Fired Techie Created Virtual Chaos At Pharma Co. 339
itwbennett writes "Using a secret vSphere console, Jason Cornish, formerly an IT staffer at the U.S. subsidiary of drug-maker Shionogi, wiped out most of the company's computer infrastructure earlier this year. Cornish, 37, pleaded guilty Tuesday to computer intrusion charges in connection with the attack."
I hope they throw the book at him (Score:5, Interesting)
He could have potentially wiped out some on going expensive research while he was at it and potentially cost lives not to mention jobs at a company that obviously wasn't in the best financial health to start with. This selt centered little prick doesn't deserve any leniency.
Re:He is looking at 10 years in prison. (Score:5, Interesting)
What you really should care about when it comes to IT department is to keep them happy. The cost compared to what can happen when an employee is disgruntled is minor.
And even if you remove/change all passwords - are you sure that there isn't a backdoor somewhere? Especially in a system like Active Directory where login accounts can be "hidden" anywhere in the tree. Also - some accounts can't change password easily since there are services that may depend on them - or that the password also is the encryption key. It's just a ticking time bomb in some cases.
Some of you may claim "You are doing it wrong" when you depend on "unchangeable" passwords - but in some cases there are interdependencies that causes that kind of problem. And the problems can be all the way from a background task that locks the system account because it uses the old password to encryption key based on the password for the backup solution. In some cases it's caused by the third-party software that you use.
Re:Protect systems from rogue admins too? (Score:5, Interesting)
Here is one small step that was taken by a high end hosting provider
All the systems had locked root passwords; nobody knew the actual root passwords; and they were different for each system.
All root is done via sudo except for the system console, which is in the locked server room
To gain sudo access, this is what happens
First you go onto a secure database that is tied in with the trouble ticket system. You log in using a token. You request root access to server x. The system checks to see that you are supposed to be able to have root for server x and it checks to see that you are working on a currently open trouble ticket for an application on server x.
If the secure database is happy, it sends a message to another secure server (in a different machine room). That system, which has yet another secure database, pulls an ssh private key from the database, installs it as a ssh private key in order to do an ssh shell session with the server you want to get on. That session runs a script that changes the /etc/sudoers to add your name. Along with that, it sets off a cron job that forces the /etc/sudoers fill back to its original configuration after a set ammount of time.
You log in, do sudo, and do your stuff. All logging is done to what I call a toilet paper machine (paper log) in yet another secure room. You are through and log off. You close the ticket. The entire process as described above is done but to restore the /etc/sudoers file back to the way it was. Even if you 'forget' to close the ticket, the timer cron noted above will still revoke your access to sudo and send an email to security.
The secure database servers noted above, each located in its own secure location, require two people authentication to access root. For those machines, the root password is split in half. One half is known by each of two key people. They both need to log in at the same time.
This is about the most paranoid root access that I am aware of.
Re:He is looking at 10 years in prison. (Score:3, Interesting)
Right, and the engineers who design your actual products ... which are the reasons the IT guys exist aren't as dangerous?
The accountants who can drain and send your entire financial portfolio to random places around the world aren't dangerous?
No, IT guys aren't special, you just think you are and you're too ignorant to realize you really can't do anything more than be fucking obnoxious. You can't do anything that someone else in the company can't do better as far as hurting the company.
It is certainly in your best interests not to try to fuck over the company on your way out the door, unless you like spending time in jail.
IT people are the most self absorbed, arrogant spoiled brats I've ever seen, and there isn't a single reason for it. Just a bunch of people who think they're smarter than everyone around them because their lack of a social life let them learn a little more about Windows than others.
Your statement on slashdot makes me realize that I probably should be okay with employers lookup up peoples online activity just so they can avoid hiring people like you and save themselves the potential of dealing with someone so disconnected from reality that they clearly don't realize what a job is.
Re:How he got caught. (Score:2, Interesting)
Sending this dork to ten years in prison is the same as a death sentence.
And I care not one bit.
800K in damages? Fuck him, he knew what he was doing. Maybe next time whiney little bitches who think they are bad ass in the IT department will think twice before being such douche bags.
"If they keep you in here for ten years, they should never let you out."
I saw that show too, the guy was a fucking murder, he isn't exactly your best example to use there, as he shouldn't be let out either way.