back to article Fired Disney staffer accused of hacking menu to add profanity, wingdings, removes allergen info

A disgruntled ex-Disney employee has been arrested and charged with hacking his former employer's systems to alter restaurant menus with potentially deadly consequences.  Michael Scheuer was charged [PDF] and arrested last week for allegedly violating the Computer Fraud and Abuse Act on three occasions by breaking into a …

  1. DJO Silver badge

    Ancient American Proverb

    Wisdom handed down from father to son for countless generations (well 3 or 4 if you want to be pedantic - ancient wisdom has to start somewhere):

    "Don't fuck with The Mouse."

    1. Jedit Silver badge
      Trollface

      "countless generations (well 3 or 4)"

      Scheuer lives in Florida. Once you get up to three or four in Florida, you're already bordering on uncountable.

  2. Kane
    Joke

    Fired Disney staffer accused of hacking

    Calling it "hacking" sounds like a bit of a stretch

    1. JoeCool Silver badge

      Re: Fired Disney staffer accused of hacking

      renaming the font file so that it would be picked up as the correct font, then propogated through the db, and requiring 2 weeks to recover, from a backup. that shows pretty good abuse of internal system design. that's a quality hack.

      1. Falmari Silver badge

        Re: Fired Disney staffer accused of hacking

        @JoeCool "renaming the font file so that it would be picked up as the correct font, then propogated through the db, and requiring 2 weeks to recover, from a backup. that shows pretty good abuse of internal system design. that's a quality hack."

        Maybe, or it could be as simple as using a font editor to open wingdings symbols TrueType font rename and save for each font to be replaced. Then using his work credentials to access a computer Menu Creator was installed on, uninstall the Disney Menu TrueType fonts © from the computer and install the renamed wingdings symbols.

        Not really much of a hack when his work credentials still worked.

        © Probably a 100 years knowing Disney

        1. Richard 12 Silver badge

          Re: Fired Disney staffer accused of hacking

          Two weeks to recover is almost certainly due to internal process delays.

          The actual recovery time will have been half a day. Plus waiting for managers to sign off on the 'new' menu layout, then waiting for the next print run.

          Quite possibly it's simply a fortnightly print run.

          The cost would have been far higher if the attacker hadn't done the Wingdings thing though. It's very unlikely anyone would have noticed the QR code or missing allergen information until a diner complained (or worse).

          1. Anonymous Coward
            Anonymous Coward

            Re: Fired Disney staffer accused of hacking

            Aren't the menus online? I'm sure that paper/card ones would have a longer lifespan than 2 weeks and they could just use the old ones until the fixed ones were printed.

      2. Richard Pennington 1

        Re: Fired Disney staffer accused of hacking

        On the contrary. By changing the fonts, he made sure that the attack would be discovered quickly.

        Changing the QR codes was also done in the style of a script-kiddie website defacement. If his QR code had redirected to a website laced with affiliate links, which then sent the user back to the genuine Mouse site, he could have intruded profitably for a long period.

        Removing - or changing - the allergen information could have done far more damage, again over a long period.

        And he didn't cover his tracks (or Mouse clicks...).

        Amateur!

    2. Mr Dogshit

      Re: Fired Disney staffer accused of hacking

      Some l33t haxor skillz indeed

    3. ChoHag Silver badge
      Mushroom

      Re: Fired Disney staffer accused of hacking

      That's all you need these days.

      Imagine if anyone had anything worth protecting!

      Oh wait...

    4. Anonymous Coward
      Anonymous Coward

      Re: Fired Disney staffer accused of hacking

      They didn't even change the passwords after he got fired and weeks to restore a database?

      Sounds like they fired the wrong people.

  3. Andy Non Silver badge
    Coat

    His attempts to hide his trail

    were a bit goofy, now he's well and truly Daffy Ducked.

    MENU

    Porridge

    Porridge

    Porridge

    1. Korev Silver badge
      Coat

      Re: His attempts to hide his trail

      That's a bit Cruella

      1. Cynical Pie
        Coat

        Re: His attempts to hide his trail

        Gruella surely? Yeah just leaving... won't let the door hit me on the way out etc etc

    2. bombastic bob Silver badge
      Coat

      Re: His attempts to hide his trail

      What, no Toy Story jokes? Was he 'Buzzed' when he did it? Did it give him a 'Woody'? Was 'Sid' involved? Did he 'Etch' his initials someplace on the web site? Was he caught "Slinking" (ok a bit of a 'Stretch')...

