back to article Cloud engineer wreaks havoc on bank network after getting fired

An ex-First Republic Bank cloud engineer was sentenced to two years in prison for causing more than $220,000 in damage to his former employer's computer network after allegedly using his company-issued laptop to watch pornography. Miklos Daniel Brody, 38, of San Francisco, pleaded guilty in April to two charges of violating …

  1. Kernel

    Amazing!

    I am astounded that an IT professional, who is presumably reasonably well paid and would claim to have far superior computing knowledge and skills than the average 'Luser", is sufficiently stupid as to view porn on the company laptop.

    Surely he could have afforded to buy himself a cheap personal chrome book or laptop for this purpose and avoided the entire mess he's now in? He's basically destroyed his career in order to save $200~$300, or there abouts. Do they not teach common sense at IT school?

    1. Rikki Tikki

      Re: Amazing!

      Totally agree with the sentiment, but would add that common sense also appears not to be taught in business executive school: if you're going to fire someone with elevated network privileges, you make damn sure you disable their access when you escort them from the building. Especially if they have already demonstrated a degree of ratbaggery.

      Still, as one trainer in my first aid course commented years ago: "common sense isn't actually that common".

      1. MatthewSt Silver badge

        Re: Amazing!

        Never mind when you escorts them from the building, their account wants to be disabled the second you make that decision, before/as you call them into the room

        1. bemusedHorseman
          Facepalm

          Re: Amazing!

          As I've commented on similar stories, the ideal scenario is "hey, why aren't my credentials working anymore" should be how a sysadmin learns they're fired...

          1. gnasher729 Silver badge

            Re: Amazing!

            I came to work once at a time of layoffs and my card didn’t work, couldn’t enter the building. Turned out it was exactly two years after I started and all cards stopped working after exactly two years.

            1. Anonymous Coward
              Anonymous Coward

              Re: Amazing!

              My previous job site did that; all contractors' cards were only good for 2 years, and had to be renewed by an employee. Who habitually was late on the renewals. In the 14 years I worked there, mine stopped working about 5 times - thankfully site security knew what was going on and would issue temporary cards!

      2. yetanotheraoc Silver badge

        Re: Amazing!

        Yes, expect ex-employee to use credentials that haven't been revoked. But revoking those is not enough. He also had the credentials of co-worker "A.A.". I'm sure that's contrary to bank policy, but it's a common way to "just get things done".

        Also expect ex-employee to use a laptop that hasn't been returned. Prepare for that, and have a way to disable the laptop's access to the network.

        If that preparation hasn't been done, it's _The Art of War_ : "The basis of all warfare is deception."

        Don't tell the employee to come to work for an important meeting. Tell the employee they are on probation and need to work in the office until further notice. (If they have Covid, tell them they will get a private location as an accomodation.) If they show up without the laptop, ask them how they expect to work without it, and tell them to go get it. *Then* call them to the important meeting.

        1. Jibberboy2000

          Re: Amazing!

          Yes the guy was a complete muppet and I have no problem with the sentence, however the bank should have been massively fine for running such poor set of policies and procedures and the CTO and Head of Infosec should be fired. My message to readers is don’t bank with such a garden shed operation, they don’t deserve your business!!

        2. Anonymous Coward
          Anonymous Coward

          Re: Amazing!

          I don't think lying is the way to handle any situation. Turn off their access, have the network refuse to communicate with his laptop, THEN phone him and tell him he needs to come in.

          1. CrazyOldCatMan Silver badge

            Re: Amazing!

            have the network refuse to communicate with his laptop

            Our MDM allows me to remote-wipe/activation-lock a Mac (which will happen as soon as it connects to an internet-facing network). And, if a device gets reported as stolen, that's the first thing I do..

      3. anothercynic Silver badge

        Re: Amazing!

        This. But then again, this is First Republic Bank... One of those weird banks that went pop in the space of a week or two earlier this year (or was it 2022?) and had to be gobbled up by JPMorgan to stay 'afloat'. I bet the JPMorgan folks weren't impressed...

      4. Bebu
        Windows

        common sense isn't actually that common

        Rarer than Dark Matter and infinitely harder to detect.

