Sysadmin 'fesses up to wrecking his former employer's IT systems A former sysadmin with HP-spinoff Agilent has pleaded guilty to intentionally damaging the company's systems after he was laid off. Kenneth Kezeor, 47, worked for Varian from 1997 until 2010, when it was bought by Agilent. Two years later, he was laid off as part of a general staff reduction. He did not take the news well, …
He'd have been better off killing the boss with his car - easy jail time
He'd be better off joining the police and confiscate some assets in the executive car park.
6 months at most, but that's only because that rape was in accordance with their Christian values.
If a man was the victim of the rape, I will guarantee you that the judge would be possessed by the Lord himself and smite the perpetrator in His holy name (death penalty for him and at least every family member one removed)!
The government here takes breaking to a computer system very seriously. The only ones who don't g to jail are the TLA's and certain friendly FLA's. Oh.. and Norks. Can't forget them.
The cynic in me wants to add "and certain OS makers who force crap upgrades".. but that would be a digression.
The normal routine when getting rid of employees with admin rights was pretty much kill their access to everything once they have the news and put them on gardening leave?
It's what happened to all of my logins from the last couple of jobs that I left of my own accord and without incident or hard feelings on both sides.?
The fact of the matter is, not once have I ever thought to try log back into my ex-employer's network even just out of curiosity, because quite frankly, I'm not an idiot.
I like what I do, I like the people I work with - except for management outside the ICT department, half of them are w*nkers trying to build their own little kingdoms rather than work with us to sort problems out and keep everything going smoothly - and with ICT being such a small industry in Western Australia, therefore word gets around quickly, I would rather continue working in ICT thank you very much.
Plus I don't doubt that I would not do well in prison.
So in my book, this guy's an idiot for even trying. I expect his idea of being a "Penetration Tester" will take on a whole new meaning in prison.
"The normal routine when getting rid of employees with admin rights was pretty much kill their access to everything once they have the news and put them on gardening leave?"
I thought it was to lock their accounts when they went into the meeting to get the news.
There shouldn't be any point where they can use their standard accounts to fuck with you.
You should also be making an offer sufficient that the various shadow IT/colleague/backup accounts they know won't be used to fuck you, and that when you call them in six months to find something critical they'll answer the phone.
> and that when you call them in six months to find something critical they'll answer the phone
This. My recent ex-manager has some production problems but the only currency he's got to trade is goodwill. And unfortunately he pissed all of that away in the 12mths or so prior to my departure.
"Oh, hi. Sorry, not my problem any more. Suggest you get your new supplier to look at it".
Indeed that -should- be the policy of any half arsed HR dept, but when I was recently made redundant, I had to ask if I was on garden leave, I was told "no you are not but you are not working on any projects", then when I asked for a clarification I was told "yes you are on garden leave" but all of my accesses, laptop and everything still functioned fine, and then into 2 weeks of the garden leave they tried to rehire me for a higher position but working for the same wanker, with the same salary, but more responsibilities and more work and I had a very entertaining "interview".
There are a lot of incompetent HR depts.
<quote>You should also be making an offer sufficient that the various shadow IT/colleague/backup accounts they know won't be used to fuck you, and that when you call them in six months to find something critical they'll answer the phone.</quote>
I am of two minds on that quote, so let's dissect them.
1) This section (in italics) I am in full agreement with. Have the departing employee advise/provide the information needed to effect transfer of responsibilities.
2) This section (in bold), I do not agree with IF I am the 'released' employee. Once YOU (the employer) decide that you do not want/need/desire to continue to employ me, I NO LONGER HAVE ANY LOYALTY TO YOU!!!! You are on your own. This is MY PROTECTION from manglement attempting to foist blame on me for things that occur after I have left. If YOUR INCOMPETENCE has gotten things fucked up, then YOU deal with it.
Good Bye MEANS GOOD-BYE!!!!
Presumably #1 he saw it coming, and #2 after well over a decade there, I'm sure he learned plenty of service account passwords and colleagues' account logins, to say nothing of knowing where the unpatched vulnerabilities, weak spots, and security checks were. The greatest hacker in the world generally doesn't hold a candle to the individual that starts with familiarity and access and then gets (inadequately) locked out.
Yeah, pretty much. The only time that's not happened to me was when I handed in my own notice (due to a better job offer elsewhere). But for anyone I've worked with who's been let go, their access is immediately curtailed and they are removed from the premises. It's for their own good as much as that of the company's.
Happened to one of my managers a few years back shortly after a takeover (I was tasked with revoking his access whilst he went to the interview of no return). He took it fine afterwards and simply told me "It's a business decision, you can't take these things personally. You just have to accept them and move on".
One month later he had a much better job at another company anyway.
