Developer gets 4 years for activating network “kill switch” to avenge his firing
arstechnica.com
Disgruntled developer was caught after naming the “kill switch” after himself.
  • Maple Engineer@lemmy.worldEnglish
    7·
    2 days ago

    I worked for a skeezy car dealer who promised to pay me every month to support the software I wrote. I set the login program to throw an error message if I hadn’t logged in for 60 days. He eventually agreed to pay me a lump sum to cover what he owed me and for future use of the software and I removed it.

  • ook@discuss.tchncs.deEnglish
    17·
    2 days ago

    Badass and stupid at the same time. How could you even think a script that looks for a specific name wouldn’t connect you to this.

    • pelya@lemmy.worldEnglish
      9·
      2 days ago

      The script that would delete itself after activating would be easy enough to write. Even better would be to install someone’s else virus that would erase the company’s hard drives along with your script, the company would not even try to blame you.

      • arcterus@piefed.blahaj.zoneEnglish
        4·
        2 days ago

        He should’ve done something like that on top of a delay in the script to prevent it from potentially being associated with the deletion of his name in AD (assuming the company backs stuff like that up, which is questionable since one dev was able to do all this lmao).

        The other issue is that the computer responsible for the infinite looping was associated with him. Since he had seemingly unlimited access to everything, should’ve either plopped it on some shared device with a separate user or just configured it to also delete itself once it noticed the AD name being gone.

        Anyway, this entire scenario is both hilarious and makes me never, ever want to use Eaton products.

    • Landless2029@lemmy.worldEnglish
      4·
      2 days ago

      Running on a box with his creds that only he had access too.

      Sure he could script something destructive. Doesn’t mean he was smart. I’d go as far as calling him an idiot.

      Lost his freedom and livelihood over being salty about losing his job. Should’ve just quiet quit, skilled up and got a new job.

  • scytale@piefed.zipEnglish
    6·
    2 days ago

    The fact that he was able to do all that in a company with “thousands of employees globally” shows how poor their security was. How was a developer able to host his own personal server in the network without anyone seeing it, and why did he have access to enterprise production systems to deploy those scripts?

  • plz1@lemmy.worldEnglish
    5·
    2 days ago

    There are easier ways to do this without actively scripting it. Just build something that relies on your account, rather than scripting to check it in order to destroy things. Then you claim ineptitude, rather than malicious intent. It’s the “I forgot to create a service account” excuse.

    • FuyuhikoDate@feddit.orgEnglish
      1·
      2 days ago

      Wanted To say the same. When i left my company, I also left a steaming pile of shit, because “sorry it was all tied to my personal account and never got the time to make it right” excuse :D