When checking my work landed me in hot water.
I was working at a UK mobile network operator, whose new CTO was an arrogant individual. He had some bad ideas and also some good ones, many of which were issued as JFDI diktats.
One of his ideas arrived on my desk. The requirement was that it should not be possible for a user to make changes on a switch without change control authorisation; this was to be managed by disabling all user access and providing change control with a scheduler to enable relevant users’ access as per the change schedule. My job was to write the scheduler and front end; end of conversation: do it now!
To be sure that my system was meeting the requirements I created a second utility that periodically downloaded the switches’ change logs and checked to see if any changes were being made that my scheduler could not account for. I found something...
An unknown user was using an unknown access port to run unknown commands. The penny didn’t drop and so, not twigging what department this might be and me being in a rush to plug the hole I’d found, I asked various people I knew throughout the business to try to identify the miscreant.
Next thing I knew I was standing in front of the CTO with some individuals from “lawful intercept”. It turns out that a config error (not mine) had made visible to my log checker their supposedly hidden activities: I shouldn’t have seen what I had seen and certainly not gone asking questions. The CTO, who, up to that point, knew nothing about the intercept activities or my second utility, hated being shown to not know everything.
I got a proper dressing-down from the CTO that afternoon for having gone the extra mile and written the log checker, but nothing more came of things after that so I assume I hadn’t ruffled too many feathers. I deleted the logs I had uncovered and, given that no more showed up, the config error must have been fixed, not that I got any thanks.