    2. Michael Hoffmann Silver badge
      Devil

      Re: Amazing!

      No no, you have that all wrong!

      It says: "allegedly plugging multiple flash drives into the laptop, and downloading files, some of which contained pornography. "

      Downloading FROM the laptop to his USB stick! They came with porn pre-loaded, prolly for those boring meetings!

      1. David 132 Silver badge
        Happy

        Re: Amazing!

        They came with porn pre-loaded

        Damn, I knew I was missing out by not springing for the full Microsoft 365 Enterprise Pro Classic Ultimate level subscription!

      2. Natalie Gritpants Jr

        Re: Amazing!

        Upload, download. Every fule kno that usb sticks are side loaded.

    3. ChoHag Silver badge

      Re: Amazing!

      IT Professional?

      He's a "cloud engineer" with "~2 years of service".

      So, neither.

    4. JohnG

      Re: Amazing!

      "sufficiently stupid as to view porn on the company laptop."

      As someone who has been responsible for Internet connectivity and firewalls in a corporate setting, I am amazed at the people who use corporate infrastructure to download and view porn. The culprits have all been people with technical jobs, involved in systems and software development/maintenance. It turned out that one had lost his previous job for the same thing.

      1. Anonymous Coward
        Anonymous Coward

        Re: Amazing!

        I would never get caught doing something like this...

        I have a phone with the free cloudflare VPN client on it!

      2. Jellied Eel Silver badge

        Re: Amazing!

        As someone who has been responsible for Internet connectivity and firewalls in a corporate setting, I am amazed at the people who use corporate infrastructure to download and view porn.

        People are weird. At a previous employer, an employee was sitting in an open plan office watching pron.. but CP. So we promptly cranked up the logging of his activity and called the police. They arrived equally promptly, arrested the creep as his PC was locked out, and said creep is still in jail. Manglement at that company was good because there'd been a quick discussion about handling this discretely, but big boss said 'Nope, we'll make an example of him'.

        1. Anonymous Coward
          Anonymous Coward

          Re: Amazing!

          Good!

          Employee violates company policy? Handling discreetly is fine. Employee violates the law, especially something related to harming others? Very publicly throw the book at them. At the very least, it clearly indicates the company had nothing to do with the employee's actions.

      3. CrazyOldCatMan Silver badge

        Re: Amazing!

        It turned out that one had lost his previous job for the same thing

        Many years ago we were asked (quietly) by the Police to check the activities of one of our staff who they suspected of dealing in child porn. We did so, and he was. From his official desktop, in the office (he used to "work late" a lot).

        One day the police turned up and arrested him and took with them every computer that he had used (3 of them, from memory). We were quite happy for the Police to destroy them once they were not needed for evidence purposes.

        He went to jail for a fairly long time - he was not only distributing it but organising the making of it. I suspect his time in jail would *not* have been pleasant.

        1. werdsmith Silver badge

          Re: Amazing!

          One of ours working late sent his illegal images to the colour printer. It was decades ago, the printer was a postscript one that took ages to process the image data before printing. The guy assumed the printer wasn’t working so shut down and went off home.

          The prints were sitting on the output tray for the early starters next morning.

          I helped find the logs that linked the url to his pc.

          Police were waiting for him to arrive that same morning.

    5. Mike Friedman

      Re: Amazing!

      You would? When I worked for a large American university, I unfortunately walked in on my BOSS watching porn in his OFFICE. More than once!

    6. This post has been deleted by its author

    7. ecofeco Silver badge

      Re: Amazing!

      I've worked with a LOT of IT "professionals" who were nothing of the sort in any way.

    8. david1024

      Re: Amazing!

      There was never a movie; he was [failing to] deploying malware. And when he got canned, went for it. I think maybe he watched too many movies and thought it was part of his compensation pkg to be able to hack the bank for fun and profit.

      He mentioned financial difficulties... Wonder if there was a dancer involved?

    9. Albatross

      Re: Amazing!

      Not long ago I was in a big meeting of network personnel discussing firewall configurations. A friend of mine, who has always been rather cheeky, asked a question about the firewall backplane, and the fellow running the meeting began to type the word "backplane" into his browser. But when he typed "b-a-c-k-p" the URL changed momentarily to something that read "backpages com escorts redhead ... "

      Eyebrows raised, I exchanged a surprised look with my friend who had asked the question. Five minutes later, quite reliably, he simply asked the question again... and the same thing happened.

