Employee "Disciplined" For Installing Bitcoin Software On Federal Webservers

Fluffeh writes "Around a year ago, a person working for the ABC in Australia with the highest levels of access to systems got caught with his fingers on the CPU cycles. The staffer had installed Bitcoin mining software on the systems used by the Australian broadcaster. While the story made a bit of a splash at the time, it was finally announced today that the staffer hadn't been sacked, but was merely being disciplined by his manager and having his access to systems restricted. All the stories seem a little vague as to what he actually installed, however — on one side he installed the software on a public facing webserver, and the ABC itself admits, 'As this software was for a short time embedded within pages on the ABC website, visitors to these pages may have been exposed to the Bitcoin software,' and 'the Coalition (current Opposition Parties) was planning on quizzing the ABC further about the issue, including filing a request for the code that would have been downloaded to users' machines,' but on the other side there is no mention of the staffer trying to seed a Bitcoin mining botnet through the site, just that mining software had been installed."

SETI@Home

[SJHillman]

Reminds me of the guy who got fired for running SETI@Home on all the PCs where he worked. Of course, he also (allegedly) stole 18 computers and accelerated the depreciation cycle, etc...

installation directory

[vlm]

All the stories seem a little vague as to what he actually installed however — on one side he installed the software on a public facing websever, and the ABC itself admits 'As this software was for a short time embedded within pages on the ABC website, visitors to these pages may have been exposed to the Bitcoin software' and 'the Coalition (current Opposition Parties) was planning on quizzing the ABC further about the issue, including filing a request for the code that would have been downloaded to users' machines,' but on the other side there is no mention of the staffer trying to seed a Bitcoin mining botnet through the site, just that mining software had been installed.

Sounds like hopeless journalist-speak for "he had access only to /var/www not /usr/local, so ... he put it in /var/www"

My guess is whatever they use to monitor their systems watches /usr/local and /usr/bin like a hawk but trying to watch /var/www would be chaos depending on what the marketing and graphics art dept uploaded this week or whatever, so they don't watch /var/www.

This does have a minor chilling effect in that I'm not a complete moron, so before commissioning any new hardware into production at work (or home) for years (decades?) I've run memtest86+ and bonnie++ (I'm old enough that I ran the original memtest86 and the original bonnie back in the day). I've occasionally considered that running a BTC miner would be a good CPU cooling test as a third item, but stories like this do kind of discourage me at work.

My suspicion is the practical financial matter of $. Back in ye olden days when I started BTC mining a CPU miner could generate quite a few BTC per month and over the past couple years the exchange rate has stabilized at $5/BTC so that is a substantial chunk of change per month. However for all practical purposes a software BTC miner is currently pointless, just warming up the CPU. I haven't checked the difficulty rating but I know its increased a bit from the mid double digits when I started in BTC. So as a disciplinary matter they probably couldn't decide to bust him for running unauthorized sw (which given his "highest levels of access" might mean he's authorized to authorized BTC sw, making it a bit complicated) or bust him for attempting to use govt property for personal gain but not actually getting any gain, or bust him for actually earning some BTC however unlikely that seems. Doesn't Australia have the same "might is right" style of employment laws we have in the US where they can just fire him for not being a team player or spending too much time in the can?

Re:JavaScript Miner?

[K. S. Kyosuke]

There are some antispamming systems that force the client/message sender to perform some useful computation before they, e.g., accept the message to be sent, with the server verifying that the computation actually took place. A spammer would have to perform an outrageous amount of computation to have his messages sent, while an ordinary user wouldn't even notice the background process running while he's typing away. Perhaps with this idea generalized to a broader set of client/server applications, the engineer could have said that he did it to improve the security and fair use policy of the servers (and keep the bitcoins :-)).

Not firing someone with skills is bad?

[Anonymous Coward]

So the story is that they didn't fire this guy? Perhaps his manager has some common sense and realizes he has some valuable skills, and that firing him would be ultimately bad for the company.

Of course, common sense has no place in this world any more. Some higher up will probably come along now and fire the both of them to get some momentary glory before they realize they have to spend 5 times as much replacing them and miss some important deadlines because of the time consumed.