Ex-Employee Busted For Tampering With ERP System

ErichTheRed writes "Here's yet another example of why it's very important to make sure IT employees' access is terminated when they are. According to the NYTimes article, a former employee of this company allegedly accessed the ERP system after he was terminated and had a little 'fun.' 'Employees at Spellman began reporting that they were unable to process routine transactions and were receiving error messages. An applicant for his old position received an e-mail from an anonymous address, warning him, “Don’t accept any position.” And the company’s business calendar was changed by a month, throwing production and finance operations into disorder.' As an IT professional myself, I can't ever see a situation that would warrant something like this. Unfortunately for all of us, some people continue to give us a really bad reputation in the executive suite."

Not Guilty

[Anonymous Coward]

He plead not guilty, and he's yet to be convicted, but I can definitely envision a scenario whereby shutting his account off could cause catastrophic failure of many systems. This typically happens when someone does not follow best practices with service accounts and such and is not an uncommon situation.

That being said, he could have been really fucking pissed at them and decided to fuck with shit. Some management out there can be real fuckheads to their employees.

Re:how to NOT give everyone passwords?

[mordred99]

Password Management is not the same as access management. In terms of password management, yes, you can standardize all systems to authenticate and authorize from a central system (LDAP, AD, RADIUS, RSA Tokens, etc.) The issue becomes when a person leaves, turn it off and all their access goes away. The issue is for proprietary systems that use things like digital certs, or that do not play well with centralized auth systems (ie. lazy programming in my book for enterprise apps).

As for the other piece, access management, this has to do with the knowledge (and proof) that a person was given access to (and what level of permissions) as well as who approved, and who implemented the account creation/deletion. There are systems which costs millions of dollars to manage access and the subsequent audit requirements around it.

Resignation == Termination?

[l0ungeb0y]

I actually bothered to read the article, and the ex-employee in question RESIGNED by giving two weeks notice after being repeatedly passed over for promotion.
Maybe in this day in age, we are now suposed to refer to anyone leaving a company as being terminated, but I for one think there is a profound difference between terminating an employee vs their departure on their own accord.

With that said -- seeing that this guy was butt-hurt enough to leave and commit these acts against his employer shows that he wasn't working with a full-deck.
So I don't think the employer "had it coming" or provoked it -- since they seemed happy enough to employ him, but just didn't see him fit for a higher level position.

Why can't the submiter RTFA before posting?

[Leafheart]

So, here is how TFS starts

Here's yet another example of why it's very important to make sure IT employees' access is terminated when they are. (...)allegedly accessed the ERP system after he was terminated and had a little 'fun.

You go, RTFA and this is how it starts..

But after Mr. Meneses was passed over for promotions, he was upset enough to announce his resignation, giving two weeks’ notice. Before his final day in January 2012, colleagues caught him copying files from his computer to a flash drive, the authorities said. They cut off his access to company servers.

So, first of all, he was not terminated, he was mad and left the company. He was still on his two weeks' notice, so, in theory, had legetimate reasons to access the servers. When the company saw an srange behavior, they cut his access. So, looks like a case of a pissed up asshole who decided to go out with a bang and got busted for it.

Re:ERP

[hammeraxe]

Enterprise Resource Planning - software that's supposed to be the backbone of a company that handles all business processes, invoices, payroll, inventory, operation scheduling, finance etc, but is usually just a pain in the ass that employees have to endure.

http://en.wikipedia.org/wiki/Enterprise_resource_planning [wikipedia.org]

Re:ERP

[Ammin]

Uh, no. It's not illegal to say anything negative. There's this thing called the First Amendment. It does, however, open you up to civil lawsuits for slander and 98% of employers have decided they just don't want to take the risk of an expensive lawsuit.

Re: I always suspect....

[Anonymous Coward]

yea .... failing to secure a vehicle has nothing to do with locking it. It has to do with making sure it will not move on its own.
  A person commits the offense of failure to secure a motor vehicle if the person is driving or is in charge of a motor vehicle and:

(a) The person permits the vehicle to stand unattended on a highway without first doing all of the following:
        (A) Stopping the engine.
        (B) Turning the front wheels to the curb or side of the highway when standing upon any grade.
        (C) Locking the ignition.
        (D) Removing the key from the ignition.
        (E) Effectively setting the brake on the vehicle; or

(b) The person is the owner of an unattended motor vehicle parked on a highway in violation of paragraph (a) of this subsection.

If a policeman says it for not locking your doors they are trying to scare you.

and for the record I did get a ticket when I was younger for this b/c I forgot to so one of these things and the car ended up in another vehicle.