Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Crime IT Technology

IT Worker With Grudge Jailed (bbc.com) 31

A former Jet2 IT contractor with a grudge has been jailed for a cyber-attack on the company. From a report: Scott Burns, 27, of Queen Street in Morley, Leeds, was jailed for 10 months for his actions, which cost the company $214,000. The attack shut down Jet2's computer network for 12 hours in January 2018. Burns wanted revenge for the firm's treatment of him following an incident at a 2017 "Benidorm roadshow," Leeds Crown Court heard. Details about happened at the event in Benidorm were not outlined in court. The court heard only fast-thinking by one employee at the Leeds-based airline stopped Burns' actions being a "complete disaster" for Jet2. Burns pleaded guilty to eight counts under the Computer Misuse Act at a previous hearing. Judge Andrew Stubbs QC told Burns: "You intended to cause as much damage to Jet2's computer system as you could. "This went far beyond being mischievous. This was a revenge attack for a perceived slight you had suffered."
This discussion has been archived. No new comments can be posted.

IT Worker With Grudge Jailed

Comments Filter:
  • 10 months for causing a computer network to be down for 12 hours when they were able to restore it from backup? Seems excessive.

    • by SeaFox ( 739806 )

      That's how justice works when you're not one of the fat cats.

    • Re:10 months? (Score:4, Insightful)

      by Solandri ( 704621 ) on Monday December 23, 2019 @05:10PM (#59551714)
      If Wikipedia is to be believed, Jet2 [wikipedia.org] has 12,000 employees. So 12 hours * 12,000 people =16.4 man-years of work productivity potentially lost. And that's not even considering the customers who were inconvenienced from having their flights delayed or canceled as a result.

      As for backups, it sounds like the 12 hours was despite restoring from backups. From TFA:

      She said another IT employee managed to create a new hidden admin account as the attack was happening, allowing accounts to be rebuilt from a back-up and averting "complete disaster".

      • I am sure you mean't "person-years" not "man-years", but anyway should jail sentences be based on amount of productivity lost? Seems like a machine. It is Christmas so we should consider that.

        • I am sure you mean't "person-years" not "man-years" ... It is Christmas so we should consider that.

          So close.. but why not try to be even MORE inclusive? There might be someone reading your comment who celebrates Kwanza, Festivus, or Hanukkah and comments like that could unintentionally trigger them.

          It's 2020 for crying out loud, be better in the new year.

        • > I am sure you mean't "person-years" not "man-years",

          You mean't "person years" BUT "man-years"

          Is the only way that sentence isn't an offence agains't everything that is good and honest in this world.

    • The main role of punishment is to deter (Nemo prudens punit quia peccatum est, sed ne peccetur).
    • Re:10 months? (Score:5, Insightful)

      by Richard_at_work ( 517087 ) on Monday December 23, 2019 @05:48PM (#59551854)

      It seems *any* sentence for IT related crimes draws criticism from one person or another on Slashdot...

      He got 10 months, and there are no sentencing guidelines for Computers Misuse Act offences - under normal UK policy, he will serve 5 in prison and be released on parole.

      What wouldn’t you think excessive for significantly harming a company and thousands of employees? Remember, it’s not just money involved - delays mean angry customers, potential compensation for those customers, stressed staff and staff being abused by the public. 10 months doesn’t seem so excessive when you actually think about what he did and the ramifications of his actions.

    • by taustin ( 171655 )

      If you caused a quarter million dollars in damage by breaking in and smashing things, 10 months would be a gift from heaven.

    • Comment removed based on user account deletion
      • well the legal system is something like that as I've always understood it.

        first level : you planned and tried and failed and got caught : punishment
        second level : you planned and tried and succeeded and got caught : much harsher punishment.

        it's the intent aspect I think.

        moral of the story, practice better or don't do it.

      • Yes, since that's the difference between attempted murder and actual murder.

        • by N1AK ( 864906 )
          That's circular reasoning. His question was philosophical not literal. In general people don't consider someone's actions less "wrong" just because they failed, yet in our legal system the punishment is closely correlated with the level of success. The most extreme example I have seen is where someone punched another person, the person they punched fell over and due to a medical condition that wasn't visible or known to the attacker the impact of the fall was enough to kill them. The attacker was convicted
  • Britain runs on a very extreme form of capitalism, and British courts rarely punish British businesses for missteps. This is obvious from the word "perceived" in the ruling - "This was a revenge attack for a _perceived_ slight you had suffered." In other words, the company probably DID treat this man like shit - maybe a superior shouted abuse at him over some little thing - and the man, pissed by how he was treated, wanted to get the company back. Again, British courts rarely rule against British companies
    • Re: (Score:1, Funny)

      by Tablizer ( 95088 )

      But what country has legal recourse against bosses who treat employees like shit? Unless the boss grabs your tits, you can't do shit in most industrialized countries, and even that's often not enough.

      I figured living with jerk bosses is just an ugly fact of work life. Hopefully it happens when your industry is economically viable so you can find a new organization and ditch the fucker. Not surprisingly, I notice jerkhood goes up when the econ is down. I've seen a lot.

    • by Richard_at_work ( 517087 ) on Monday December 23, 2019 @05:50PM (#59551862)

      What a load of bullshit - UK courts regularly punish companies for crimes and other things, and we have extremely good employee protections in place.

      But hey, this is Slashdot, where we seem to practice an extreme form of socialism and think everything else is “extreme capitalism”.

    • by Ogive17 ( 691899 )
      Or maybe this guy was a jerk that was good at his job but bad at people skills. Someone else gets a promotion, he's upset because he feels it should have been him.. rest is history.
      • Actual story is around on the net: he tried to blag a guest into his hotel room whilst on a business trip. When challenged he claimed to be a company director. He got banned from foreign travel.

        • Yeah, he should be glad he wasn't fired on the spot after that little Benidorm stunt, and then he goes on to do this shit? I'm impressed that they aren't throwing Damage to the companies image into the pile of shit they're throwing at him.
  • Come on, restored from backups? Everyone knows a far more damaging attack is the disable backups completely or cause backups to be corrupted and then trash the systems after several months of no/corrupted backups.

    Forget sentencing this guy to jail for sabotage, sentence him to jail for doing such a shitty job of it.

    • by cusco ( 717999 )

      The best that I've personally encountered was the server admin for a local web farm who left a time bomb. After he hadn't logged into the network for 24 1/2 days the Administrator password on every server in the network changed to something totally random, all the permissions on the web servers changed, and then the file wiped itself. The whole web farm stayed up, but none of the customers could make any changes to their web sites. My boss spent a week rebooting servers from a rescue disk to reset them a

  • by Anonymous Coward

    Crown prosecutor Rebecca Austin told Court 5 at Leeds Crown Court: "This is a case which involves a disgruntled ex-employee."

    In 2017 Burns was working for Blue Chip Data Systems on its Jet2 account. He was dispatched to Benidorm to provide IT cover for a roadshow event. Crown prosecutors said in a note read by the judge that Burns "twice tried to bring back a guest who was not checked into" the hotel he was staying at.

    One guest was said to have "reacted violently" to being denied entry, breaking a hotel pho

    • by Ecuador ( 740021 )

      So, he was not allowed to bring a sex worker to the hotel he was staying at during a work trip... It must have been an obvious sex worker (she even threw a fit - so not a high class escort) to not be allowed, because no hotel cares about who you bring with you unless it's a junkie or a prostitute.
      And instead of being mad at the hotel, he was mad at his work for disciplining him over the incident where he brought his employers in pretending to be a director...
      Note that prostitution is legal in the UK - but o

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...