This blog is a random collection of information, partly in support of my quotations web site. Other topics include wine, military news, economics, history, libertarianism, and other random things which happen to strike my fancy. Backup site is at http://quotulatiousness.blogspot.com/ (if there are no posts showing, hit the backup blog for explanation). Comments have been turned off, as the spam was getting too much to handle. Comments can be emailed to me for posting.

February 08, 2007

Those shifty IT guys

According to a recent study by CERT, the ones you need to watch carefully for sabotage are the IT workers:

The research suggests that potential troublemakers should be easy to spot. Nearly all the cases of cybercrime investigated were carried out by people who were "disgruntled, paranoid, generally show up late, argue with colleagues, and generally perform poorly."

According to the research, 86 percent of those who committed cybercrimes held technical positions and 90 percent had system administrator or privileged system access. Almost half — 41 percent — of those who sabotaged IT systems were employed at the time they did it but most crimes were committed by insiders following termination. Most incursions — 64 percent — involved VPNs and old passwords that had never been terminated, highlighting a lack of security controls and gaps in their organizations' access controls.

So, the next time you have a run-in with a surly system administrator or LAN technician (and you know it's going to happen), you can get your revenge by fingering them on the anonymous tip line as a potential saboteur. Revenge and self-righteousness in one easy package.

Or, you know, not.

Furious responses from readers who work in IT starting in three, two, one . . .

Posted by Nicholas at February 8, 2007 09:37 AM
Comments
"disgruntled, paranoid, generally show up late, argue with colleagues, and generally perform poorly." That's most of the people I know... Posted by: Da Wife at February 8, 2007 10:28 AM
I have only ever seen one case of this, back in 1998, and it was an application developer who did not have sysadmin privileges -- but knew precisely how to exploit the e-mail system using embedded code. All a company needs to do is have a sensible termination policy. Schedule a meeting with the dead man walking, invite HR, and instruct a trusted sysadmin to terminate the other's guys accounts across all systems at meeting time plus 5 minutes. Then boss walks terminated man to his desk, collects coat, walks him to the elevator, gets building pass, and we're done. Happens all the time in big firms. Zero chance of disgruntled-tech-guy-revenge. Posted by: Chris Taylor at February 8, 2007 11:34 AM
You've clearly only worked for non-dysfunctional employers! ;-) Posted by: Nicholas at February 9, 2007 09:43 AM
I am generally a nice guy when it comes to leaving companies, whether on my terms or theirs. Generally I check up on my VPN and other accounts a week or two after I've left, and then e-mail the appropriate folks to let them know if these accounts are still active. In an extreme case I VPN'ed in to a former employer's mainframe and started answering all the mainframe mail that started piling up when I left. Along the lines of: "This purchase order should be re-directed to so-and-so for approval, I left the company two weeks ago and can no longer provide purchase authorisation for this item. Also, please tell Enterprise Mainframe to kill my VPN and frame accounts, already. Old user accounts represent a security vulnerability. Thanks!" They generally get the message. It doesn't do you any good to burn bridges in this industry (particularly in my specialities) because I guarantee you will end up working with at least one former colleague at any new job. Posted by: Chris Taylor at February 9, 2007 11:46 AM


Visitors since 17 August, 2004