Damn Humans
You really can't trust these meatsacks humans, get the humans out of the loop
Signed
Not An AI
Fired techie admits sabotaging ex-employer, causing $862K in damage
An Ohio IT contractor has pleaded guilty to breaking into his former employer's systems and causing nearly $1 million worth of damage after being fired. Maxwell Schultz, 35, impersonated another contractor to gain access to the company's network after his credentials were revoked. Announcing the news, US attorney Nicholas J. …
-
-
Friday 21st November 2025 02:13 GMT Bebu sa Ware
Re: Damn Humans
You really can't trust these meatsacks humans, get the humans out of the loop
I am certain a prompt guru could subvert corporate AI to wreak havoc months after said guru had departed to greener pastures.
(And implicate remaining staff members. The lawyers are going to mint it once they start arguing over the admissibility and validity of evidence extracted from AI systems.)
-
Friday 21st November 2025 14:13 GMT FIA
Re: Damn Humans
You really can't trust these meatsacks humans, get the humans out of the loop
Be careful of the future you wish for....
-
Friday 21st November 2025 17:37 GMT NoneSuch
Re: Damn Humans
The best revenge on a company that lets you go, is to do nothing.
Given my responsibilities, if they let me go there would be no one doing the small, innocuous maintenance jobs that keep production running (drive space, certs, balancing of resources). With no one doing those things, serious issues occur. When the phone rings and you see it's them, just don't answer.
They can't force you to answer questions if you don't work there.
-
-
Thursday 20th November 2025 19:08 GMT MachDiamond
Drink Driving
The dude should have tied one on and gone for a drive. If caught (in the US), the penalty would have been much less severe.
The "impersonated another contractor" sounds like Max wasn't an employee and I don't see it as a good idea for an outside contractor to be working on sensitive systems without a vetted employee reviewing their work before anything goes active or can be executed on the system. The outsourcing madness that can infect manglement can reveal itself with more than a rash and persistent cough. Part of what I do is sorta outsourcing, but product dev always gets reviewed and tested prior to going into production. I actually don't want companies to make me an account on their systems due to liability and accusations if something goes wrong. When I make media for estate agents, I don't let myself into occupied premises with nobody else around or only a minor present. I was once given free reign at a large industrial site and asked to have an escort that did spot some things I shouldn't make photos of. I'm glad of that as it would have looked bad if I submitted images of something really proprietary and some VP spotted it during reviews and became alarmed. It's wasted time for me since I'll not likely get orders for those images and the people who hired me, who can be separate from those that sign off on the images, would look really bad as well. It might also mean a personal visit so all of the images I made can be looked over for more concerns and most importantly, it's going to delay getting my invoice paid and more legal paperwork. It hasn't been an issue for me, but a colleague ran into that sort of problem and didn't get his final check for 6 months. The smart monkey learns from other monkey's problems.
-
Thursday 20th November 2025 19:25 GMT Claptrap314
Focus, people
I'm not saying that insider threats are a big, fat 0, but I AM saying that the threat, when compared to compromised accounts, is very, very small. Outside actual classified work, insider threats should be on page two of things to worry about. ESPECIALLY since proper implementation of "Zero Trust" is going to limit what damage an insider can actually achieve.
I don't know why this article is working so hard to make it sound like this is a major part of the threat landscape. It is not, outside certain sectors.
-
Thursday 20th November 2025 21:16 GMT doublelayer
Re: Focus, people
Because none of the nine examples they linked to were wrong, and all had some effect. We could compare them to other types of attacks which have had larger effects or happen more frequently, and The Register does cover other types of attacks regularly. But this article was about an insider threat and they are able to demonstrate that they can and do happen, thus you might want to do something about it. That's not over-selling them, it's accurately reporting news.
Another disconnect between your comment and the reality might be in this part:
"proper implementation of 'Zero Trust' is going to limit what damage an insider can actually achieve."
And this might be a reason for a place that hasn't implemented enough controls on internal behavior to do so, because without a proper implementation, any threat, be it an insider or a compromise, can be much worse. The textbook version of such a policy is also limited by reality in a few ways, meaning that even when policies have been created, there are usually a couple gaps in them which would be good things to know about at least.
-
Friday 21st November 2025 10:17 GMT Anonymous Coward
Re: Focus, people
I would say insider threats, while less common, are probably worse.
A contractor usually expects to lose customers eventually, I have a few long standing contracts (10 years+) but most of the time customers tend to grow or just switch to something else if their requirements change after around 2 years.