      So this lonely senior network engineer of 30 years' experience didn't have the sense not to search for companionship using a different computer, or even an incognito window...

    10. Grinning Bandicoot

      Re: Amazing!

      If common sense were so common, why then is it so highly esteemed!

      Attributed to A. Lincoln

  2. GNU SedGawk

    This man needs some help

    This is an extreme reaction to say the least.

    Obviously it's a security oversight, but this as reported is complete madness.

    By nature of the role, I have elevated access across customers, and various accounts. It's such a violation of trust and professional ethics.

    I can't imagine the chain of events which led to such self-immolation.

    1. Anonymous Coward
      Anonymous Coward

      Re: This man needs some help

      Alas, I can imagine it, largely because I have witnessed it - repeatedly. In, of all places, the US DoD, where one's flatulence receives chemical analysis in realtime.

      Lessee, a LTC downloading child p0rn on government computers, on a government network. A PFC copying classified information to an unclassified computer and uploading it to a non-government server for, ahem, sharing. A USO worker using a guest's stolen debit card to go on a shopping spree, shipping the results to his home.

      And loads and loads more. One of those cases, I was personally and professionally involved in.

      Some people are just dumber than a bag of rocks.

  3. DS999 Silver badge
    Facepalm

    Some people are so stupid

    Why would he use a work laptop for that sort of thing? Obviously he could afford a personal laptop/PC, and he could peruse all the porn he could ever want without any issues had he been willing to part with the $400 or so a laptop would have cost!

    1. Wzrd1 Silver badge

      Re: Some people are so stupid

      Hell, I got a cheap-o-matic netbook that cost a whopping $89, an after Christmas special from old stock from the previous year. It's the only Windows boxen I maintain at home, the rest running Linux.

  4. Mayday
    Stop

    Credentials after leaving

    I don't even know how many time's I've left a place and still had my access available to me. Even remote access, to customer networks with admin level access. I've even contacted previous employers and asked them to revoke my access to avoid the possibility of any unpleasantness.

    I suppose there's a few differences here:

    I'm not a dickwit (open to debate)

    I don't want to get caught and go to prison.

    Thing is ANYONE who has ever accessed anything at greater than a user level would know that there's at least a log of a successful login happening. Do stuff like this you get what you deserve.

    1. JimC

      Re: Credentials after leaving

      I happened today to come across the email I wrote after leaving my employer of many years listing all the accounts and passwords I had that should be deleted/changed. I have no idea whether they did though, never tried knocking on the door.

      1. nintendoeats

        Re: Credentials after leaving

        Oh god. I'd be so curious. Like, I know it's wrong. But you could check right now you know? WHY NOT GIVE IT A TRY!?

        1. Wzrd1 Silver badge

          Re: Credentials after leaving

          Oh, I've been curious, just no curious enough to even consider trying.

          But, curious enough to ask a friend to make sure the accounts were disabled and marked for eventual deletion.

        2. David 132 Silver badge
          Happy

          Re: Credentials after leaving

          > WHY NOT GIVE IT A TRY!?

          Take off that red costume with the horns, and stop sitting on his shoulder. It doesn’t suit you and you look ridiculous.

          1. nintendoeats

            Re: Credentials after leaving

            But it's fun :p

    2. Wzrd1 Silver badge

      Re: Credentials after leaving

      Heh, in one position, I was moving on and the last thing I did was disable my own user, then admin account, then logged off for the final time.

      Obviously, under amicable terms and I had the manager witnessing my actions, just for CYA all around.

      1. gnasher729 Silver badge

        Re: Credentials after leaving

        At one place, there was some never used account that got totally forgotten and my phone was registered for 2FA. So I got a call from the company half a year later when someone tried to do a password reset, and I read the 2FA code to them.

      2. GNU SedGawk
        Pint

        Re: Credentials after leaving

        Very wise.

        When leaving, I make sure my credentials are *verified* as disabled. An old boss taught me that. Pint to you, Gus.

