IT Worker Sentenced To Seven Months After Trashing Company Network (theregister.com) 42
An anonymous reader shares a report: A judge has sentenced a disgruntled IT worker to more than seven months in prison after he wreaked havoc on his employer's network following his suspension, according to West Yorkshire Police.
According to the police, Mohammed Umar Taj, 31, from the Yorkshire town of Batley, was suspended from his job in nearby Huddersfield in July 2022. But the company didn't immediately rescind his network credentials, and within hours, he began altering login names and passwords to disrupt operations, the statement says.
The following day, he allegedly changed access credentials and the biz's multi-factor authentication settings that locked out the firm and its clients in Germany and Bahrain, eventually causing an estimated $274,200 in lost business and reputational harm.
According to the police, Mohammed Umar Taj, 31, from the Yorkshire town of Batley, was suspended from his job in nearby Huddersfield in July 2022. But the company didn't immediately rescind his network credentials, and within hours, he began altering login names and passwords to disrupt operations, the statement says.
The following day, he allegedly changed access credentials and the biz's multi-factor authentication settings that locked out the firm and its clients in Germany and Bahrain, eventually causing an estimated $274,200 in lost business and reputational harm.
These morons never learn (Score:2)
Yes, they will get caught. Yes, they will go to prison. And, yes, they will pay for the damage, probably for a long, long time.
Punishment isn't working. (Score:1)
Why do assume they will pay for anything instead of going bankrupt?
Hard time breaking rocks into gravel is real punishment. Confinement under lax modern conditions is not.
Re:Punishment isn't working. (Score:5, Interesting)
Related to that, even a harsh punishment doesn't necessarily mean that someone will make an illogical choice not considering the consequences; you will never stop 100% of issues like this because there will always be someone who misunderstands their situation and makes an illogical choice regardless of punishment.
Re: (Score:3)
This guy's record will follow him his entire life. These days, it's really hard to get hired anywhere, particularly in IT, if you have a criminal record. That's pretty severe (and appropriate) punishment, in my opinion.
UK spent convictions (Score:3)
After four years and seven months his official record will become invisible as it will be spent conviction. Even before that the information isn't normally easily available, though the publicity in this case has generated me be more of a problem for him, as an internet search will reveal him. So it may be less of a disaster than you think, though he may struggle.
https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2)
Interesting, the US doesn't have any such "spent conviction" law. Your past crimes can literally follow you the rest of your life.
Even in the UK, according to the Wikipedia article you linked, there is a long list of professions that are exempt from the law, so it does still narrow the potential positions that this man could hold.
Re:Punishment isn't working. (Score:4, Insightful)
If that were the case, the death penalty would only be applied to the wrongly convicted or intentionally suicidal.
This is because of two interlocking facts: (a) most criminals are not terribly rational, in particular they tend to have broken time preferences. And (b) many crimes like this are "crimes of passion" - e.g. being stupid because you're super angry.
Making prisons more sadistic than they are now doesn't fix either of those things. You just make people more resentful and broken when they finally get out.
Re: (Score:2)
Re: Punishment isn't working. (Score:1)
Restitution for criminal conduct generally can't be discharged via chapter 7. This is different from civil liability.
Re: (Score:1)
Re: (Score:2)
A zillion years ago, I had a contract position at Disney. But I was a temp worker, so they didn't give me a desk. Or a phone. Or a PC to use. Or any official way to check my e-mail. But somehow they DID give me Forest Admin credentials for their ENTIRE Active Directory.
I was there for six months and when the full time replacement admin finally showed up, they had armed guards escort me out. My replacement let me know after the fact that someone done fucked up setting up my user account. I could've fucked th
Re: (Score:2)
You know who else doesn't seem to learn? All these companies with shitty IT policies who don't know how to secure their networks appropriately. There is at least one of these stories every year.
Re: (Score:2)
True. Does not help the person going to prison much though.
Re: (Score:2)
...but why?? (Score:2)
Re:...but why?? (Score:5, Insightful)
People who are vengeful are often also not very rational in that emotional state, history is littered with examples of this and they seem incapable of extrapolating the consequence of their shortsighted actions. In this case, the dude's rampage came about because he was suspended from work which indicates he had already generated a fair amount of "friction" at his workplace.
