Compilation | Tina
Under the double blow of being demoted and dismissed, he remotely logged in to the office PC on the impulse and erased all stored information at once.
An IT person responsible for preventing former employees from sabotaging the corporate network angrily erased the computer-stored information in the office after he was fired and was sentenced to jail.
Shannon Stafford, 50, received a sentence read by U.S. District Judge Catherine Blake on Thursday-serving twelve months and one day in prison. In addition, he also needs to pay 19,3250.1 US dollars (approximately RMB 1.32 million) in compensation to his former employer. After the four-day trial, the jury ruled that Stafford did intentionally and acted deliberately to damage the computer.
The case originated from an anonymous company that fired Stafford in 2015. According to the Federal Court’s description, this is a “multinational company with thousands of employees and numerous offices around the world.” After more than ten years of technical support work in the company’s Washington, DC office, Stafford was finally promoted in 2014 Technical field supervisor, successfully joined the IT management team. Unfortunately, he was demoted back to the service desk in March 2015 due to poor performance, and was fired in August of the same year.
The prosecutor pointed out that “As part of daily work, Stafford has access to the system login credentials of other employees and has the right to use these credentials in the course of performing technical support duties.”
"Stafford is also responsible for disabling the user's network access credentials after the employee leaves."
When handling the resignation, Stafford did not return the MacBook Pro device issued by the company normally, but took it back home. On the night of his dismissal, he used this laptop at home, using his own login credentials and those of former colleagues he had helped, repeatedly trying to remotely log in to the company's computer network, but without success.
A few days later, in the early morning, he managed to use the credential information of his former colleague again and successfully remotely connected to the office PC. According to the Department of Justice's explanation, on this basis, he was able to "delete all SAN file storage drives (SAN file storage drives) used by the Washington office, and then change the password to access this storage management system."
The prosecutor further added:
The file deletion has seriously affected the company's operations and caused the loss of some customers and user data. The password change hindered the company’s efforts to discover the problem in time and restore the remaining files. Due to the deletion of the network file storage drive, Washington users were unable to access their storage files for the next three days until the company used the backup copy to complete the data recovery. Customer and user data that has not been included in the latest backup copy before Stafford deletes the files will be permanently lost.
Three days later, he tried to log in again with his colleague's credentials, but failed. A few days later, the company warned Stafford to immediately stop the harassment activities, but he still continued to try to log in, and even tried to access the company's Baltimore office network to damage other business documents. In the end, the Federal Court arrested him.
Judging from the sentence of one year and one day, the prosecutor clearly intends to find a middle position within the scope of a sentence of no more than two years in prison. After serving his sentence, Stafford will face an additional three years of supervised release, and it is unlikely that he will continue to work in IT afterwards.
Intentional crimes frequently occur after resignation
Prior to this, the industry also reported too many incidents of "deleting libraries and running away".
One of them is Ramesh, a former Cisco employee who just pleaded guilty last month for illegally accessing Cisco's Amazon Web Services infrastructure and destroying its cloud computing resources.
Ramesh confessed in his confession that after leaving his job, “he used his personal Google Cloud Project account to deploy code and deleted 456 virtual machines. These virtual machines are mainly used for video conferencing, video messaging, file sharing, and other collaborations. Tool services.” Ramesh’s actions resulted in a total loss of US$2.4 million (approximately RMB 16.5 million) for Cisco. Ramesh himself may also face five years in prison and a fine of $250,000.
Ramesh admitted that he "recklessly" deployed malicious code, and "clearly realized that his actions may bring huge risks to Cisco's business."
Another well-known incident is the "Ex-Cloud Contract Technical Director retaliates for deleting the database" incident. According to a criminal judgment issued by the Hangzhou Yuhang District Court in December 2019, the well-known third-party electronic contract platform "Cloud Contract" had suffered "deleted database" because of the dissatisfaction of the former technical director Qiu.
According to relevant data, after Qiu joined the company in 2014, the company’s systems were built by him. The main systems are SAAS system, API3.0 system, API4.0 system, singing and game system, and the main implementation is electronic contract. sign. In 2017, the company was on track, so most of its turnover occurred in more than a year after 2017. In April 2018, the boss Mi approached Qiu and asked him to resign on the grounds that he “want to change the leadership team and try it out”. Although Qiu submitted his resignation report, he still felt uncomfortable.
At 10 o'clock on June 23rd of the same year, Qiu opened a Lenovo laptop at home, logged in to the company's Alibaba Cloud with the Alibaba Cloud account he had at work, and then logged in with the database account, accessed the Alibaba Cloud database, and deleted the database The index and part of the table caused the system to not work normally, and the company’s business could not be carried out normally.
In the end, Qiu himself was also punished by law. According to the cross-examination evidence, the direct economic loss caused by the “deleting of the database” was 2.25 million yuan, and the labor cost for troubleshooting was 71,200 yuan. The court of first instance sentenced Qiu to the crime of violating computer information systems and sentenced him to two years and six months in prison, with three years suspended.
Things worth pondering beyond authority management
Obviously, the ability of resigned employees to access the company network indicates that there are serious problems in the authority management of the aforementioned companies. Enterprises need to clarify the responsibilities of authority management personnel and follow the Principle of Least Privilege (Principle of Least Privilege), which applies to end users, systems, processes, networks, databases, applications, and all other aspects of the IT environment.
If the authority configured for the user or the program exceeds the prescribed level, data loss or data theft will result, which will bring losses to the enterprise. After causing losses, the penalties for programmers are relatively heavier, such as imprisonment, huge fines, and possible "professional prohibition".
According to Article 286 of the Criminal Law and related judicial interpretations, acts such as "deleting libraries and running off roads" can be sentenced if more than 10 systems fail to operate normally, and if more than 50 systems are caused, they are sentenced to at least 5 years. In addition to imprisonment and huge fines, the newly revised Criminal Law also stipulates "professional prohibition". For criminal offenders who commit crimes by using their positions, punishment measures can be imposed, such as programmers developing malicious software, using hacker technology to interfere and destroy Network security, leaking company business secrets, etc., can be sentenced to prohibit engaging in related industries for several years.
The majority of IT practitioners often become the target of ridicule on the Internet due to the high salary and high pressure life all year round. Especially in recent years, vicious incidents such as the prevalence of old-age crisis speech, violent layoffs, and perennial 996 emotional depression are excessive. Programmers encounter these unfair treatments but have no way to litigate. Many programmers also said: "Deleting the library and running away is nothing more than talking. The monk can't run to the temple." But why some people are willing to risk imprisonment to damage the company's system is something every manager should think about.
"Deleting libraries and running away" is a dead end after helplessness. Both employees and companies should try their best to avoid it.
Reference reading:
https://www.theregister.com/2020/09/25/it_support_jailed_storage/
http://www.cocoachina.com/articles/896683
Friends who like this article, welcome to follow the official account programmer Xiaohui , and watch more exciting content
点个[在看],是对小灰最大的支持!