Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security IT

Study Show Link Between IT Sabotage, Work Behavior 325

Posted by samzenpus
from the money-well-spent dept.
narramissic writes "According to recent research by the U.S. military and CERT, workers who sabotage corporate systems are almost always IT workers who are disgruntled, paranoid, generally show up late, argue with colleagues, and generally perform poorly."
This discussion has been archived. No new comments can be posted.

Study Show Link Between IT Sabotage, Work Behavior

Comments Filter:
  • by suso (153703) * on Wednesday February 07, 2007 @09:01PM (#17929276) Homepage Journal
    Interesting article. Unfortunately since most companies never wise up about security, its probably in the companies best interest to recognize the needs of IT workers instead of being even more paranoid about them. I used to work as a system administrator at a company where most of us where disgruntled due to the lack of progress of the company and poor leadership, then things got worse when the new owner of the company stopped trusting the admins for no good reason. This created a situation where long time employees started taking the attitude of "This company wouldn't survive for a month without me here". Amazingly, companies like this do survive the departure of their best employees.
    • by qzulla (600807) <qzilla@hotmail.com> on Wednesday February 07, 2007 @09:38PM (#17929614)
      Survive or become successful? A major difference.

      qz
    • by bladesjester (774793) <slashdot&jameshollingshead,com> on Wednesday February 07, 2007 @09:44PM (#17929664) Homepage Journal
      The following exerpt from the article is pretty telling:
      Macleod concluded: "So as far as doing the right thing, I'd suggest that you start from the basis that your IT staff are the biggest risk to your organization's security, and if anyone of them disputes this, remember that arguing with colleagues was one of the clear signs of an impending attack."

      Basically, if management accuses IT of being a huge risk, and their IT staff is actually honest and dependable, should they stand up for themselves, that's a sign that you should trust them even less??

      Give me a freaking break.
      • by tacocat (527354) <tallison1@nosPAM.twmi.rr.com> on Wednesday February 07, 2007 @09:48PM (#17929692)

        This is bunk.

        How many disgruntled Automotive Industries went on a shooting spree and NEVER gave any signs? Most. Same for the classic Postal Workers...

        And what about the guy in Office Space?

        • by suso (153703) *
          And what about the guy in Office Space?

          Oh come on, that company must have sent out about a million memos.
        • by maetenloch (181291) on Wednesday February 07, 2007 @10:46PM (#17930238)

          This is bunk. How many disgruntled Automotive Industries went on a shooting spree and NEVER gave any signs? Most. Same for the classic Postal Workers... And what about the guy in Office Space?
          Actually when they've investigated, it turns almost every disgruntled shooter DID give signs beforehand. It was just that most co-workers, manager, and neighbors ignored the signs or were clueless that they were significant. People almost never just 'snap' and become violent - usually there's a predictable series of escalating steps that they go through before that point. There's an excellent book, "The Gift of Fear" by Gavin De Becker, that goes into how to predict who will become violent at work. One of his main points is that when we find someone 'creepy', it's actually an early warning system that they're likely to be a danger. However due to social conditioning, people usually ignore their gut feelings which is a mistake. He also helped develop the model that the Secret Service uses to decide whether people who have made threats are probably harmless or likely to eventually commit violence.
          • It's just statistics (Score:3, Interesting)

            by msobkow (48369)

            ... almost always IT workers who are disgruntled, paranoid, generally show up late, argue with colleagues, and generally perform poorly.

            Here I thought that:

            • Disgrunted meant you weren't happy with unstable systems that require hand-holding.
            • Paranoia meant that you give a damn about system security, intrusion detection, logging to enable counter-intrusion measures, etc.
            • Showing up late meant you were handling the pager calls.
            • Arguing with colleagues meant you care about your job and system quality.

            So m

          • Re: (Score:3, Insightful)

            by benzapp (464105)
            One of his main points is that when we find someone 'creepy', it's actually an early warning system that they're likely to be a danger. However due to social conditioning, people usually ignore their gut feelings which is a mistake. He also helped develop the model that the Secret Service uses to decide whether people who have made threats are probably harmless or likely to eventually commit violence.