Unless you're dealing with a place that's never had to fire a sysadmin before.
I've had to write "exit procedures" for such situations, if only to protect myself when it was time to go - I like to make sure that, even if no-one else thinks about it, that I've been removed from EVERY system before I depart the building the final time.
I also build systems to what I call the "V'ger Rule" - if you've seen "Star Trek: The Motion Picture", you'll understand. Put simply, the "V'Ger Rule" states:
"A System must continue to operate in a correct and safe manner in the absence of its Creator".
Remove my accounts. and it carries on running as though I was never there.
Or, to put it another way:
It's the American system of justice. Either you plead guilty and get a long sentence, or you plead not guilty and get an enormous sentence and probably never leave prison.
Very efficient, and avoids having to fiddle about with trivial little details like whether you actually committed a crime or not - even if you are totally innocent you can't risk the longer sentence so have to plead guilty.
The federal government and some state governments have standard ways to determine sentencing of those convicted (or who confessed). Other state governments, in particular California, do not have uniform sentencing standards, leading to greater variability and occasional public outrage over sentences considered either too long or too short.
Paul Cassell, a former federal judge, wrote on this in the context of the Stanford case a few days ago in the Volokh Conspiracy blog. He noted that under federal law (on federal/non-state territory) Turner's conviction could have carried a life sentence, and federal sentencing guidelines are for 97 - 121 months imprisonment. He also links to a Washington Post article reporting that the average state sentence for a rape is 11 years
It may be the real lesson in this is that there is not a US system of justice, over 50 of them: 50 states, District of Columbia, Puerto Rico, various territories, federal, and military. There may be more. States are largely sovereign and likely to show a considerable range for any offense.
To properly get things screwed up and receive praise for so doing, Mr Kezeor should've just arranged for CSC, Accenture or even HP Enterprise to take over all support and administration. The slow and unstoppable car crash would've been a joy for him to behold and his promotion would've led to a welcome increase in funds.
It's funny to sse how it is widely accepted that a company lays off 'redundant' staff and possibly destroy their former and loyal employees' life but any retaliation is a capital crime.
I don't justify this guy's actions, however there are attenuating circumstances that should mitigate his sentence.
"It's funny to sse how it is widely accepted that a company lays off 'redundant' staff and possibly destroy their former and loyal employees' life but any retaliation is a capital crime."
<snip>
The Owner of a small company has to make a hard choice, to whit lay off Jack or Sue who are his employees.They are both superb workers, but the company has run into hard times.
He decides that whoever drinks from the cooler first will be laid off the following morning.
That day nobody goes to the cooler.
The next day he decides that whoever comes in late will be laid off but they both arrive at the same time.
Eventually he can't contain his secret anymore and he decides to confide. He walked up to her as she was leaving one night and tells her "I either have to lay you or Jack off."
Turning to face the Manager, Sue smiles and says "Please can you jack off, I need to run for the bus.
Depends on the particular circumstances of course, but in general a company that has a downturn in business may not be able to justify keeping all its staff. Should they destroy the company and all the jobs rather than lay some off? What if business gets better? In that case they hire more staff - same thing. If a firm isn't allowed to make staff leave, should staff also be forbidden to leave a job to get another?
Every time there is a crime related story someone compares the maximum sentence some white collar criminal could face with the typical or even the lowest sentence someone has received for a violent crime. Every damn time.
Compare apples with apples.
Either it's max: 10 years for this vs max 51 years for recklessly killing someone with your car.
Or it's probable: which I'm not qualified to answer but I'd guess a large fine or a short sentence.
The info is all here if you're interested http://www.ussc.gov/guidelines/2015-guidelines-manual
"
Sad when a crime involving financial loss to a company results in a longer prison time, than taking a life or turning somebody in to vegetable,
"
Sad when you only consider the consequences of a crime rather than also taking the criminal's intent and motives into account. Unintended consequences usually attract a smaller sentence than intentional consequences even if the former consequences are worse. Killing someone to steal their wallet is considered worse than killing someone because they raped your 8 year old daughter. Etc.
When I first became a little-admin back at Sun Micro in 1988 I started with this other guy, and we took care of separate groups in different buildings, but all from the same IT support group. We were little SunOS admins, and we liked it! We'll I guess we all didn't like it as my "partner" got some hard time for stealing brand new SPARCstation 1 workstations, I think three of them, from one of the groups he supported and tried to sell them at a local VAR, with disastrous consequences! Those systems have serial numbers, and it just took one phone call to find out who the real owners were. We'll, the way I found out was when I came into work one morning, my "partner" was being escorted out by two FBI agents, or some such more-than-just-a-police-person types. And that was the last I saw of that guy. :)
This post has been deleted by its author
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
