Stories of Evil Administrators: How to Avoid Losing Millions
Walter Powell lost his job that day.
After years of being an IT manager for a company helping drug addicts in Baltimore, his boss sacked him.
Powell decided to go out with a bang.
He used his technical skills and remotely uploaded a keylogging software onto the computers of his former employer, Baltimore Substance Abuse Systems. This soon got him employee passwords – including the login information of the company director who was responsible for Powell’s sacking.
The following month was chock-full of interesting events for BSAS.
During the next four weeks, the fifty-two year old Powell managed to secretly enter the company’s network more than hundred times.
And he always left trouble in his wake. He used to send out fake e-mails to his former co-workers in his ex-boss’ name. And he set it up so that the company was frequently sending its sensitive internal data outside. Through ways both simple and sophisticated, Powell haunted the organization.
All his exploits were soon to be topped. Powell found out that the CEO of BSAS was going to hold a presentation about his successful leadership for the organization’s board. That included Baltimore’s mayor, top city officials and other important people.
For Powell, that was too good an opportunity to let go.
And so he formulated a plan.
How to get rid of an ex-boss? Through a minor PowerPoint edit
It all went off without a hitch.
Just as Powell’s ex-boss was talking about his successes in leading the addict-helping organization, the computer running his presentation suddenly restarted. The manager apologised to the head honchos of Baltimore for the issue and started it all up again.
The sixty-four inch screen that previously showed a slide of the presentation now displayed a very naked woman.
Powell remotely hijacked his former boss’ presentation and switched slides celebrating his successes with porn.
Whatever repercussion did the poor embarrassed manager have to face, they paled in comparison with the trouble this got Powell in. Very soon after his latest antics he was arrested. He had to stand trial and was sentenced to a hundred hours of community service and a two-year suspended sentence. And BSAS then needed to spend more than 80 thousand dollars just to improve their poor security system.
„No, by and large, people do not become evil when they become admins. A few do, let me say. In any sensible system they are removed as admins for violating the rules of adminship” – Jimmy Wales, Wikipedia founder
Evil admins are not a new phenomenon
This abuse of power is not terribly unusual amongst admins. Many more cases like this have happened over the course of the computer history. Some of them quite a long time ago. There was the infamous Timothy Lloyd, for example, who cost an American company Omega Engineering all their important data and manufacturing programs. This lost them more than 12 million dollars. All that back in 1996.
It all began because of a fear. Lloyd was afraid that he might be let go from his job of an IT manager. He did something unconventional – he began to prepare his revenge. Long before he was even fired.
He was setting up his retaliation when there was nothing to get vengeance for. Machiavelli would cry for joy.
He began to move all Omega’s important data to one particular server. And being the sole IT administrator in charge of company network, Lloyd ordered employees not to make any local backups to important manufacturing programs. And over time, he snuck all the physical backups out of the company.
In the end, he was indeed fired.
What was Lloyd’s downfall? Sabotaging his new team
After some time Lloyd was sacked. And he deserved it, because he was refusing to cope with new company policies. He used to be in charge of the whole IT himself, but his superiors decided to create an IT team and give them some of his duties and responsibilities. Lloyd was nasty to his new teammates, sabotaged their work and purposefully delayed projects that he was not allowed to manage himself.
The head honchos could finally relax. But just for a moment.
Fourteen days after Lloyd has been fired, the company’s server ran a very short program. It was one of Lloyd’s tools of vengeance. The tiny app deleted all of the important data, including the manufacturing programs that Lloyd purposefully moved to this server. And there were no backups to be found. It wasn’t until much later when police discovered over 500 CDs, floppy disks, hard disks and tapes in Lloyd’s house.
The story ended poorly for both the admin scorned and his former company. Omega lost huge amounts of money and many important deals. The company had to let go more than 70 of its employees. Jim Fergusson, the director of Omega’s Bridgeport factory, said during Lloyd’s trial: “We will never recover from this.”
Lloyd was sentenced to two years behind bars and had to pay a huge fine of 2 million dollars.
Revenge is all-too-common in the world of IT
Mischief done by disgruntled former employees is still relatively common in the world of IT. There are still some admins who abuse their position. Recently, there has been an admin who used a sophisticated deleting script against the mortgage association Fannie Mae. And another British CTO who, after being fired, hacked into a multinational insurance company and through various ways incurred them losses worth more than half a million pounds. And then there has of course been the infamous Terry Childs. He refused to give login credentials for San Francisco’s city network to city’s officials after being fired, even though the network in question was responsible for operating traffic lights and other services. And there have been many more cases of ‘admin vengeance’.
All of these attacks end in the same way, the company in question racks up huge loses. But they have one more thing in common. All of the administrators are in some way not satisfied, be it because of company policies or unfair – at least in their eyes – sacking.
There are many lessons that companies should take from this. They were aptly pointed out in a study about Lloyd’s case. The overall message is: don’t let any one person rule over all your systems at once. There are many other advices contained in the document, but many companies have still not taken them to heart.