            It's deeper than that. This is fundamentally due to the religion of absolute egalitarianism.

            Think about it,
            • Re: (Score:3, Insightful)

              by xappax (876447)
              Yet, 25% of black males between the ages of 18 and 35 are convicted felons....there is a strong chance he really IS a criminal.

              I can't back this up with a study (you didn't back your stat up, so it's fair game), but it seems obvious that people who post to Slashdot are several TIMES more likely to be involved in computer crime than the average American (they have a high degree of technical knowledge, and often an outsider social perspective). So I agree. Let's do away with all of this "innocent until p
        • Re: (Score:3, Insightful)

          by db32 (862117)
          Uhm...most people do give warning signs, the fact that they are ignored doesn't mean they weren't there. Of coarse everyone interviewed says "Well he seemed nice and stable, we had no idea" That is likely because they didn't talk to that person more than the bare minimum required to get the job done. As aweful of a concept as it seems to be these days, its called getting involved with your people. It IS the supervisors responsibility to know more about his subordinates than just job performance, its cal
        • Re: (Score:3, Insightful)

          by Shaper_pmp (825142)
          And what about cause and effect?

          If you've got the kind of work environment that disgruntles and demotivates your employees, it's vastly more likely that one of them will be pissed off enough to steal from the company.

          I'd never do something as unprofessional as sabotage, but I've worked for companies before that made me "disgruntled" and "paranoid". Praise invariably passing up the chain and blame dripping downwards will do that to an organisation. Given this it's hardly surprising that demotivated people
      • by MillionthMonkey (240664) on Wednesday February 07, 2007 @09:57PM (#17929752)
        You should assume witches are the biggest risk to your organizational security.

        If any of the witches in your organization denies being a witch, remember that arguing with colleagues about it is one of the clear signs of impending witchcraft.
        • I'm Taoist. Does that count? =]

          Don't start in on blade weilding maniacs either. I've trained martially since I was a kid :P

          Thankfully I seem to be a relatively well adjusted individual.
        • by Critical Facilities (850111) on Wednesday February 07, 2007 @10:06PM (#17929822) Homepage
          BEDEVERE:
          Quiet! Quiet! Quiet! Quiet! There are ways of telling whether she is a witch.

          VILLAGER #1:
          Are there?
          VILLAGER #2:
          Ah?
          VILLAGER #1:
          What are they?
          CROWD:
          Tell us! Tell us!...
          BEDEVERE:
          Tell me. What do you do with witches?
          VILLAGER #2:
          Burn!
          VILLAGER #1:
          Burn!
          CROWD:
          Burn! Burn them up! Burn!...
          BEDEVERE:
          And what do you burn apart from witches?
          VILLAGER #1:
          More witches!
  • I think that this 'study' needs to be included on this list [popsci.com].
  • obligatory (Score:5, Funny)

    by User 956 (568564) on Wednesday February 07, 2007 @09:02PM (#17929288) Homepage
    workers who sabotage corporate systems are almost always IT workers who are disgruntled, paranoid, generally show up late, argue with colleagues, and generally perform poorly.

    Maybe they just want their red stapler back.
  • by aborchers (471342) on Wednesday February 07, 2007 @09:02PM (#17929290) Homepage Journal
    So fired...
  • Access (Score:4, Interesting)

    by Prysorra (1040518) on Wednesday February 07, 2007 @09:02PM (#17929292)
    *Cough* IT people are also likely to know *how* to properly sabotage computers for the maximum effect....
    • Re:Access (Score:5, Insightful)

      by mabhatter654 (561290) on Wednesday February 07, 2007 @09:11PM (#17929378)
      as opposed to the armies of users that "sabotage" the desktops and network resources on a daily basis?

      sure... the IT guys are the problem.