        1. Anonymous Coward
          Anonymous Coward

          Re: Credentials after leaving

          I returned to a company and found I was no longer authorised to view circuit diagrams I designed an software I wrote, so kudos there.

          Anon for obvious reasons...

    3. Anonymous Coward
      Anonymous Coward

      Re: Credentials after leaving

      At my first full time IT job, I repurposed an old Sun SparcStation 1 to run as an FTP server on pre-Solaris SunOS. This was for customers to upload technical data that we processed into CD-ROM based products, and got around a budget issue that meant a more appropriate machine couldn't be bought for the job.

      Cut to many, many years later, long after I'd left that company, and I get a phone call from a former colleague. They were wondering what the SparcStation was being used for, as no one had a username and password for it and they were reluctant to switch it off. They'd long since moved to being Windows based as well.

      So that machine had sat running 24/7 with no security updates, and having been set up in the very early days of corporate Internet use it was inside the company network rather than a DMZ. I could no longer remember the login credentials, so I'm not sure what happened after that.

    4. Sudosu Bronze badge

      Re: Credentials after leaving

      Being the paranoid type, I imagine them, or the police, having some pointed questions for you if any of those accounts happen to be hacked or commandeered by another unscrupulous administrator long after you have left.

    5. DS999 Silver badge

      Re: Credentials after leaving

      I've worked exclusively as a consultant since 2000 - not sure if that makes me someone they'd want to lock out as quickly as possible, or someone they'd worry about less than an employee, since I'm just completing a contract so there is no "firing". But in one case they locked me out BEFORE my contract was over, so I basically sat around surfing the web my last two weeks because accounts couldn't be undeleted and it took over a week to get the account through their change control process once I started so they decided it wasn't worth going through the process again (probably they were afraid to ask for a "emergency change" because it would be admitting someone screwed up!) I could only answer questions in person or do conference calls, and only those who had my cell number or my "personal work" email were able to reach me - I'm sure there were some who were confused how my email were bouncing when they thought I had two weeks left!

      Then there was the time I finished a contract as normal, then got a call back like six months later where they asked for some emergency help. Normally I would not do that because it is too much of a pain going through all the steps to get access if they basically have only two days work for me, but they were desperate and offered such a massive sum I couldn't say no. I told them I'd be ready to go once they had my access set up, only to be told "oh we never suspended your account, we'll overnight you the smart card and you can start tomorrow" but fortunately I still had their smart card floating around my laptop bag so I was able to verify I could login before getting off the phone! I saved that smart card for another couple years before tossing it, figuring that maybe they'd come up with another emergency need for my help, but no such luck.

  5. Pascal Monett Silver badge
    FAIL

    "Brody worked as a cloud engineer for First Republic Bank"

    And he'll have the rest of his life to reminisce fondly about that while flipping burgers.

    No pity. You get fired, you go. You don't touch your former employers' network or anything else. You want revenge ? Tell everyone you know that you unfairly dismissed - whether it is true or not.

    Now, the only thing everyone knows is that he watches porn on the job and abuses his knowledge to wreak havoc when being caught.

    He'll never work in a bank again, that's for sure, and there's a good change he'll never be in an IT position ever again.

    And he doesn't deserve to be. Not for a long time.

    1. Doctor Syntax Silver badge

      Re: "Brody worked as a cloud engineer for First Republic Bank"

      "Now, the only thing everyone knows is that he watches porn on the job and abuses his knowledge to wreak havoc when being caught."

      Also FRB customers know their bank fires somebody who does that and doesn't get round to revoking their access for a few hours.

    2. CrazyOldCatMan Silver badge

      Re: "Brody worked as a cloud engineer for First Republic Bank"

      He'll never work in a bank again, that's for sure, and there's a good change he'll never be in an IT position ever again

      Many, many years ago, in the days when RAM/HD prices were in the extortionate range, we noticed that were were missing some RAM clips and several hard drives. The management were pretty sure that they knew what was happening (unusually for that place) and so bought replacements and marked them (and the rest of the stock) with Smartwater.

      Sure enough, a few more things go missing and the police are directed to search the suspected contractors houses. Oh look - there's some RAM clips and hard drives with smartwater on them - matching the stuff that we'd used.