      (all those Debian releases from back in the day made me think of this)

    3. Homo.Sapien.Floridanus

      Re: His attempts to hide his trail

      He did it from his iPad Minnie

  4. mobailey

    He should have just let it go.

    1. Korev Silver badge
      Coat

      They should have Frozen his account...

    2. Vincent Ballard
      Stop

      He did.

      That song's really twisted. You hear the title and the upbeat tune and you think it's about growing as a person by not holding onto resentment, but when you look at the full lyrics it's really about growing as a villain by not suppressing your destructive desires.

    3. Jedit Silver badge
      Angel

      "He should have just let it go."

      This all started because they let him go.

  5. TeeCee Gold badge

    Sounds like they really need to fire more people!

    1) ...his work credentials, which still functioned after his termination. That means whoever's in charge of your HR exit process should be looking for a new job about now.

    2) ..a couple of weeks, requiring backup restoration to fix. If it takes two bloody weeks to restore your menu system, then whoever's running your data centre and whoever signed off on the backup / recovery process being fit for purpose should also be gone by now.

    3) ...redirect menu QR codes... No need to do anything about this, QR codes are an exploit looking for a gullible idiot to happen to anyway. Still, knowing that, someone decided to use them and that person should be getting nervous.

    1. Phil O'Sophical Silver badge

      Re: Sounds like they really need to fire more people!

      his work credentials, which still functioned after his termination. That means whoever's in charge of your HR exit process should be looking for a new job about now.

      Exactly. By all means jail this clown for what he did, but Disney's damages/compensation should be limited to a symbolic $0.01

    2. chivo243 Silver badge

      Re: Sounds like they really need to fire more people!

      2) ..a couple of weeks, requiring backup restoration to fix. If it takes two bloody weeks to restore your menu system, then whoever's running your data centre and whoever signed off on the backup / recovery process being fit for purpose should also be gone by now.

      Really, this is the one detail that really caught my eye. Now is this the truth? Or is DizzyNee pumping up the numbers for drama? If it really took two weeks, that's a paddlin!

      1. ecofeco Silver badge

        Re: Sounds like they really need to fire more people!

        Well, they outsourced the system to begin with. That means many meetings with the vendor.

        In my experience, somehow, the most incompetent vendors are always chosen.

        1. Alan Brown Silver badge

          Re: Sounds like they really need to fire more people!

          They're competent at SOMETHING.... Just not necessarily and what they were hired to do

          1. collinsl Silver badge

            Re: Sounds like they really need to fire more people!

            Generally they're competent at meeting the exact wording of the contract (not it's spirit though) for as little money as possible. This also means they're competent at writing contracts which are easy to wriggle out of and which are biased massively in their favour.

            Now, I appreciate somewhere like Disney has the lawyers on staff to be able to spot this and tighten up any contract awarded, but there's only so far you can go before the bidding company pulls out and you're left with no one to pick up your latest tender if that happens too often.

    3. ecofeco Silver badge

      Re: Sounds like they really need to fire more people!

      his work credentials, which still functioned after his termination

      Yep. This is inexcusable failure. They need to fire whoever made policy that created this scenario.

      It may or may not be the fault of the account admin, but I would bet it's upper management policy failure and work culture.

      1. ITMA Silver badge
        Devil

        Re: Sounds like they really need to fire more people!

        "It may or may not be the fault of the account admin"

        Quite. They can only do something about it they've been told an employee is being "let go" and also the priority - i.e. "we're firing him now so need him to be locked out of everything now".

        I wonder how this "misuse of computers" compares to Microsoft's constant and blatant "misuse" every time they force their crap on users despite them having said "No!" - such as the almost forced Windows 11 upgrades happening now.

        Yes I know you can use a GPO to block it. But damn it we bloody well shouldn't have to! When will Microsoft lean "No" means "NO".

  6. Luiz Abdala
    Trollface

    Disney villain act.

    I wanna see some Disney villain doing that on the next Ratatouille or something, changing all the menus to Wingdings and removing the allergen warnings.

    And karma turning on his head, as the villain is violently allergic to peanuts and choking to death on them.