      • Re:Access (Score:5, Interesting)

        by Lehk228 (705449) on Wednesday February 07, 2007 @10:39PM (#17930158) Journal
        the users fuck up one computer, or maybe even introduce a virus to their office, a malicious IT worker could be quietly poisoning backup tapes for months, or better yet, configure the backup and restore system to use encryption reading the key off a USB key plugged into the back of the machine, when he quits he takes the usb key, or wipes it, and all that data becomes a pile of useless bits
      • as opposed to the armies of users that "sabotage" the desktops and network resources on a daily basis? sure... the IT guys are the problem.

        Only when the IT guys chose software that's easy to "sabotage." Are 25% of your desktops part of a bot net? Do you blame your users for that?

    • I got pissed off with what someone said so I deleted that blue 'e' on my computer. Now the whole internet has been destroyed.
  • There has been certain studies linking the existence of certain celestrial bodies to the general lux levels observed on the planet during what people would refer to as 'day'.
  • Bias? (Score:2, Funny)

    Let's see... the study shows that people who are fired generally are considered by their employers to have performed poorly...

    This is groundbreaking!
    • by Ungrounded Lightning (62228) on Wednesday February 07, 2007 @10:31PM (#17930082) Journal
      Let's see... the study shows that people who are fired generally are considered by their employers to have performed poorly...

      This is groundbreaking!


      And while we're at it: How many employees who do NOT sabotage corporate systems "are disgruntled", "are paranoid", "generally show up late", and/or "argue with colleagues"?

      Last time I looked:

        - A large fraction of the best IT people often work late, for any or all of several reasons: They prefer it, they need to work when load is light to minimize impact on business processes, fixing what the users broke during the day skews the time of their peak workload to later than that of the mainstream users, etc.

      They often work more than a normal workday - but they'd have to work two shifts every day and only take time out for sleep, in order to come in bright and early to impress the suits who read this "study". But any sane IT professional will take advantage of flex time and come in late instead.

      Programmers and other IT professionals coming in late has been a stereotype since computers used vacuum tubes. (I know because I was there and was one of many who created it. B-) )

        - "Argue with colleagues"? Maybe yes-maning works in the executive suite. But when a crew of experts is chasing down a problem there will be a slew of hypotheses tried and discarded, with different workers coming up with different hypotheses and evidence to falsify them. To an outsider this looks like an argument, when it's actually progress. Experts will also often have differing opinions and will discuss them - ditto.

      (I recall one company where upper-level executives quietly added themselves to an engineering internal mailing list. There we discussed the latest problems - often heatedly - until they were solved. When one was solved the traffic on THAT problem stopped cold and another would take its place. To the suits it looked like a disaster, when in fact the project was on time, within budget, exceeding targets, and still looked like it would have been a quantum leap when delivered - if the company hadn't suddenly shut it down...)

      - "disgruntled"? With the continuing budget shortfalls, IT resource expansion always lagging company growth, lusers opening virus email, ... I have yet to meet a "gruntled" IT professional.

      - "paranoid"? (I presume we're talking the folk etymology, not clinical paranoia.) IT, like other forms of engineering, is an exercise in staying at least one step ahead of Murphy's Law. If an IT professional isn't "paranoid" he's not doing his job.

      Watch the suits who saw this start canning their best IT people - zero-notice style. (That's where the employee arrives at work to find his cardkey doesn't work his passwords are rescinded, and he is escorted to HR where he is handed two weeks pay in lieu of notice, a box containing anything from his desk that the company didn't think was theirs, and a threatening document in lawyerese, and then kicked out of the building.)

      And of course the fired employees will be blamed when the network starts to go to hell when the remaining people can't apply duct tape and chewing gum fast enough or the next rash of malware gets past the firewall.

      = = = =

      This reminds me of the "profiles" of school-age mass-murderers: They're always described as loners and introverts who don't get along with others in their school. In other words, just like all the nerds who get pounded on by the jocks and snubbed by the cheerleaders and queen-bees and react by withdrawing from contact with the "beautiful people" cliques. And every time one of these "studies" come out the administrators (generally former "beautiful people" themselves) dump on the nerds and side with the jocks that much more...
      • Watch the suits who saw this start canning their best IT people - zero-notice style. (That's where the employee arrives at work to find his cardkey doesn't work his passwords are rescinded, and he is escorted to HR where he is handed two weeks pay in lieu of notice, a box containing anything from his desk that the company didn't think was theirs, and a threatening document in lawyerese, and then kicked out of the building.)