I do strive to forge long term relationships, it's better for me and the customer...but it's not always possible for various reasons, be they financial, organisational etc...you could be let go for something as simple as the new CTO just not liking you or a new financial controller wanting to make their mark by changing the various service providers to save money / extract more service for the same money etc.
It all depends on the kind of service you provide as well...my longer standing contracts are all pretty niche...they're not just straight up IT support, what I do for them tends to be fairly bespoke and not a standard service offering that you can click a "buy now" button on, stuff that typically doesn't fit in a single box. The shorter contracts tend to be very standard affairs, nothing unusual or niche...I kind of expect those sort of contracts to fizzle out, especially if the customer is a growing business or has unusually high staff turnover at the top.
Everyone has been in that position where a new decision maker enters the scene and wants to make their mark on the business by bringing in fresh suppliers, brokering new deals etc etc...it's just easier to make your mark by swapping things rather than actually improving them...it's especially true when the techie you have to work with has been around longer than you and understands the business better than you...if the new persons role is to manage the IT affairs of the business, and the primary techie is a contractor who has been there for 5 years, the new decision maker is going to have a hard time affecting any changes because they are automatically in a position where they know less than the people around them, some people are threatened by this because they think they will be undermined at every step (very common), some people take great comfort in knowing that the folks around them are tried and tested and will carry them to a certain extent while they settle in etc (not that common)...the only way to fix that is rotate the people around them...and the easiest way to push that through is by cutting costs..."I'd like to get a new consultant in, he'll cost about the same, but a new guy is less of a threat to me, so I'll feel better" is highly unlikely to get a yes from the brass...however "I've been looking at ways to save money, and I think if we bring in these new guys, we'll save X a year" is much more likely to catch some attention. Plus, if you're new to a position, if you rotate out the long standing guys, you get all those lovely meetings with potential suppliers that make you look busier than you actually are which buys you time while you figure out exactly what it is you're supposed to be doing.
-
-
-
Friday 21st November 2025 10:00 GMT Anonymous Coward
What exactly...
...did this rogue contractor stand to gain from this?
If he was pissed off at being let go due to cost / being replaced by a worse techie then the best course of action is a heads up before you leave that you think the new guys are going to fuck up, how you think they will fuck up and let them know you're ready to step back in if they need the ship righted after such a fuck up.
I've been cast adrift from contracts for reasons like this, most of them come back when the honeymoon period with the "new guys" wears off and the realisation that they've dropped a clanger sets in.
I'm never bitter about being let go, quite a few customers tend to come back after 6 months to a year.
Good IT consultancy is like crack. Once you've given someone a taste of the good shit, they usually come back because the crack elsewhere isn't as good.
Particularly when the customer goes from a semi-informal arrangement to an MSP. When they've had years of getting used to just picking up the phone and getting assistance same day, moving to an MSP can be very grating.
The old way:
Customer: Hey, we've got a problem with X, any chance you could take a look at it?
Contractor: Sure, give me an hour and I'll be right on it. I just need to move things around a bit to fit you.
Customer: Excellent, speak to you then.
The MSP way:
Customer: Hey. we've go a problem with X, any chance you could take a look at it?
MSP: Of course sir, looking at your SLA agreement, you are on the 2 working day package. I have raised a ticket against your account, a technician will be in touch within 48 hours to gather more information.
Customer: But it's urgent, we currently can't work and our customers are going to get angry.
MSP: I understand sir, would you like me to raise this as an emergency ticket? We can respond within 24 hours then. I must remind you that an emergency ticket has a one off £199 fee and is charged at your usual rate plus £89 an hour.
MSPs always look cheap on paper, but the minute you have an actual serious problem to resolve, that saving you made goes out of the window and you never get the same rapid response.
The only way you get good service from an MSP is you find that one good techie they have, get on first name terms with them and come to an arrangement. Which usually works the same as with your previous contractor, but costs more and puts you in a precarious position with your MSP contract if you get found out.
The difference is with an MSP, you're paying for support but not availability, with a contractor you're paying for availability. He charges you the monthly retainer so that he doesn't have to over commit and can be available when you need him. An MSP will always over commit, regardless of what you pay them...with a contractor you're usually paying for one really good guy (sometimes two if they work alongside another contractor, quite common to ensure failover in the event of unforeseen problems) that has maybe 10 customers. With an MSP you're paying to access a large team of juniors with the handful of really good guys buried away behind layers of escalation, bullshit and process and walled off behind additional fees...you're more likely to hear from the sales team before you speak to a senior engineer.
