Tbh, what shocks me the most about this is how sloppy this appears to have been executed.
Honestly, if I had done something like this and they twigged to it, I’d consider just fucking off and joining the French foreign legion.
I worked for a company once that installed a remote-activation killswitch in their drivers, as a secret weapon to force the customer to stay current on their maintenance contract.
The CEO was a fuckup however, and the code killed their system even without being activated - resulting in a bunch of angry phonecalls and some of the most egregious lying I’ve ever heard.
god, he was a piece of shit
Sounds like lawsuit territory
So when company do it it’s fine but when we do it to companies it’s not?
Literally the same day as the HP news.
what happened?
(updated with a link)
Naturally. Advantage, privilege and money should only be in the hands of those who run large companies or better.
If that made you angry, bear in mind that’s what most top level company executives think. Well, actually they don’t think it, they know it unconsciously as the true order of the universe they inhabit and they get really uncomfortable should it even look vaguely like someone might be trying a competing philosophy to their own.
To be fair though, most people get really uncomfortable when something might undermine even part of the philosophy they live by.
One of my earliest coding jobs was at a firm that did outsourced accounting on some off-brand minicomputers. They cheated their customers and treated their staff like slaves. I was there to do some routine coding, but knew how to write driver code, so I did that in my spare time. I noticed something about the disk drives they were using: they had a resonant frequency. So I wrote some code to do head-seeks that took as long as the resonant period. I buried it deep, obfuscated it, triggered it by a random event that would occur on average every few days, and activated it when I left. I later heard from a colleague that they started having head crashes and guess what, they’d never tested their backup/restore process end-to-end.
I am pleased that the statute of limitations has long ago elapsed on that little adventure.
Lol everyone probably fantasizes about such thing sometimes, but even if you weren’t caught, it’s not worth it to personally be bitter like that.
Just got laid off and could had done the same. Except I don’t have to. Internal systems are so bad and undocumented and I was like only IT specialist there who could use linux, and so many things related to core businesses were just basically behind me.
The kill switch has made it self. Funny how I would have written more documentation if I ever was given the time.
I didn’t plant anything and I could still brick the production backends of a former employer because some poor ass decisions were made when choosing technologies and then when I pointed it out that it’s pretty bad the technology was stuck with so literally all it takes is sending 2-3 requests so all pods die.
But why do it.
Similar cases with my old company. In my case people who would had suffered the most direct consequences would had been my colleagues who I respect.
But I could totally cause trouble without any backdoor access.
Same for my last job. My bosses and managers harassed and insulted me. They said I was useless and stupid.
I quit with 3 months of “notice” (standard in France to help you find a new job). They didn’t care during those 3 months. In the last week they panicked because they could not find a replacement that did everything I fixed every day.
I also interviewed my replacement, a junior out of school with big diplomas. When I asked if he knew Linux, he said “not really.” I thought “they are fucked with this guy.” They wanted to hire him because he was the son of some guy. I said to my boss that he would be a perfect fit for the company.
Unknowingly I was the kill switch. I sent them one last email with all the information they needed and told them to go fuck themselves in a polite way.
malicious compliance, I like it
but even if you weren’t caught, it’s not worth it to personally be bitter like that.
Really depends on what you do for a living… Non-profit? Sure. Weapons manufacturer? Fucking have at it.
Fair but I wouldn’t ever work for weapons manufacturing. Also sabotage in that context would have heavy punishment, and at worst could cause collateral damage.
I was using that as an example because it was the worst thing that came to mind. There is a whole gradient between non-profit and weapons manufacturer.
But don’t be stupid about it. Stash a date somewhere that you manually update every so often (so that it’ll stop being updated if you’re fired) and then add a bunch of random waits whose durations scale with the time since that date. If you’re worried that the code will be found, comment it with some bullshit about avoiding race conditions.
…and now I can’t use that idea, since this comment would be used in court. If I did it to a weapons manufacturer, they’d probably get the death penalty somehow.
comment it with some bullshit about avoiding race conditions
Lmao, amazing
For the last time, I didn’t leave a kill switch – I just refused to document anything!
You are truly a madman
Edit: or a madlady
M’lady
I’m the lone human being who understands the code behind the byzantine financial operation of my org. No kill switch necessary.
Pro tip: your poorly thought out business rules can lead to stupidly complex processes.