        Interesting. This happened to me on monday. Being the lead security analyst for th

      • Funny, but I had to scroll up to see if I was reading Jon Katz. Lucky for me, I wasn't; but you may have a /. editor roll to add to your resume soon.
  • by All_One_Mind (945389) on Wednesday February 07, 2007 @09:06PM (#17929338) Homepage Journal
    Wow. That's odd. I would've figured IT workers who sabotage corporate systems would be the workers who are happy, secure, generally show up on time, work well with colleagues, and generally perform superbly. Goes to show you that logic doesn't always pay off. (I'm ready for the Troll/Flamebait mod guys :)
    • by Panaflex (13191) * <convivialdingo AT yahoo DOT com> on Wednesday February 07, 2007 @09:33PM (#17929562)
      Well, I think those are just symptoms of some nasty disease. If you've got people like that onboard - it's important to find out the causes and do what can be done to improve their workday.

      I had a boss at (insert large corporation) who disrespected me, never allowed me to be challenged, set me up on a doomed project on my second week of work with people who didn't understand the business - and generally pissed me off. I was cussed out by the CIO and his Italian mobster friend who claimed to be a business manager.

      After the second month I would have fit into most of those categories - simply because of the experience I'd had. I decided that my boss didn't deserve anything other than what was in my job description. I proceeded to immerse myself in the codebase, business, and financials. After a couple of months I was answering questions in meetings which the original developers didn't even know.

      There on out, I involved myself in other projects, got involved in design and generally worked my way past my boss - though he was still my boss until he was layed off.

      In the end, I was one of the architects. All the people who made my life miserable were fired, left, or otherwise shown the door. They caused millions of dollars in losses - and I made the company millions.

      Moral of the story: Sometimes it's management.
      • by TubeSteak (669689)
        Your story somewhat reminds me of a businessweek article (from a month or three ago) about revenge in the workplace & how it drove some very high level achievers to retaliate by succeeding.

        Those people (you) aren't the kind of person that TFA is describing.

        The point of TFA is that there is a certain subset of people whose psychology will push them to become aggressively hostile to their employer in response to the types of pressure that you faced.
        • by khallow (566160)
          You're making the unwarranted assumption that you can tell the difference between the two categories.
      • by Anonymous Coward on Wednesday February 07, 2007 @10:27PM (#17930060)
        As a sysadmin/webmaster at a small company I was involved in the infrastructure and in daily stuff that made money, like doing websites for the company's customers.

        At one point I was drawn into an "argument" with colleagues over two things:

        1) they needed a new box to run the firewall on. Owners wanted to postpone indefinitely. Sysadmin pressed his point. CEO suspected sabotage or other agenda... in spite of having had a prior avoidable firewall failure take down the network. He decided the sysadmin was crying wolf, or worse.

        2): graphic designers and marketing people had proposed, priced and designed a website concept without consulting the guy who was going to code it. There were problems in the executability of the design and an underbid situation.

        A technical problem that could be solved with a technical approach, if there were trust. Once again, sysadmin/webmaster "argued" for another approach on technical grounds. Answer: defenses, emotionalism, circle the wagons.

        Net result of both contentions: emotionalism, accusations; sysadmin forced to resign.

        The firewall did have a hardware failure after about six months; the website proposal flopped and the company lost their major client's web work. Satisfaction for the sysadmin? H**l no. There are no winners in something like this. You need to work with people you can trust and who trust you. This untrusted crap is destroying the very idea of "a good job" and consuming businesses and relationships from within.

        You have to be able to air the relative merits of various technical approaches in a respectful, professional way so that what's rational and feasible emerges.