Re:...but why?? (Score:5, Interesting)
Unfortunately for him I noticed some oddities with how things were broken and started digging. He ended up pleading guilty in federal court.
Re: (Score:3)
No, the guy he caught, lived up to the moniker.
Re: (Score:2)
Yeah those were the days. More than a decade ago I worked for a company that had an IT services business. They had a single administrative account that they used everywhere. All the IT staff, and many others, knew the password to this account. When I pointed out this security problem, they wanted to change it but couldn't, because it was hard-coded in so many places, and used in so many interconnected services, that changing the password would have brough down their entire operation.
Re: (Score:1, Troll)
But seriously
You lost any ability for anyone to take you seriously after this beauty:
"Mohammed Umar Taj" seemed so nice and respectable
Reputational damage? (Score:5, Informative)
If the company didn't rescind his credentials immediately upon firing, that's all the reputation you need to know.
This is basic security practice taught in every 100 level IT security course.
Re:Reputational damage? (Score:4, Informative)
He wasn't fired immediately, he was suspended, and did the damage will still an employee.
Re:Reputational damage? (Score:4, Insightful)
...doesn't negate the question; why wasn't his account disabled? A suspended employee has no reason to access secure systems, this should be the default.
I'm having a hard time imaging a reason for suspension that wouldn't necessitate the need to disable his credentials.
Re: (Score:2)
Suspension is done with the assumption that the employee is coming back. At that point, they would have all access restored anyway. If the offenses were so severe that they would necessitate terminating access, they should just fire the employee. If they don't fire the employee, they have to continue to trust the employee, sooner or later.
Re: (Score:2)
Suspension means the employee isn't performing their job duties; hence they don't need access to the system. Same thing applies, admittedly to a lesser extent, to when admins go on vacations.
On top of that, suspensions are not done with the assumption that the employee is coming back; it's more of a "get the person out of here NOW while we build our termination case" type of thing. Suspensions are almost always for ethical reasons, which is precisely the type of person who shouldn't have access, and there
If he really wanted ... (Score:5, Funny)
[Saw this posted elsewhere]
Re: (Score:2)
you've never been to Yorkshire, have you? The urban areas have attracted substantial immigration from the Indian subcontinent, so the name isn't a surprise to Brits.
Re: (Score:2)
Yorkshire is about 8% Muslim.
BTW, India is 80%Hindu (also the seat of Yoga and (Score:2)
Used to be 100% Hindu before barbaric Islamic invasions.
Re: BTW, India is 80%Hindu (also the seat of Yoga (Score:2)
Hinduism is not a warmongering culture like the Jihadi Islamic hatemongering invasionist mindset
The Rg Veda, 5000+ years old says that God is the Consciousness within all.
Our way is that of Yoga and
meditation https://www.perplexity.ai/sear... [perplexity.ai] âïðY(TM)ðYðY--ðY'ðY®ðYðYðYðY
The 7 month jail senence is the easy part. (Score:2)
My guess his financial asset capacitor is going to get discharged in a civil proceeding. The guy might be walking around with no shirt afterwards, if you know what I mean.
There's always two sides. (Score:2)
You lose your temper. Do something of questionable judgement. Momentary satisfaction as you see them scramble to replace you.
Side #2: You still have to work there. It sucks because you kinda liked the guy causing all the problems. You understand his reasoning, but you're trapped because you're definitely not in a position to do something similar. So you save your own ass.
I see both sides. The corporate money usually wins. An unfortunate fact of
Re: (Score:2)
But I don't dismiss the disgruntled employee's claim.
What claim is that? There's nothing in TFS or TFA that indicates the ex-employee has attempted to justify his behavior at all.
Additionally, you missed...
Side #3: You've known the guy was an immature ass for quite some time, and warned your superiors that best practices dictate every bit of access he had should be rescinded right away and every password he had access to be changed immediately - but they neglected to act.
That explains one thing (Score:2)