      Said contractors get taken to court and end up with a criminal record (though no time in jail for a first offense). The sad thing was that neither of then would be likely to get a contract again - and they were both very well paid contractors. The ringleader was utterly unrepentant (he was doing other fiddles like claiming VAT using a made up number and living in a council house because his visible earnings made it look like he was on the poverty line) but the other guy is the one I feel sorry for.

      The money they must have made would have been barely a weeks wages for them.

      1. This post has been deleted by its author

  6. Bebu
    Windows

    Cloud engineer?

    This dismal history provoked the gray cells to ask wtf is a cloud engineer? Previously I assumed they were some sort of Cisco-y networking type but Prof Duck von Duck tells me can be just about anything from systems analyst roles through to software engineering and even system administration roles.

    So something for every sort of imbecile it appears. Cloud think Aristophanes' Birds and pretty much on the money.

    I was wondering why a network engineer was stomping, boots and all, over github repos and stealing code he had written. In my experience most NEs have trouble composing a simple sentence without any need to contemplate their programming skills.

    Strikes me if someone who was responsible for these irrational misdeeds had formally trained as an engineer (of any sort) or as an IT professional he wouldn't end up in a penitentiary but being clearly sectionable would be sent directly to the nearest loony bin.

  7. Arthur Daily

    Not an Engineer

    So was he really an engineer - you know member of a professional society BCS, ACS or similar. Most professionals also have professional indemnity insurance.

    The bank's security department was asleep, at least contributory negligence. Also least the guy was stupid - he should have darkweb knowledge and planned a 6 month campaign. Now we know the bank is slack and sharing occurs, it may rise up the list of future targets. Slip a deadly embrace into the dev code, or enhance SQL injection. So tell us, who got the sack in HR because passwords were not revoked stat?

    1. Mike 137 Silver badge

      Re: Not an Engineer

      "Most professionals also have professional indemnity insurance"

      Proboably not relevant, depending of course on local legislation. Here in Blighty an employee doesn't need PII other than in exceptional circumstances (by contract terms), and in any case PII won't cover intentional misconduct.

      Oh and by the way, mere membership of a professional society doesn't automatically imply one is an engineer. Here, one valid criterion is chartered status (CEng).

      1. My other car WAS an IAV Stryker

        Re: Not an Engineer

        It's (mostly) a matter of state licensing. Many can call themselves engineers* based on the job/role, but you can't use the suffix "professional engineer" (PE) without having a valid state license, and many projects -- notably civil engineering, construction, and the like -- require a PE to sign the drawings, change orders, et cetera.

        * I do, to be blunt. I once took the Engineer in Training (EIT) entrance exam in my birth state -- where I also got my highest degree -- which enabled me for official apprenticeship, but only got a career position many months later, in a different state, in a job that doesn't require PE for most of the staff. I could have "imported" my EIT for a fee (state reciprocity) and requested PE mentoring, but I'm not sure they even had an electrical PE to oversee my continuing education or sponsor me for the full detailed PE exam. Regarding organizations, I was a student member of IEEE but let it lapse shortly after starting that job. In my current position, I know the customer requires a PE to sign drawings, but we're only a subcontractor; the prime contractor has a PE who rubber-stamps them.

        1. Anonymous Coward
          Anonymous Coward

          Re: Not an Engineer

          Exactly right. I consider myself an engineer - I have an BSc in an engineering field and my job title has "engineer" in it. (Not "sanitation engineer" or another euphemism, but an actual technical role.) The extreme vast majority of people called engineers here are not "Professional Engineers". As a friend puts it - "I'm an engineering professional but not a Professional Engineer."

  8. clintos

    Sack the admin team...

    ...for not disabling the account quicker. They got what was coming. Idiots!

  9. Hopping Bunny
    Trollface

    Two hours to deactivate a user???

    Brody allegedly went home and that evening wreaked havoc on First Republic Bank's network in retaliation for getting canned, according to court documents. after more than two hours before his credentials were revoked.

    I see that someone responsible for network access has been drinking the wrong koolaid :-\

  10. tiggity Silver badge

    Bank and fine

    IT bloke was stupid and malicious in actions taken.