        If this is "arguing with colleagues", resulting in an immediate security red-flag and dismissal... how can you have peer review or objective discussions? Worse still, it means we've descended into a totalitarian workplace.
        • by Panaflex (13191) *
          Yup, I've been there. I've been in the IT/Software business for a long time. I demand professionalism - and it's not because I want to be a cocky developer, because I'm not. I put it on my resume because I want to set the expectation that I go to work to do just that - work.

          I want to get the job done right, and that's it.

          The workplace is, limitedly, a totalitarian place - and the only way to rise above it is to not play the human games all the time and stick to the job you were hired to do. Most importa
      • Had there been a failure, the only competent person (aka Mr. Moody) would have been blamed.

    • Yeah, but on the other hand, I match this profile, but have no interest in sabotaging the company. I already get to come in late, bitch at my co-workers, and perform poorly, and get paid well for the privilege. Why would I want to ruin a good thing by committing crimes?
    • I just show up late (but I stay late too). Ok, that and the gun I keep in my desk.
  • by varmint jerky (810306) on Wednesday February 07, 2007 @09:07PM (#17929344)
    but I also happen to be far too lazy to do any of that shit.
    • by fyoder (857358)

      but I also happen to be far too lazy to do any of that shit.

      At least one person modded you insightful. To do true evil you have to be really driven. It might even involve extra hours. I'm feeling tired just thinking about it.

  • Angry workers more likely to sabotage systems...

    News at elev...whenever I feel like it, get off my back!
  • by ewg (158266) * on Wednesday February 07, 2007 @09:16PM (#17929418)
    I think the point of this study is that management doesn't have to be paranoid about normal IT people abusing the trust the organization has placed in them. The people truly likely to cause harm will broadcast that fact clearly in advance through egregious behavior.
    • The thing is that, in a lot of cases, it's a self-fulfilling prophesy.

      Management is paranoid that the IT people are going to sabatoge them, so they turn the screws on IT. The people in IT become demoralized, shart showing up late, are disgruntled, more likely to snap at management, etc. Eventually one of them may snap and sabatoge the place on their way out.

      The real problem, in a lot of cases, starts out with paranoia and territorial pissing matches to see who controls the budget for what and who can make
    • There are no normal IT people. We are all "special", and DON"T YOU FORGET THAT !! ;) Management doesn't really trust IT a lot because they don't understand what IT does, and that's partly our fault for not explaining our job to them in terms they can grasp.

      Anyone who broadcasts they are going to cause harm is quite stupid because when harm occurs they get the blame, even if they didn't do it. Perfect cover for the guy who really did the dirty deed.
    • Cool! A valid conclusion!

      Unfortunately, I have a hunch that managers fall broadly into two categories:
      - Those that have both the critical thinking skills to draw that conclusion and the management skills to keep their employees happy so that they don't need it;
      - Those that, like "Calum Macleod of Cyber-Ark", draw a conclusion with the cause and effect the wrong way around, _and_ bring it to their employees in the form of an ultimatum! ;)

      ' Macleod concluded: "So as far as doing the right thing, I'd suggest t
  • half sight (Score:5, Funny)

    by glas_gow (961896) on Wednesday February 07, 2007 @09:16PM (#17929426)
    If they'd turned up on time, were cordial with their colleagues and performed better, they'd never have been caught.
  • by LibertineR (591918) on Wednesday February 07, 2007 @09:22PM (#17929476)
    "almost always IT workers who are disgruntled, paranoid, generally show up late, argue with colleagues, and generally perform poorly."

    Disgrutled = Forced to install Notes
    Paranoid = Forced to sit next to Notes Server all day waiting for the memory leak to take over
    Late = Due to sleep deprevation from having to go in at 2am to reboot the Notes Server
    Argumentative = Caught whispering "Exchange, bitches." under his breath
    Poor Performer = Changed Cert ID password to "Fuck Notes"

    Whats not to understand?

