Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Crime IT

IT Worker Sentenced To Seven Months After Trashing Company Network (theregister.com) 33

An anonymous reader shares a report: A judge has sentenced a disgruntled IT worker to more than seven months in prison after he wreaked havoc on his employer's network following his suspension, according to West Yorkshire Police.

According to the police, Mohammed Umar Taj, 31, from the Yorkshire town of Batley, was suspended from his job in nearby Huddersfield in July 2022. But the company didn't immediately rescind his network credentials, and within hours, he began altering login names and passwords to disrupt operations, the statement says.

The following day, he allegedly changed access credentials and the biz's multi-factor authentication settings that locked out the firm and its clients in Germany and Bahrain, eventually causing an estimated $274,200 in lost business and reputational harm.

IT Worker Sentenced To Seven Months After Trashing Company Network

Comments Filter:
  • Yes, they will get caught. Yes, they will go to prison. And, yes, they will pay for the damage, probably for a long, long time.

    • Why do assume they will pay for anything instead of going bankrupt?

      Hard time breaking rocks into gravel is real punishment. Confinement under lax modern conditions is not.

      • by Whateverthisis ( 7004192 ) on Tuesday July 01, 2025 @04:23PM (#65489590)
        "Punishment isn't working": you can't prove that because it's proving a negative. How many people thought about causing damage to their employer after getting laid off, but decided not to because they knew they would go to prison?

        Related to that, even a harsh punishment doesn't necessarily mean that someone will make an illogical choice not considering the consequences; you will never stop 100% of issues like this because there will always be someone who misunderstands their situation and makes an illogical choice regardless of punishment.

      • This guy's record will follow him his entire life. These days, it's really hard to get hired anywhere, particularly in IT, if you have a criminal record. That's pretty severe (and appropriate) punishment, in my opinion.

        • After four years and seven months his official record will become invisible as it will be spent conviction. Even before that the information isn't normally easily available, though the publicity in this case has generated me be more of a problem for him, as an internet search will reveal him. So it may be less of a disaster than you think, though he may struggle.

          https://en.wikipedia.org/wiki/... [wikipedia.org]

      • Re: (Score:3, Insightful)

        by abulafia ( 7826 )
        You appear to believe that increasing the severity of a threatened punishment "enough" will eliminate the sanctioned behavior.

        If that were the case, the death penalty would only be applied to the wrongly convicted or intentionally suicidal.

        This is because of two interlocking facts: (a) most criminals are not terribly rational, in particular they tend to have broken time preferences. And (b) many crimes like this are "crimes of passion" - e.g. being stupid because you're super angry.

        Making prisons more

      • Restitution for criminal conduct generally can't be discharged via chapter 7. This is different from civil liability.

    • by Anonymous Coward
      This case shows exactly why centralized systems are fragile. When one insider can destroy critical infrastructure with a few keystrokes, the problem isn’t just the employee, it’s the architecture. Blockchain offers a fix by designing systems where no single actor has unilateral control and all actions are transparently verifiable. This kind of structural resilience reflects both the collective safeguards envisioned by communism and the trustless integrity proven by bitcoin.
      • by slaker ( 53818 )

        A zillion years ago, I had a contract position at Disney. But I was a temp worker, so they didn't give me a desk. Or a phone. Or a PC to use. Or any official way to check my e-mail. But somehow they DID give me Forest Admin credentials for their ENTIRE Active Directory.

        I was there for six months and when the full time replacement admin finally showed up, they had armed guards escort me out. My replacement let me know after the fact that someone done fucked up setting up my user account. I could've fucked th

    • by Bahbus ( 1180627 )

      You know who else doesn't seem to learn? All these companies with shitty IT policies who don't know how to secure their networks appropriately. There is at least one of these stories every year.

  • I don't understand what his end goal was. He had to know they'd know it was him. It just seems incredibly short-sighted to be that vengeful.
    • Re:...but why?? (Score:5, Insightful)

      by Knightman ( 142928 ) on Tuesday July 01, 2025 @04:01PM (#65489560)

      People who are vengeful are often also not very rational in that emotional state, history is littered with examples of this and they seem incapable of extrapolating the consequence of their shortsighted actions. In this case, the dude's rampage came about because he was suspended from work which indicates he had already generated a fair amount of "friction" at his workplace.

    • Re:...but why?? (Score:4, Interesting)

      by EvilSS ( 557649 ) on Tuesday July 01, 2025 @04:19PM (#65489582)
      I ended up involved in a similar case as a consultant. Admin was let go and I advised at the time that they consider forcing an across the board password change (This was one of those places where the admins would just ask users for their passwords when troubleshooting with them so they knew a bunch of user account creds). They declined. I was called back a week or so later when stuff started breaking. The old admin offered to come back and "consult" to fix the issues, for a decently high rate of course. He thought they would be grateful and he would make some extra cash off of his revenge while he looked for a new job.

      Unfortunately for him I noticed some oddities with how things were broken and started digging. He ended up pleading guilty in federal court.
      • Yeah those were the days. More than a decade ago I worked for a company that had an IT services business. They had a single administrative account that they used everywhere. All the IT staff, and many others, knew the password to this account. When I pointed out this security problem, they wanted to change it but couldn't, because it was hard-coded in so many places, and used in so many interconnected services, that changing the password would have brough down their entire operation.

  • Reputational damage? (Score:5, Informative)

    by smooth wombat ( 796938 ) on Tuesday July 01, 2025 @04:20PM (#65489584) Journal

    If the company didn't rescind his credentials immediately upon firing, that's all the reputation you need to know.

    This is basic security practice taught in every 100 level IT security course.

  • by PPH ( 736903 ) on Tuesday July 01, 2025 @05:44PM (#65489712)

    ... to screw over the company, he should have purchased an enterprise VMWare license. And then negotiated a cloud contract with Oracle.

    [Saw this posted elsewhere]

  • My guess his financial asset capacitor is going to get discharged in a civil proceeding. The guy might be walking around with no shirt afterwards, if you know what I mean.

  • Side #1: You felt slighted. Disrespected. Unappreciated.
    You lose your temper. Do something of questionable judgement. Momentary satisfaction as you see them scramble to replace you.

    Side #2: You still have to work there. It sucks because you kinda liked the guy causing all the problems. You understand his reasoning, but you're trapped because you're definitely not in a position to do something similar. So you save your own ass.

    I see both sides. The corporate money usually wins. An unfortunate fact of
    • But I don't dismiss the disgruntled employee's claim.

      What claim is that? There's nothing in TFS or TFA that indicates the ex-employee has attempted to justify his behavior at all.

      Additionally, you missed...

      Side #3: You've known the guy was an immature ass for quite some time, and warned your superiors that best practices dictate every bit of access he had should be rescinded right away and every password he had access to be changed immediately - but they neglected to act.

FORTUNE'S FUN FACTS TO KNOW AND TELL: A black panther is really a leopard that has a solid black coat rather then a spotted one.

Working...