    However bank should have disabled the credentials and disabled access from that laptop before the actual firing (there's enough stories around of people acting unhinged after firing & wreaking havoc via their unrevoked credentials creds to make any employer know that lockdown of access is vital)

    .. So the guy getting fined and bank essentially getting refunded for sub standard infosec policies seems a dodgy decision.... would have expected bank to be facing charges for such shoddy practices (especially given banks (in addition to peoples cash) have lots of valuable genuine PII (you need to give your genuine DOB, address etc* to your bank, they probably have stuff like your passport or driving licence number from ID checks too))

    * Very few places have my genuine PII, only those that need genuine data such as bank, doctor etc - some random website can ask for my DOB etc. when I sign up but it won't get my real one as DOB a key ID fraud piece of data (even try to avoid online orders / deliveries as much as possible don't like to leak address data for deliveries, try to do as much "bricks & mortar shopping" as I can)

    1. Gareth Holt

      Re: Bank and fine

      Confusion between PII as Personally Identifiable Information vs Professional Indemnity Insurance ?

  11. wimton@yahoo.com

    The company laptop was not well secured either. I worked for a big financial organisation. The firewall rules would not permit access to porn (and lots of other things), the whole PC was full of corporate spyware, and USB ports were disabled. Often difficult to get work done, but the organisation never has been in the news for IT mishaps.

  12. Anonymous Coward
    Anonymous Coward

    Appropriate sentence?

    Two years in prison for inconveniencing an IT department and lying about the theft of a laptop. I'm not sure that's appropriate. I don't know the criminal history of this person. I also understand that the US has a love affair with locking up its population - it is a very cheap source of labour after all. The academic research about deterrence seems to fall on deaf ears.

    I looked up the median sentencing for California and cherrypicked some figures to prop up my argument (https://www.ussc.gov/research/data-reports/geography/2021-federal-sentencing-statistics)

    Burglary/Trespass 14 months

    Commercialized Vice 11 months

    Extortion/Racketeering 15 months

    Fraud/Theft/Embezzlement 12 months

    Obscenity/Other Sex Offences 18 months

    Stalking/Harassing 18 months

    Personally I would prefer to see this person have to do months and years of volunteer work and force him to work on his massive sense of entitlement. Then in two year's time he might be a better neighbour than he will be after two years inside.

    Also, I agree with other comments that the bank shares some blame for allowing this. I work for a small non-financial company and if you plug a memory stick into a company laptop it will display a message saying it was blocked.

  13. Mike Friedman

    The guys superiors should get dressed down for this too. Revoke credentials BEFORE you fire someone. DUH.

  14. Anonymous Coward
    Anonymous Coward

    Restitution greater than damages?

    $529,266.37 in restitution for $220,000 in damages? Why is the restitution more than twice as much as the damage caused?

    Don't get me wrong. He totally owes the bank for whatever it costs to fix what he maliciously broke. And "I didn't know what was on the USB jumpdrive that I plugged into my company laptop" is grounds for discipline, not a valid excuse.

  15. naive

    Typical American drama again ?.

    1. Guy works for bank IT department

    2. Guy gets laptop to do his job

    3. Guy uses laptop at home

    4. Guy manages to get some NSFW content on his laptop

    5. Employers spyware detects NSFW content

    6. Guy gets into the sights of sideline characters who have to prove the reason for their existence by setting an example

    7. Guy gets fired and rages

    In normally managed places they would at step 6 tell to the Guy not to do step 4 again.. <period>

    Best is not to use any employer provided hardware in private settings, employers services are best to be accessed through dedicated VM's.

    Employer provided hardware can, and often is, stuffed with spyware. Privacy legislation doesn't matter, since most private companies resemble a little North Korea where often Kim Jung Un types rule.

    1. Anonymous Coward
      Anonymous Coward

      Re: Typical American drama again ?.

      Dunno about your employer, but for me using employer-provided hardware for work is a condition of employment. Employer's services cannot be accessed through a VM, unless the VM is running on my own hardware - which doesn't have the spyware on it. And that's generally limited to Office stuff and the employee portal.