    =======================

    Geez, that could have been qualified as terrorism or attempted murder.

    1. Vincent Ballard

      Re: Disney villain act.

      It probably can't qualify as attempted murder without a specific target victim, but there will be some equivalent to reckless endangerment.

      1. Anonymous Coward
        Anonymous Coward

        Re: Disney villain act.

        Take a look at the "depraved heart murder" statutes. Doing something extremely reckless, knowing it has the potential to seriously harm or kill someone but choosing to do it anyway, can be considered attempted murder.

  7. _Elvi_

    .. Pictures...

    .. Or it didn't happen ....

    Seriously, I'm sure its a bit of a laugh..

    ( I would hope the staff still informed they, with food allergies of the content )

  8. heyrick Silver badge

    the changes knocked the system offline for a couple of weeks, requiring backup restoration to fix

    I think more people belong behind bars. I'm just not sure who being unfamiliar with the system in question, but we have a case where either the techs absolutely didn't think to simply change the font back, so it took two weeks and restoration from backup....or the system is such a steaming turd that it needed restoring to get it back to sanity after changing the font.

    If it's really that simple to bring the thing to its knees... jeez.

    But, yeah, any sympathy I might have had for an effective hack vanished the moment he decided that it was a good idea to nuke the allergen information. Bastard. [note for non-UK readers: in the news right now, 14 year old girl dies on holiday in Italy due to peanut allergy, this shit's serious]

    1. IvyKing Bronze badge

      I would be in favor of making removing the allergen information a capital crime if it resulted in someones death. Also feel the same way about swat'ing leading to a fatality.

      1. Alan Brown Silver badge

        SWATing _not_ leading to a death should be treated as attempted murder

        1. Jamie Jones Silver badge

          This is something that's always got to me. Why does a criminal receive a lesser sentence if his plan doesn't work?

          Potential murderers will have often got shorter sentences due to a particularly skilled doctor. If that doctor had been sick that day, and a less skilled replacement failed to save the life, the perp would get a tougher sentence!

          I know, Hippocratic oath, and all that, but I wonder if after some attack, any doctor thinks "this bastard will be saved from the chair if I manage to save this victim"

          1. collinsl Silver badge

            > Why does a criminal receive a lesser sentence if his plan doesn't work?

            It depends on the jurisdiction, but in a lot of places attempted murder has a big overlap of sentence ranges with murder and/or manslaughter, which should lead a Judge to give a sentence for attempted murder equivalent to some murders if the facts of the case warrant that.

  9. MiguelC Silver badge
    Facepalm

    A VM labelled "Dox"

    Did he have another one labelled "Other crimes here"?

  10. Dan 55 Silver badge
    Black Helicopters

    Have Disney found their scapegoat?

    Disney says man can't sue over wife's death because he agreed to Disney+ terms of service

    Remember, at the moment the removal of allergen info is just an accusation (but it's Disney so it's as good as won).

    1. O'Reg Inalsin

      Re: Have Disney found their scapegoat?

      Yeah, horrible. I wonder if they were on an international visit, because $50K for a death is extremely low claim. Disney knows they will have to leave soon, so even refuse to pay that paltry amount.

      Disney filed court documents in May saying the $50,000 lawsuit should be dismissed and resolved by individual arbitration because of terms Piccolo agreed to when he signed up for a free trial of the streaming service Disney+. The filing also says he accepted the same terms when he used the Walt Disney Parks website to buy tickets.

    2. MisterHappy

      Re: Have Disney found their scapegoat?

      FYI... Disney withdrew that argument & are no longer disputing the right to sue.

      1. Dan 55 Silver badge

        Re: Have Disney found their scapegoat?

        Correct, but now it appears they have found someone to blame.

        If we are to believe Disney, all restaurant menus were printed after this guy allegedly removed allergen info, nobody noticed there was no info, nor was it necessary for anyone to notice there was no info when proofing the menus.

        1. Alan Brown Silver badge

          Re: Have Disney found their scapegoat?

          The only saving grace is that it's hard to read a wingdings-font menu, so in order for printed menus to have shipped someone would have had to switch the fonts back and NOT check anything else

          Then again, minimum wage workers and "right to work" doesn't breed any kind of desire to do more than the absolute minimums

        2. collinsl Silver badge

          Re: Have Disney found their scapegoat?

