protections in place. Then give bonuses, stock buy backs and when it happened again, they'd raise the fees installed previously and consider making the upgrades if the fine threatened is high enough, if not they'll pay the fine and buy back more stock and run an ad campaign to make the company look better.
"Up to 10 years" is the maximum possible for that type of crime. Actual sentencing guidelines for a $500k loss for a first time offender will probably come out to about 2, maybe 3 years.
In order for the recommended sentence to hit 10 years, we'd have to be talking about damage of over $550 million, or something like a long criminal history.
Substantial disruption of critical infrastructure would get someone to around 5 years, as a reference.
allegedly costing hundreds of thousands of dollars in losses.
Also it's sabotage, which might attract heavier penalties than mere theft?
and unlike dennis nedry, he didn't have to get killed by a dinosaur to do it.
I developed a spreadsheet for a company I worked for a few jobs ago. When I left I used a picture of Dennis to lock everyone out of the spreadsheet but only for one day, months after I left. Stupid idea, but felt good.
Edit: this was it:
I had created a few things on Google sheets that my coworkers were using. It wasn't anything groundbreaking, but one was a spreadsheet I'd made that had all of our driver's availability to assist with scheduling. The sheets were on my personal account, and we didn't end on good terms, so I just locked them all out. It was funny getting all the texts asking for access the next day. I told them to make their own.
Lol everyone probably fantasizes about such thing sometimes, but even if you weren't caught, it's not worth it to personally be bitter like that.
Just got laid off and could had done the same. Except I don't have to. Internal systems are so bad and undocumented and I was like only IT specialist there who could use linux, and so many things related to core businesses were just basically behind me.
The kill switch has made it self. Funny how I would have written more documentation if I ever was given the time.
Same for my last job. My bosses and managers harassed and insulted me. They said I was useless and stupid.
I quit with 3 months of "notice" (standard in France to help you find a new job). They didn’t care during those 3 months. In the last week they panicked because they could not find a replacement that did everything I fixed every day.
I also interviewed my replacement, a junior out of school with big diplomas. When I asked if he knew Linux, he said "not really." I thought "they are fucked with this guy." They wanted to hire him because he was the son of some guy. I said to my boss that he would be a perfect fit for the company.
Unknowingly I was the kill switch. I sent them one last email with all the information they needed and told them to go fuck themselves in a polite way.
but even if you weren't caught, it's not worth it to personally be bitter like that.
Really depends on what you do for a living... Non-profit? Sure. Weapons manufacturer? Fucking have at it.
But don't be stupid about it. Stash a date somewhere that you manually update every so often (so that it'll stop being updated if you're fired) and then add a bunch of random waits whose durations scale with the time since that date. If you're worried that the code will be found, comment it with some bullshit about avoiding race conditions.
...and now I can't use that idea, since this comment would be used in court. If I did it to a weapons manufacturer, they'd probably get the death penalty somehow.
Part of me sympathizes with the guy, but this was reckless
Talk about incentivizing us to make even more impactful kill switches!
I worked for a company once that installed a remote-activation killswitch in their drivers, as a secret weapon to force the customer to stay current on their maintenance contract.
The CEO was a fuckup however, and the code killed their system even without being activated - resulting in a bunch of angry phonecalls and some of the most egregious lying I've ever heard.
god, he was a piece of shit
Sounds like lawsuit territory
Tbh, what shocks me the most about this is how sloppy this appears to have been executed.
For the last time, I didn't leave a kill switch -- I just refused to document anything!
This kill switch, the DOJ said, appeared to have been created by Lu because it was named "IsDLEnabledinAD," which is an apparent abbreviation of "Is Davis Lu enabled in Active Directory."
Lu named these codes using the Japanese word for destruction, "Hakai," and the Chinese word for lethargy, "HunShui,"
[Lu]’s "disappointed" in the jury's verdict and plans to appeal
No, this guy is cooked, there’s even evidence of him looking up how to hide processes and quickly delete files, absolutely no way an appeal would work out for him, I don’t think an “I got hacked” argument is going to work.
