Ex-Employee Busted For Tampering With ERP System 178
ErichTheRed writes "Here's yet another example of why it's very important to make sure IT employees' access is terminated when they are. According to the NYTimes article, a former employee of this company allegedly accessed the ERP system after he was terminated and had a little 'fun.' 'Employees at Spellman began reporting that they were unable to process routine transactions and were receiving error messages. An applicant for his old position received an e-mail from an anonymous address, warning him, “Don’t accept any position.” And the company’s business calendar was changed by a month, throwing production and finance operations into disorder.' As an IT professional myself, I can't ever see a situation that would warrant something like this. Unfortunately for all of us, some people continue to give us a really bad reputation in the executive suite."
Their security processes suck (Score:4, Insightful)
Proves that security is a process, not a product.
I always suspect.... (Score:1, Insightful)
I always suspect that companies in these cases deserve what happens to them, even though the other party in the fiasco demonstrates their own lack of ethical principals.
It's like a psychological glitch, I guess.
how to NOT give everyone passwords? (Score:2, Insightful)
I have yet to work somewhere where the password management wasn't simply a nightmare.
Isn't there some utility that could be added to all systems and unify password management?
Re:ERP (Score:5, Insightful)
Derp is right... no better way to destroy any hope of a career, than to do something monumentally stupid like this.
I've left positions that have been, to put it charitably, crap. Once it involved hard feelings against an asshat that destroyed the department.
OTOH, the golden rule is to never touch the machinery. EEOC and labor laws be damned, HR critters do talk to each other; even if your stupid stunt never made the news, it will make the rounds. Rest assured this guy will have to move to the other part of the country at the very least.
Re:I always suspect.... (Score:1, Insightful)
Riiiiiight. It's the victim's fault. Clearly. They could have prevented the situation, after all...
Just like it's a hot woman's fault for getting raped... she could choose how she was going to dress, after all...
Give me a break!
Re:I always suspect.... (Score:4, Insightful)
Re:I always suspect.... (Score:4, Insightful)
He did not say it was their fault, he said they might have deserved it. Are you unable to read and parse English?
Obviously the IT worker is still a jackass and responsible for the whole thing if the summary is accurate (which it rarely is, but that's irrelevant to my point)
Give me a break with your half-assed sarcastic replies with absolutely no thought put into them.
I really don't understand people who do that (Score:4, Insightful)
Why do people ever think that it's a good idea to leave a trail of destruction behind them?
It doesn't make you clever, you're just abusing access. Any idiot screw things up.
There's a huge potential downside for you: if you get caught, you face prosecution, or at the very least, a negative recommendation.
And obviously there is no upside for you. It's not like your tantrum is going to get you that job/promotion/whatever. You want them to miss you because they used to have such great quality work products from you, and now they don't have them anymore.
Awesome work, not tantrums, is what will keep you in a happy professional career.
My take: IT will never be "professional" (Score:2, Insightful)
There are two things that really bug me about this story and stories like this:
One of the things I would really like to see before I retire is the ability of IT / systems engineering to grow up a little bit and attain the same level of recognition that professional engineers enjoy. I'm old and curmudgeon-y at 38, but one of the things I've consistently seen throughout my career is examples of stuff like this. When standards are put in place (see ITIL as an example,) they are implemented so poorly or are so rigid that they remove any critical thinking from a process. I know many support people in ITIL shops who have quit out of the sheer frustration of paperwork and being limited to pushing pre-defined buttons at pre-defined times. This kills the pipeline for new engineering talent, and we're increasingly at the mercy of high-paid vendors and vendor consultants. In my opinion, this needs to change.
The problem is, how do we do it? A basic engineering education has math, physics, mechanics, thermodynamics, etc, to fall back on. The fundamentals in these subjects change very rarely. Let's say for the moment that "IT" represents the computer systems engineering field, even though I know the term encompasses tons of technician roles. When you dig down into the fundamentals of IT, you're dealing with the interoperability of computer systems, networks, storage, and so on. The concepts are all the same, but the layers on top keep getting changed every few months as new technology comes out. In many cases, old technology gets trotted out again with new underpinnings attached -- see the rise of virtualization and the parallels to the 70's timeshare concept. Sometimes it's change for the sake of change (and a cut of the App Store pie) -- see Windows 8. The field is definitely not static, but neither is engineering. New methods and materials are tried all the time, and if one works better it displaces the old one.
One thing an engineering curriculum that leads to the possibility of PE licensure has is an ethics component. Sure, some people may consider it a joke, and think following ethical guidelines is for suckers when executives get away with things all the time. But, it's there. IT as it is now doesn't really have something like this. How many sysadmins do you know that behave like a slightly less criminal version of the BOFH [theregister.co.uk]? I've seen a lot of this behavior, and there's very little done to combat it. Because I'm an ethical idiot, I point out things like the loopholes this guy probably exploited to get his revenge. I've often walked into situations where I've been accidentally granted way too much authority. I don't know about you, but my first reaction isn't to exploit it -- I've politely explained, "Look, I know I can do xyz with my privileges, but I really shouldn't be able to. Please take this away from me." Why? Because I really like the work I do, and I want to keep doing it. The guy in this article is going to be lucky to have any sort of job, let alone work in the IT field again, even if he's found not guilty.
I know that a lot of the problems with education rest with the fact that we trust vendors and their certifications to fill the gap in fundamental knowledge. I absolutely hate vendor "whitepapers" that promise a "deep dive" on a technical subject and are thinly veiled advertisements for a product. Having only that as an educational resource leads to people who have a very vendor-centric view of the world. My natural reaction when faced with an unfamiliar system is to dig in to the details and figure out what's going on under the hood. Vendors don't want you to do that, and employers are happy because the vendor they chose just happens to certify "professionals" who "know" the product in question.
Computer syste
Re:I always suspect.... (Score:5, Insightful)
I think I just lack empathy for non-humans. Companies aren't people. When they suffer, I just see numbers changing on a ledger.
That's funny...when companies make people suffer that's all they notice too...
While this guy was an *sswipe... (Score:5, Insightful)
Unfortunately for all of us, some people continue to give us a really bad reputation in the executive suite."
Sorry, but nothing, and I mean nothing, compares with the the bad reputation the executive suite has with everyone one. Psychotic bastards, the lot. Have you forgotten the whole banking fiasco that caused a massive economic meltdown? So, I think if anyone has a reputation to fix, it is upper management.
Re:ERP (Score:4, Insightful)
Then I would say his actions after he quit may provide a good clue why he was passed over for promotions.