    • by eebly (7752) on Wednesday February 07, 2007 @09:32PM (#17929542)
      Disgruntled = Forced to install Exchange.
      Paranoid = Forced to recheck Exchange database
      Late = Had to stay up all night while Exchange tested databases
      Argumentative = Caught whispering 'Postfix, bitches'
      Poor Performer = Changed Exchange password to 'kill me now'

      What's not to understand?

      (I've never worked with Notes, so it could be as bad as you say, but I've worked with Exchange 2K and 2K3, and yup, it's painful).
    • Re: (Score:2, Funny)

      by davecarlotub (835831) *
      Executive VP: My Lotus Notes is slow
      Me: You have a 16 gigabyte mail file with 20,000 unread messages in your inbox and 100+ folders
      Executive VP: What's a gigabyte?

      All day, everyday
      • Re: (Score:2, Informative)

        by maxume (22995)
        Do you stick to stating specific technical details, or do you sometimes point out that it is running as fast as it is going to run on the systems you have with that volume of information? Sometimes the obvious...isn't; if he isn't making the connection and you aren't providing it...
    • Re: (Score:2, Funny)

      Disgruntled = Forced to use Exchange
      Paranoid = Afraid Someone will find out about said exchange
      Late = Lack of sleep due to World Of Warcraft / Late night programming session
      Argumentative = "We don't need a new gazillion dollar server"
      Poor Performer = Did 30 jobs in a week and missed the KPI level by 1 as each job was bigger than the beancounters.

      I would have thought these were the traits of a GOOD sysadmin...
    • /. needs an exception to the mod points to make this + eleventy billion.

      +5 Funny? methinks +5 Informative
  • by Todd Knarr (15451) on Wednesday February 07, 2007 @09:29PM (#17929520) Homepage

    The flip side is that the fastest way for management to make a worker into someone who's disgruntled, paranoid, shows up late, argues all the time and performs poorly is to treat them like a potential problem. You're giving people privileged access, either you trust them and thus don't need to worry until after they start showing obvious signs, or you don't trust them in which case why are you giving them privileged access in the first place?

    To be honest, I think if you have to worry about abuse of privileged access after termination then you have a more fundamental problem that no access-management system will solve. After all, if you can't trust someone to behave professionally after you've given them their 2-weeks' notice then what makes you think you can trust them to behave professionally before that?

  • Yeah but... (Score:3, Interesting)

    by Lumpy (12016) on Wednesday February 07, 2007 @09:32PM (#17929546) Homepage
    The openly disgruntled will cause trouble when they leave.

    the quiet meek ones will come in with automatic weapons and start "cutting expenses" when they leave.

    I fear the quiet meek ones. They frighten me.
  • Thinly veiled ad (Score:5, Insightful)

    by Knytefall (7348) on Wednesday February 07, 2007 @09:38PM (#17929610)
    The last few paragraphs of the article are more-or-less unedited PR hype from a vendor:

    "According to security management vendor Calum Macleod of Cyber-Ark..Macleod's solution is password management....'If privileged password management is not on your shopping list in 2007 it may already be too late.'"

    This is preceded with a 'people who say you shouldn't buy my product may already be criminals':

    "'if anyone of them disputes this, remember that arguing with colleagues was one of the clear signs of an impending attack.'"

    I can't believe this ran! This reporter was shockingly lazy.
    • by feepness (543479)
      I can't believe this ran! This reporter was shockingly lazy.

      That's it! We've found one! Turn in your keycard and know that we are changing all passwords!
  • by djupedal (584558) on Wednesday February 07, 2007 @09:39PM (#17929618)
    I believe we've all seen this recent memo from HR, to all IT department staff: 'Floggings will continue until morale improves!'

    But seriously, you could swap IT for any discipline and come up with the same bullet-point: "Study Shows Link Between Grounds Keeping Sabotage, Work Behavior" - so what's the point? Just because I hold your entire work history in my shaky, sweaty hands doesn't mean I will automatically go postal and cause trouble for you and your unborn grandchildren. A cafeteria worker can spit in the soup. A parking security wanker can key your new Astro. A disgruntled department head can arbitrarily black mark a borderline performance appraisal.