      Certainly, for anything you wouldn't want your employer looking over your shoulder for, use your own hardware on your own internet connection.

  16. garwhale

    A year after I was made redundant, I got a call from an employee to ask for the server/admin password - of course I said I had no idea (even though I might have had it somewhere). Made me wonder if someone had hacked in, and they were doing a fishing expedition.

    1. PRR Silver badge
      Devil

      > after I was made redundant, I got a call from an employee to ask for the server/admin password...

      A still-employed employee? Or a newly-redundant employee wishing to access the data of the bastards who threw him/her out?

  17. I miss PL/1

    This is a bank?

    I have never heard of such lax and wanton security measures. If he had a good lawyer he could have argued the bank was negligent in doing their due diligence. Probably would have gotten the restitution reduced or disallowed.

    His account should have been locked before he left the building and his laptop bricked before he got home.

    Meanwhile if I was a client of the bank I would be finding a new one pronto.

  18. PB90210 Silver badge

    << 529,266.37

    Don't forget that final 37c!!

  19. IAmTheWolf

    If he only did 200k damage he is not much of a professional. If he was worth his salt he would have had the entire system down for at least a week.

  20. Marty McFly Silver badge
    FAIL

    Not a new problem

    ~20 years ago a buddy of mine in IT was tasked to upgrade a bank Vice-President's laptop because it was out of disk space. As the files were migrating he noticed they were many files named very similar... Susie001.jpg, Susie002.jpg - you see where this is going.

    He notified his manager and moved on to the next project. An hour later he got called to HR, which caused my buddy to briefly panic. It was explained to him that they did not want to involve anyone else, and since he was already aware of the HR issue he got the job.

    The job?? He got to sit down with an older matronly HR lady to whom he had provided a printed list of the files. She would pick one, highlight it, and say "Show me this one". It was extremely awkward!

    Further investigation uncovered the VP had copied their precious files to a company network share for backup during the upgrade. HR was willing to wiggle and allow for blaming a 3rd party ("My teenager was on the laptop"), but dumping the files to the network share blocked that excuse.

    The VP was fired.

  21. Albatross

    A long time ago (over 20 years) I was working as a consultant and was called into a bank. They told me that they wanted me to sit in on a disciplinary meeting - they had uncovered evidence that their chief network engineer of 10 years was looking through personnel records. They wanted me to "back up" their evidence if their network engineer denied it.

    I took a minute to think and told them that this wouldn't work. I told them that they had lost trust in their chief network engineer and that they had no choice but to replace him. Disciplining him and then putting him back on the network was just asking for trouble, I told them.

    To their credit, they listened to me, and so instead of sitting in on a disciplinary meeting I assisted them in prepping to change all his passwords while he was in a dismissal meeting (to avoid just such a problem as we see in this article.)

    That's when the fun began. It turned out that he had set up a hot backup of all the primary systems. Over T1 lines. To his apartment. He had half a dozen primary backup servers in his apartment.

    So that involved a lot of effort and negotiation but he cooperated and we pulled all those systems back and finally wrapped things up with him, or so I thought.

    About six months later the bank calls me again - they think they have a hacker. The systems are suffering all these weird errors, especially mid-day. I'd seen behavior like this before and figured it was a problem in network communications. Finally I figured out the problem...

    When we had dismissed the network engineer we had changed his passwords and done all that stuff. But what we HADN'T done was contacted the ISP and taken the engineer's name off the list of people authorized to make changes. And so six months after he was let go the network engineer had called up, voice, and asked the ISP engineers with whom he was familiar to have the bank's network bandwidth reduced to 56k. He didn't terminate it, that would have been noticed immediately. Instead, he reduced it to the minimum connection available while remaining in service.

    The bank didn't take any action against him, but I added that note to my list of things to change when terminating trusted personnel.

  22. RAMChYLD

    There is one thing here that infuriates me tho.

    The cow-orker that "gave" him the USB drive and told him it contained the pirated movie is still prancing around the bank.

    I don't doubt that this engineer did the wrong thing by inserting that USB stick into a laptop issued by work, and then trying to retaliate for getting fired (he should've taken it out on the one cow-orker, and not the whole bank), but said orker surely should be fired as well? This smells like a setup.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like