          The article already says that the menus without allergen info or in wingdings were never distributed to restaurants.

    3. Alan Brown Silver badge

      Re: Have Disney found their scapegoat?

      "Disney says man can't sue over wife's death because he agreed to Disney+ terms of service"

      At this point I'm surprised that there aren't more assassinations of lawyers

  11. Anonymous Coward
    Anonymous Coward

    Throw your life away, for what?

    Where’s the advantage in doing such a shitty thing?

    1. Alan Brown Silver badge

      Re: Throw your life away, for what?

      There isn't, but it's a classic narcisstic rage thing

      Still having enough access after termination to be able to pull this is grounds for firing the HR management (not grunts)

      Taking 2 weeks to effect a recovery is grounds for sacking IT managment (not grunts)

      Interfering with safety-of-life data (the allergen informaytion) takes his behaviour from mere defacement to terrorism (intention to cause the death of random bystanders AND create a panic in the process)

  12. Giles C Silver badge

    Where they trying to get caught?

    If the intention was to take revenge on the company for whatever perceived reason, then changing only the allergen information would have been harder to spot (maybe not for weeks or months) and could have cost Disney billions in compensation payouts.

    But changing the fonts screams look I have done something bad, check some more.

  13. arachnoid2

    I guess the Americans found Whalley after all

    Whalley

    Urban Dictionary

    A term used to describe a vile piece of shit person that has no purpose in life and was most likely a failed abortion. Most "whalley's" grow up to marry washed up, cracked head strippers and have imaginary children

  14. peteC7x

    Yep, he's screwed

    Who in the US hasn't been screwed by a company? Working in the US is just a matter if time before someone either doesn't pay you or uses you like a rag and then fires you when they find some fresh meat I've been f****Ed and been treated unfairly by many employers as an IT guy it's pretty much expected. You need to develop a sense of resiliency and a thick skin knowing that at any moment your job can be cut. Always ready always looking has been my motto. I've been locked out of my admin account first thing Monday and all my shit stolen (scripts, files, etc). But at no time was I ever SO DAMN STUPID to even think about doing something like this or even try it. Let alone to a company that has just as many lawyers as they do employees! This cat is the definition of blind, stupid, arrogant and ignorance IT dude who's mindset is somewhere in the 2000's when you could get away with shit like this!!!

    What a total imbecile believing he was going to get back at them and get off Scott free. Because of his stupidity he deserves everything they give him!! IDIOT!

  15. neilhd

    What kind of Mickey Mouse outfit

    Doesn't revoke credentials immediately as an employee leaves?

    1. Alan Brown Silver badge

      Re: What kind of Mickey Mouse outfit

      The House of Mouse, obviously

      BTW: In some countries "Mickey Mouse" means high quality and isn't a reference to those 1950s wristwatches that would disintegrate as soon as you looked sideways at them

      Jut like in some countries "Pukka" means "good" and in others it means "utterly fucked" - which is a cause for great amusement when inhabitants of the latter countries run into "Pukka Pies"

      1. This post has been deleted by its author

      2. Bebu Silver badge
        Holmes

        Re: What kind of Mickey Mouse outfit

        in some countries "Pukka" means "good" and in others it means "utterly fucked"

        Curious in which countries pukka means "utterly fucked."

        Not really part of AU English and only heard in period dramas or from pretentious poms like Jamie Oliver.

        Apparently the particular sense of pukka used is 'solid' but also meant 'cooked' I believe. So in the sense of ones goose being cooked I can see the "utterly fucked."

        This chap apart from having lost the plot, has decisively incinerated his goose.

  16. Sceptic Tank Silver badge
    Devil

    Profanity on the menu

    At most of these American franchises the profanity only starts when the food arrives.

    1. Anonymous Coward
      Anonymous Coward

      Re: Profanity on the menu

      Or the bill.

  17. flayman

    Don't you just love it when people who are terminated then behave in ways that validate the termination? If he never finds another job, it will be too soon.

  18. Slow Joe Crow
    FAIL

    This is why you have a good offboarding policy

    The first rule of employee offboarding is deactivate all credentials immediately. If Disney fired the guy, and left a credential active the Disney IT screwed the pooch and allowed a hacking attack that could have been prevented. Rewriting menus with wingdings is pretty funny though.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like