    Screw this generalized dust-kickup of a 'study' and go talk to anyone you think just needs someone to listen. If they tell you they "can't talk...busy...voices said time to clean my guns", then you might want to restrict their security access for a while. Otherwise, treat them like humans and stop watching for signs the sky is getting ready to fall.
  • From TFA...

    "Macleod concluded: "So as far as doing the right thing, I'd suggest that you start from the basis that your IT staff are the biggest risk to your organization's security, and if anyone of them disputes this, remember that arguing with colleagues was one of the clear signs of an impending attack."

    Wow.

    It seems a defensive reaction to being indirectly labeled a crook by your boss would be natural, even for honest employees. How about skipping the threatening rhetoric, and just implementing an automated password management policy. If your IT folks are worth their salt, they'll "get it" without having to be called criminals. If you skip the indirect threats, and they argue against an automated password management policy alone, then maybe you should worry.

  • Oh really? (Score:5, Funny)

    by EXMSFT (935404) on Wednesday February 07, 2007 @09:41PM (#17929640)
    And I said, I don't care if they lay me off either, because I told, I told Bill that if they move my desk one more time, then, then I'm, I'm quitting, I'm going to quit. And, and I told Don too, because they've moved my desk four times already this year, and I used to be over by the window, and I could see the squirrels, and they were married, but then, they switched from the Swingline to the Boston stapler, but I kept my Swingline stapler because it didn't bind up as much, and I kept the staples for the Swingline stapler and it's not okay because if they take my stapler then I'll set the building on fire...
    • by karnal (22275)
      and I could see the squirrels, and they were married,

      Either you cut-and-pasted, or you have a really weird sense of squirrel "happiness."
  • useless (Score:5, Insightful)

    by oohshiny (998054) on Wednesday February 07, 2007 @09:51PM (#17929714)
    According to the research, 86 percent of those who committed cybercrimes held ...

    That's nearly useless information. By analogy, nearly 100% of rapists are male, yet very few males are actually rapists.
  • poorly performing people get stuck in unsatisfying and frustrating jobs, while the strong performers find satisfying and fufilling ones.
  • by bzipitidoo (647217) <bzipitidoo@yahoo.com> on Wednesday February 07, 2007 @10:01PM (#17929782) Journal

    What about workers who are routinely abused? Workers who are pushed to make themselves desperate (financially desperate, usually) to keep the job so they can be treated like slaves, and who are then forced to work long hours for no extra pay because they're salaried, constantly threatened with termination, blamed for problems but denied power to deal with them, and so on, did the study account for that? Doesn't look like the study did. Study talks about "work behavior" but not "work treatment", as if companies have no effect on whether a worker would want to sabotage something.

    Ignoring signs-- signs such as a person coming in late who had always come in on time in the past-- is a sure invitation to trouble. People who feel they can't communicate one way will communicate another way. Maybe before concluding that someone who is causing "trouble" better be escorted off the premises in handcuffs before they can do real damage, management ought to try a few other things first. Like, listen in such a way that workers feel they can speak openly. And removing the temptation. If a nuclear missile could be launched with the push of one button, it probably would've happened. Good thing the missiles require several keys, codes, and such like.

    This study strikes me as narrow.

  • Smart enough? (Score:5, Insightful)

    by alshithead (981606) * on Wednesday February 07, 2007 @10:03PM (#17929802)
    Those who are capable of wrecking systems thoroughly are usually also smart enough not to show signs that they are willing to do so... The ones who grumble and complain need to be shown the door before they wreak havoc or, pacify them. It's the non-complainers you need to make sure are really happy because if they're not...you could be screwed.
  • Of course the IT guys are going to be the ones breaking the IT systems. It's axiomatic.
  • Typically your moles are the best intelligence agents you have. That's why it's hard to find them.

  • "almost always IT workers who are disgruntled, paranoid, generally show up late, argue with colleagues, and generally perform poorly."