I work on a small team and recently realized my boss is falling victim to survivorship bias. Another colleague and I handle our work, which is mission critical to the org, competently and fairly opaquely, only raising issues as they arise. However some other members of our team have less critical but more visible work that they tend to bungle. The department invests hiring dollars, training efforts, and materials purchases in service of remediating those issues. But my colleague and I are both burned out, eyeing the door, and fully aware there’s no one who understands what we do or is capable of doing it within our organization - aside from each other, but our respective scope of work is non-overlapping and there’s truly not wiggle room to cross train or support each other’s work. I’ve said all I know to say to leadership about this issue but they seem willfully ignorant.
When one of us goes, I think the other will follow quickly. Hiring takes almost 2 months at my work, so the gap/lack of knowledge transfer will make for a huge shit show.
You burning out is a process failure. Work normal hours and let shit fail 🤷♂️. Say the reduction in hours is “health related” so they can’t pry.
Look at me, I am the killswitch now.
Dude should have just added comments indicating that the code was part of some security test but was unfinished and extremely dangerous.
Change a few file names, add a comment how it will never run under normal circumstances, and you’ve got plausible deniability.
So he was pissed because they gave him less work to do???
I’m trying to understand it
IT work is feast or famine.
“IT people, your not doing anything, what the hell do we pay you for?”
“IT people, everything is on fire, what the hell do we pay you for?”
How is that feast or famine
I think they mean in terms of workload, not like pay or something. Either you have a lot of work, or very little work. But when you’re needed, you’re needed urgently.
i goes it is ON not OR
Up to 10 years is crazy. Sure, what he did was wrong, planned and malicious, and they claim it cost them tens of thousands of dollars. But 10 years? This is crazy for something that at worst would be a yearly salary of a single employee.
Fucking capitalism.
he should have tried to overthrow the government, or stole classified documents. that’s a drastically lower sentence
“Up to 10 years” is the maximum possible for that type of crime. Actual sentencing guidelines for a $500k loss for a first time offender will probably come out to about 2, maybe 3 years.
In order for the recommended sentence to hit 10 years, we’d have to be talking about damage of over $550 million, or something like a long criminal history.
Substantial disruption of critical infrastructure would get someone to around 5 years, as a reference.
allegedly costing hundreds of thousands of dollars in losses.
Also it’s sabotage, which might attract heavier penalties than mere theft?
Actually for federal sentencing, property destruction is punished under the same table as theft. It’s mostly measured from the amount of loss to the victims, whether the person actually profited from it or not.
Fair enough.
Having known victims of vandalism I can say it hurts more than theft.
Now to make it worse, ask this, “If the corporation did 10 times this amount of damage, but to the general citizens of the country, how many people would go to jail?”
That’s right 0 people would go to jail! And they would only be fined for no more than 10% of the profit they made while doing it. Maybe someone like a jr director of operations gets tossed in jail, but he wasnt really apart of the club.
Nah they would have added more fees to subsidize the protections they weren’t going to put in place. Then reach out to the government for subsidies to put these protections in place. Then give bonuses, stock buy backs and when it happened again, they’d raise the fees installed previously and consider making the upgrades if the fine threatened is high enough, if not they’ll pay the fine and buy back more stock and run an ad campaign to make the company look better.
Don’t F with the power grid.
owned by the Ohio- and Dublin-based power management company Eaton Corp.
https://en.m.wikipedia.org/wiki/Eaton_Corporation
Sentences are always harsh for anything to do with those who provide for public utilities.
@null_dot@lemmy.dbzer0.com has a comment about sabotage, which was likely a factor combined with this to drive max recommended sentencing.
deleted by creator
Removed by mod
Every person that has worked in a sysadmin type role, has joked about doing something like this. Very few actually carry through with it. So, in a way, I kinda like this guy for actually doing it, even if he didn’t cover his tracks very well.
Part of me sympathizes with the guy, but this was reckless
I’d argue that he gave them extra code, a bonus if you will.
and unlike dennis nedry, he didn’t have to get killed by a dinosaur to do it.
I developed a spreadsheet for a company I worked for a few jobs ago. When I left I used a picture of Dennis to lock everyone out of the spreadsheet but only for one day, months after I left. Stupid idea, but felt good.
I had created a few things on Google sheets that my coworkers were using. It wasn’t anything groundbreaking, but one was a spreadsheet I’d made that had all of our driver’s availability to assist with scheduling. The sheets were on my personal account, and we didn’t end on good terms, so I just locked them all out. It was funny getting all the texts asking for access the next day. I told them to make their own.