How to get rid of a problematic employee? After a thorough preparation
The author of the Lloyd’s study advises companies to be especially careful when firing problematic employees. “If an employee is becoming a problem, start locking down. Monitor your network, set up software that will alert you if he or she is in a different part of the network than usual or if he or she is working at a different time than usual. Also scan email to see what is going out of the company. Double check backup tapes and have someone else do the backups if that person is the one in question,” says the case study’s author Sharon Gaudin.
It’s important to know if the problematic person hasn’t left himself a backdoor into your network. And to change their login credentials.
Even that much might not be enough. As has been demonstrated by a case of a disgruntled admin who remotely bricked hundreds of cars by locking their electronic ignition and setting off their horns for hours. The hacked entered the system through credentials stolen from one of his former co-workers.
Many companies could benefit from an improved discharge process. Even though losing a job is probably a negative event for everyone, if they’re treated fairly, people are less prone to seek revenge.
And that doesn’t go just for dismissing an IT professional. Today, every disgruntled ex-employee is a potential threat to the company. They might want to get their revenge just by spreading rumours, but they might also do something much worse, like hiring a DDoS attack targeting the servers of their former employer.
There’s a simpler way to stop these problems.
Data centers protect you from ill-meaning admins
What do all the stories about evil administrators have in common? Every time a case like that happened, it was a failing of one person that affected a whole company. Huge financial losses, lost clients and trust were just some of the consequences. The companies also usually had to invest more resources into security, fire some employees and deal with court cases.
The people factor is a weak spot for many enterprise IT departments. There are not enough experts in the job market and the demand for them is huge. This makes it easy to hire a sub-optimal employee.
But there’s an easy solution.
Companies don’t have to search for dozens of administrators and worry about setting up processes to check them and their work.
It’s much easier and more cost-effective to leave at least some of your IT woes to experts and migrate your IT to a data center or a cloud. By doing this, you’ll make sure that your data and infrastructure are always safe and accessible.
Data centers hire only the best and brightest. Everyone is a professional, so a personal failure like Powell’s or Lloyd’s won’t ever happen. DCs also invest a lot of money into their further education so that they can always offer the best services. Their clients in turn get reliable administrators that know their way around the newest technologies. All without ever needing to invest into building, maintaining and educating their own IT team.
Moving to a data center’s care solves another potential problem – experts are not only difficult to come by, they’re difficult to replace. Sometimes, an IT admin just can’t be reached when something needs to be quickly fixed, solved or upgraded. This can be an especially big deal for smaller companies, where one admin taking a vacation might halve or completely disrupt their IT team. When a company relies on a data center for these services, it doesn’t have to worry about this at all.
Some people are worried about jumping into the cloud or moving to a data center, but it can absolutely mitigate the risk of their employees failing. And bring the company a lot of other advantages, like the possibility to back up their data, infrastructure and computing power into another secure location. The services your company needs to function can then survive anything, even a natural disaster.
Why do some admins go bad?
There’s no simple explanation why some administrators choose to abuse their position. It could possibly be at least partially attributed to a feeling of power. A classic quote by Lord Acton goes: “Power tends to corrupt, and absolute power corrupts absolutely.” According to recent psychological studies, he might have been only half-right. Because people tend to react to a growth in their power differently. For some, their moral motives and pro-ethical behaviours get a boost. For others, their scruples go away. Some people act more pro-socially, others grow more selfish. Some people tend to apply different standards to themselves than to others. As in: “Others should always abide the law when driving, but I can drive faster than the limit because I am important and in a hurry.” The post of an IT administrator is inevitably linked to a certain amount of power. They are often the only ones in a company that actually understand the technology all their co-workers need every day. It is possible, that the “evil administrators” just got carried away by their feeling of power. However, the “power hypothesis” is just one of many possible explanations – the reasons for some admins going bad might be entirely different.
Do you know respectable admins? Take good care of them
This whole blog post was about admins going bad. But remember that those are just the “bad seeds”. Not all admins are bad people. In fact, the number of good, decent and skilled administrators is much higher than the handful of those who abuse their position. They are just not talked about nearly as much as the villains.
But you actually can change that. Celebrate the System Administrator Appreciation Day that is held on the last Friday in July (that means it’s going to be on the 29th July in 2016). Mark that date in your calendar now. And come July, buy your network and system administrators a gift – the official Sysadmin Day website recommends a cake or an ice-cream – or at least thank them for their good job.
Who will guard the guards themselves? You should know
Whatever the moral standards of your IT admins, it can be helpful to adopt some measures. Don’t give a complete control over your important systems solely to one person, “take away the keys” from problematic employees and be sure to deny access to your systems to discharged employees before their firing, not after it.
Leaving all the responsibilities in hands of one person could later bite you. Socrates supposedly asked: “Who will guard the guards themselves?” Your company should have an answer for this question. Divide the responsibilities among more people, set up an IT security team or take other measures to have some sort of control over the “powerful” administrators.
A great solution is to leave most of the worries to the experts in data centers. Your network and data is taken care of by experts with years of experience. A managed server will ensure that your company will never have to deal with a problem employee like Powell or Lloyd.
What about your experiences?
What are your opinions and experiences? Have you ever had to deal with a problematic administrator? Let us know in the comments below.