    Disgruntled = Management listens to outside consultants and does random IT stuff instead of listening to our advice? Check.
    Paranoid = Teaching outside consultants every detail about my job. Check.
    Late = Stay up late playing computer games. Check.
    Argumentative = Learned about this one years ago. No Check. WHEW!
    Poor Performer = Sarbanes Oxley procedures in place lowering p
  • by JakiChan (141719) on Wednesday February 07, 2007 @11:15PM (#17930458)

    So as far as doing the right thing, I'd suggest that you start from the basis that your IT staff are the biggest risk to your organization's security, and if anyone of them disputes this, remember that arguing with colleagues was one of the clear signs of an impending attack.
    Gotta love the logic here. Even if I *was* shopping for password management tools I wouldn't buy one from that guy just based on that statement.
  • "...are almost always IT workers who are disgruntled, paranoid, generally show up late, argue with colleagues, and generally perform poorly."

    Sounds like most of my prior bosses.

  • Theory "X" Lives... (Score:4, Informative)

    by wtansill (576643) on Wednesday February 07, 2007 @11:43PM (#17930658)
    As long as you treat your staff as the enemy, they will be... http://www.accel-team.com/human_relations/hrels_03 _mcgregor.html [accel-team.com]
  • by krunk7 (748055) on Wednesday February 07, 2007 @11:49PM (#17930692)
    I would be willing to bet the following are also true:
    1. Auto mechanics are the most likely to swindle you out of money for unnecessary auto repairs
    2. Cashiers are the most likely to steal from cash registers
    3. Doctors are, by a vast majority, the most likely culprits of malpractice
    4. And, of course, killers are almost assuredly responsible for most murders
  • How To Spot Cybercriminals, From the DOH School of BadThings Prevention

    FTFA: "almost always IT workers who exhibit specific negative office behavior"

    FDSBtP: "because ordinary criminals never exhibit other negative behavior"

    FTFA: "disgruntled, paranoid, generally show up late, argue with colleagues, and generally perform poorly"

    FDSBtP: "because ordinary criminals are model citizens who just, one day, snapped"

    FTFA: "86 percent ... held technical positions and 90 percent had system administrator or privil

  • Research discovers that asshole managers lead to pissed off employees who end up not doing their jobs as well, or with as much loyalty as those who have managers who actually treat their employees with respect.

    Cure - kill the asshole managers. (Remember, the study was sponsored by the Military - that is their typical response to a problem isn't it?)
  • Well... (Score:3, Funny)

    by catdevnull (531283) on Thursday February 08, 2007 @12:20AM (#17930892)
    At the risk of being obvious or redundant--

    Aren't the IT people the only ones who smart enough to sabotage IT systems?

    I mean, those smug assholes up on the 42nd floor don't give a shit about how hard we work just to help them print their e-mail. We'll see how smug they are when....

    oh...wait...

    [BOFH]
  • by snero3 (610114) on Thursday February 08, 2007 @07:48AM (#17932854) Homepage

    I know that a lot of you out there will be thinking, "hell ya, it is managements fault we are treating like this so lets get back at them but destroying their systems."

    Believe me guys that is not the case, the only people you hurt are your co-workers. I joined a company where a lot of the Admin stuff were fired. Some of them left nice little surprises that went off a couple of days later. Guess who was there until 3am in the morning putting everything back together? I can tell you it wasn't the managers. I can also tell you that those guys that got fired lost many good friends the day they did that and a lot of hard earned respect. Most of them are still looking for jobs a year later as NO ONE from their previous job (which many had held for 6+ years) will give them a good reference anymore because of their actions.

    So my point is that if you are pissed off at management then complain or leave. Don't destroy things as it only hurts your co-workers not management.

  • On the flip side... (Score:3, Informative)

    by Phleg (523632) <stephen@NOSPAm.touset.org> on Thursday February 08, 2007 @12:24PM (#17935886)
    They're also the most productive! http://seattlepi.nwsource.com/business/302397_grum pyworkers05.html [nwsource.com]

To restore a sense of reality, I think Walt Disney should have a Hardluckland. -- Jack Paar

Working...