IT Worker Sentenced To Seven Months After Trashing Company Network (theregister.com) 33
An anonymous reader shares a report: A judge has sentenced a disgruntled IT worker to more than seven months in prison after he wreaked havoc on his employer's network following his suspension, according to West Yorkshire Police.
According to the police, Mohammed Umar Taj, 31, from the Yorkshire town of Batley, was suspended from his job in nearby Huddersfield in July 2022. But the company didn't immediately rescind his network credentials, and within hours, he began altering login names and passwords to disrupt operations, the statement says.
The following day, he allegedly changed access credentials and the biz's multi-factor authentication settings that locked out the firm and its clients in Germany and Bahrain, eventually causing an estimated $274,200 in lost business and reputational harm.
According to the police, Mohammed Umar Taj, 31, from the Yorkshire town of Batley, was suspended from his job in nearby Huddersfield in July 2022. But the company didn't immediately rescind his network credentials, and within hours, he began altering login names and passwords to disrupt operations, the statement says.
The following day, he allegedly changed access credentials and the biz's multi-factor authentication settings that locked out the firm and its clients in Germany and Bahrain, eventually causing an estimated $274,200 in lost business and reputational harm.
These morons never learn (Score:2)
Yes, they will get caught. Yes, they will go to prison. And, yes, they will pay for the damage, probably for a long, long time.
Punishment isn't working. (Score:1)
Why do assume they will pay for anything instead of going bankrupt?
Hard time breaking rocks into gravel is real punishment. Confinement under lax modern conditions is not.
Re:Punishment isn't working. (Score:5, Interesting)
Related to that, even a harsh punishment doesn't necessarily mean that someone will make an illogical choice not considering the consequences; you will never stop 100% of issues like this because there will always be someone who misunderstands their situation and makes an illogical choice regardless of punishment.
Re: (Score:3)
This guy's record will follow him his entire life. These days, it's really hard to get hired anywhere, particularly in IT, if you have a criminal record. That's pretty severe (and appropriate) punishment, in my opinion.
UK spent convictions (Score:3)
After four years and seven months his official record will become invisible as it will be spent conviction. Even before that the information isn't normally easily available, though the publicity in this case has generated me be more of a problem for him, as an internet search will reveal him. So it may be less of a disaster than you think, though he may struggle.
https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:3, Insightful)
If that were the case, the death penalty would only be applied to the wrongly convicted or intentionally suicidal.
This is because of two interlocking facts: (a) most criminals are not terribly rational, in particular they tend to have broken time preferences. And (b) many crimes like this are "crimes of passion" - e.g. being stupid because you're super angry.
Making prisons more
Re: Punishment isn't working. (Score:1)
Restitution for criminal conduct generally can't be discharged via chapter 7. This is different from civil liability.
Re: (Score:1)
Re: (Score:2)
A zillion years ago, I had a contract position at Disney. But I was a temp worker, so they didn't give me a desk. Or a phone. Or a PC to use. Or any official way to check my e-mail. But somehow they DID give me Forest Admin credentials for their ENTIRE Active Directory.
I was there for six months and when the full time replacement admin finally showed up, they had armed guards escort me out. My replacement let me know after the fact that someone done fucked up setting up my user account. I could've fucked th
Re: (Score:2)
You know who else doesn't seem to learn? All these companies with shitty IT policies who don't know how to secure their networks appropriately. There is at least one of these stories every year.
Re: (Score:2)
True. Does not help the person going to prison much though.
...but why?? (Score:2)
Re:...but why?? (Score:5, Insightful)
People who are vengeful are often also not very rational in that emotional state, history is littered with examples of this and they seem incapable of extrapolating the consequence of their shortsighted actions. In this case, the dude's rampage came about because he was suspended from work which indicates he had already generated a fair amount of "friction" at his workplace.
Re:...but why?? (Score:4, Interesting)
Unfortunately for him I noticed some oddities with how things were broken and started digging. He ended up pleading guilty in federal court.
Re: (Score:3)
No, the guy he caught, lived up to the moniker.
Re: (Score:2)
Yeah those were the days. More than a decade ago I worked for a company that had an IT services business. They had a single administrative account that they used everywhere. All the IT staff, and many others, knew the password to this account. When I pointed out this security problem, they wanted to change it but couldn't, because it was hard-coded in so many places, and used in so many interconnected services, that changing the password would have brough down their entire operation.
Re: (Score:1, Troll)
But seriously
You lost any ability for anyone to take you seriously after this beauty:
"Mohammed Umar Taj" seemed so nice and respectable
Reputational damage? (Score:5, Informative)
If the company didn't rescind his credentials immediately upon firing, that's all the reputation you need to know.
This is basic security practice taught in every 100 level IT security course.
Re:Reputational damage? (Score:4, Informative)
He wasn't fired immediately, he was suspended, and did the damage will still an employee.
Re: (Score:2)
...doesn't negate the question; why wasn't his account disabled? A suspended employee has no reason to access secure systems, this should be the default.
I'm having a hard time imaging a reason for suspension that wouldn't necessitate the need to disable his credentials.
If he really wanted ... (Score:5, Funny)
[Saw this posted elsewhere]
Re: (Score:2)
you've never been to Yorkshire, have you? The urban areas have attracted substantial immigration from the Indian subcontinent, so the name isn't a surprise to Brits.
Re: (Score:2)
Yorkshire is about 8% Muslim.
The 7 month jail senence is the easy part. (Score:2)
My guess his financial asset capacitor is going to get discharged in a civil proceeding. The guy might be walking around with no shirt afterwards, if you know what I mean.
There's always two sides. (Score:2)
You lose your temper. Do something of questionable judgement. Momentary satisfaction as you see them scramble to replace you.
Side #2: You still have to work there. It sucks because you kinda liked the guy causing all the problems. You understand his reasoning, but you're trapped because you're definitely not in a position to do something similar. So you save your own ass.
I see both sides. The corporate money usually wins. An unfortunate fact of
Re: (Score:2)
But I don't dismiss the disgruntled employee's claim.
What claim is that? There's nothing in TFS or TFA that indicates the ex-employee has attempted to justify his behavior at all.
Additionally, you missed...
Side #3: You've known the guy was an immature ass for quite some time, and warned your superiors that best practices dictate every bit of access he had should be rescinded right away and every password he had access to be changed immediately - but they neglected to act.