My advice to contractors that feel a bit sour about being let go is don't let it get to you...an MSP or large provider will never provide the service levels you can provide, just be friendly on your exit, tell your customer you're there for them if you need them, hand everything over in a timely and professional manner and sit tight...you may have to undo a lot shit in 6 months time, but that's ok...when the customer wants you back, they will pay more because when they come back, they will not only be craving the service you provided, they will also have a new understanding of your value.
-
Friday 21st November 2025 11:13 GMT Doctor Syntax
Re: What exactly...
"My advice to contractors that feel a bit sour about being let go is don't let it get to you"
I'd go a bit further than that. Remember that what the client is paying for includes flexibility. Your USP over a permie is that you let the client manager smooth over the conflicting peaks and troughs of demand and the peaks and troughs of staff availability and part of that is being easy to let go, something that you're actually charging for in your hourly or daily rate.
However in this case it seems like he got fired rather than let go which is pretty unprofessional in itself. Not temperamentally suited to the job I'd have thought.
-
-
Friday 21st November 2025 12:37 GMT Anonymous Coward
Company not blameless
These sort of attacks are stupid & shouldn't be done.
That aside, company should shoulder some responsibility, especially when so much damage done using contractor credentials.
Where I am, contractors* have very limited access (varies with role obviously, but in area I worked contractors only had access to code repo, documentation and the staging / test environment. And repo access was limited - they could create a branch but no rights to merge it, that was done by someone with rights to do that after code review, QA etc). The limited things they had access to also used MFA so could not easily use another persons credentials without them being aware & complicit.
* "proper" staff also have tightly controlled "siloed" access (plus masses of auditing) so majority of people can do very little harm
-
Friday 21st November 2025 14:12 GMT harrys
this happens because in larger companies
peoples these days see work as a lifestyle not a shite necessary activity
the clever ones know this and just pretend to be part of the "work family"
the foolish ones actually believe its true
in reality no one should trust anyone in the workplace and put in adequate systems, whilst trying to hide this fact from the fools without upsetting them too much.
Also you can get more work out the fools for less as long as you can sustain their delusion :)
-
Friday 21st November 2025 14:15 GMT Northern Lad
But How Is It Damage?
Inconvenient for but damage?, surely damage in IT terms is physical, nothing was physically broken, maybe loss of business but that is financial loss, the recent Jaguar/Landover malware attack which cost a lot of money in lost revenue wasn't called damage. I suppose damage to reputation could be a thing if they company wanted to admit loss of face on its lack of security.
Maybe its a US wording thing?
The positive out of this is that it proves that Powershell is far more dangerous in the hands of a knowledgeable person or their ability to modify a script from the old internet, or better still get AI to write a script for them. Companies really need to lock down the running of PS scripts to one very closely guarded account and the pw on it gets changed almost daily.
-
Friday 21st November 2025 16:30 GMT doublelayer
Re: But How Is It Damage?
Would you like me to run untested code on your computer safe in the knowledge that, since I don't know any guaranteed ways to make it catch fire, I can't damage it by your definition, or might you be a little worried that I can break all sorts of things by doing so? And if I break some things, that would be damage. It's just that, since it wasn't the hardware, it's damage you can repair. You made up the hardware-only definition for damage, it is wrong as you can easily damage software and data, and practical demonstrations of that are easily obtained.
-
Monday 24th November 2025 06:57 GMT Anonymous Coward
Re: But How Is It Damage?
Resetting thousands of account passwords prevented those employees and contractors from logging in and doing their jobs, so you have at least the opportunity costs of lost work for that day. Further, it states that they were unable to provide customer support due to this, so perhaps some customers cancelled their contract with the victim and now there will be future losses. Finally, the victim has to hire a forensic team to perform investigation and remediation of exactly what was accessed and modified and if there are any other ways they could still get back in (like planting a backdoor), which usually involves clean system reinstallations (say, from a recent known-good backup) for all the critical stuff (like domain controllers). This costs money too. These are all monetary damages.
-
-
-
Friday 21st November 2025 16:37 GMT doublelayer
And how do you manage that? Simply by removing PowerShell from anything Windows and not installing it on Linux? What if I bring it back, even a portable version, in order to execute that script? And, without it, have you removed everything else I can run a script in, Bash, the old CMD shell for Windows, PHP (if it's a web server)? Maybe you have; that is possible, though it can make debugging and operations quite a bit trickier. But unless you have, you are probably patting yourself on the back for having done nothing because PowerShell was not responsible for this. Bad access control was responsible for this, and any way of executing the commands would have worked. PowerShell was chosen, not because it had any special powers to make this happen, but because the attacker needed something capable of running a foreach loop and that was available.
-
Biting the hand that feeds IT
