Pulse of Truth

1298 readers

19 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago

MODERATORS

krogoth

114

Developer sabotaged ex-employer with kill switch that activated when he was let go (go.theregister.com)

submitted 4 months ago by lemmydev2 to c/pulse_of_truth

13 comments fedilink hide all child comments

IsDavisLuEnabledInActiveDirectory? Not any more. IsDavisLuGuilty? Yes. IsDavisLuFacingJail? Also yes A federal jury in Cleveland has found a senior software developer guilty of sabotaging his employer's systems – and he's now facing a potential ten years behind bars.…

all 16 comments

sorted by: hot top controversial new old

[–] CosmicTurtle0@lemmy.dbzer0.com 44 points 4 months ago (2 children)

If this dev had this much access and his work didn't do any sort of code review, I don't understand how their CSOC or ISO isn't on trial along with him.

This is terrible OpSec.

In order for me to create an IAM role, I have to have two different people to approve it, along with the access control team, along with a change review on what the role does and how it will authenticate.

Dev teams cannot access production. Prod teams cannot access code directly. Only machine roles can access databases directly.

We have so many checks and balances that it's amazing we get anything done.

[–] homura1650@lemm.ee 16 points 4 months ago

I work in a high security industry. You'd be amazed at what you can do if you are willing to ignore the process. Our real defense against insider threats is attribution, law enforcement, and incident recovery. By the sounds of it, that is exactly what happened.

[–] jaybone@lemmy.world 3 points 4 months ago

I’m guessing it was a small company and/or super legacy systems and processes. I didn’t read the article.

[–] x00z@lemmy.world 22 points 4 months ago

You walk into the office to sign the papers. The person in front of you does not care for you. They are behind a computer, and ask if you have any last words you might want to add. You say there are none, and sign the papers. They click the button to finish the termination, stand up, give you a hand and express a meaningless thank you for your hard work. They tell you to leave now. You nod your head and start walking towards the exit. You hear sighs and shouts and notice people reaching for their phones. It has started. The office gets louder and more chaotic with each step you take. It is glorious. Your smile becomes hard to conceal, but it's worth it. You exit the building and let your smile reign free, it's impossible to stop. The sun is shining. You feel no regret, only an infinite amount of self respect and happiness. You reach your car, but before you get in you take a moment to gaze at sky. It's beautiful. You get in and start the drive towards home. Fuck 'em.

[+] harryprayiv 17 points 4 months ago* (last edited 2 months ago) (2 children)

[deleted]

[–] ReluctantMuskrat@lemmy.world 32 points 4 months ago (1 children)

Honestly remarkably stupid. His scheme had no way for him to claim plausible deniability. So while he got to gloat a little bit on the way out the door, he's suffering far worse consequences than just being out of a job and I'm sure the legal fees he's paying are ridiculous too.

Also company would have suffered the same fate if he died also. So even if he got promoted and the company treated him well, the company and his coworkers would have suffered if he got hit by a bus. Dude was a selfish idiot.

[–] Onomatopoeia@lemmy.cafe 6 points 4 months ago (2 children)

Nah.

We saw this happen in the 90's when controls were practically non-existant.

This behaviour (and his lack of concealing it), just reinforces you don't want him as an employee - partly because he never considered the implications of his actions.

Now he gets to deal with the legal consequences of this - court alone is going to be stressful and expensive, then jail time. Dude ended his career doing this.

[–] apostrofail@lemmy.world 3 points 4 months ago (2 children)

in the ’90s*

[–] intensely_human@lemm.ee 1 points 4 months ago

90’s years

[–] pipariturbiini@sopuli.xyz 0 points 4 months ago

It's a new way I like to be.

[–] jjjalljs@ttrpg.network 9 points 4 months ago

I'm reminded of some garbage post I saw in the hell known as LinkedIn. Some soulless suit was saying "Don't do PRs - just let your team merge directly to production." I didn't engage with it because I hate everything about LinkedIn and its clickbait trash feed, but "it protects you from a lone disgruntled employee" was one of the reasons I thought about.

[–] archonet@lemy.lol 5 points 4 months ago

And that, kids, is why you leave breadcrumbs going to someone else if you're going to do something stupid like this.

[–] Taleya@aussie.zone 4 points 4 months ago

Silly davis. Shoulda put a key element reliant on alerting his email address like most devs

[–] homesweethomeMrL@lemmy.world 2 points 4 months ago

Luigi