involved in the Fanny Mae scams would want to destroy all Fanny Mae's data or am I wrong ?

All big companies have nightly backups of their servers anyway, so while this is a great symbolic act, it wouldn't do as much damage as some people might hope.

So they sacked him because he wasn't very good at his job. He was upset and decided to wipe the computers out of spite. I used to think it was a bit harsh to have security escort people out of the building when they are dismissed, but now I see it makes perfect sense given what could happen.
Reminds me of a case where a guy started a fire when he was sacked, ended up killing several fellow employees.

Nobody is ever sacked for a scripting error, that will be an excuse at best. You get sacked because people don't like you or don't trust you. I am much amused by people who sack you in the morning then ask you to work in the afternoon. It is the equivalent of saying "We are going to ruin your career tommorow but please do few hours work for us without pay". The person who says that should be sacked themselves.

"On October 24, 2008, at 2:53 pm, a successful SSH (secure shell) login from IP address 172.17.38.29, with user ID s9urbm, assigned to Makwana, gained root access to dsysadmin01, the development server," the affidavit states. "... IP address 172.17.38.29 was last assigned to the computer named rs12h-Lap22, which was [a Fannie Mae] laptop assigned to Makwana. ... The laptop and Unix workstation where Makwana was able to gain root access and create the malicious script were located in his cubicle."

NetRange 172.16.0.0 - 172.31.255.255 is a reseved block so this really was a Fannie Mae internal IP.

Development servers don't or shouldn't be able to access systems servers so accessing one should not have been able to decimate more than one server. If it can, the entire remaining staff should be sacked for incompetency. If any self-respecting intelliegent admin had gained access to a development server then they would have caused damage another way, not by placing a time-delayed script. You would have downloaded the info available, then one by one explored what other access you had to do the same. Or you would have slowly changed the data, imperceptably. Or you would do something else rather than what is alleged.

Smoking gun though is the user ID. When someone does get sacked, they hand in their keys and they're external access is cut - their passwords are deleted, their accounts suspended or deleted, their systems closed down. So they sacked this guy and left his passwords up? Why would they break standard practice like this? Did they also leave him a front door key?

The prosecution of this guy is bullshit. I've seen similar stuff in other places so here is my reconstruction.
The criminal gets this guy sacked for office politics (BOFH) reasons. It is someone in the IT dept or at least someone who has admin access to system servers. They then login using this guys account, maybe remotely or maybe in the guys cubicle directly through the IP cable. They add a script to the the end of one of his scripts, and do so leaving all the logs intact so that he can be blamed.

This sort of shit happens daily, careers get ruined but it never results in prosecution because it can't be proven not to be internal. It is a malicious prosecution for what is the companies current employeees fault one way or the other.




Funny story. To understand you first need to read this from wikipedia:
"rm -rf (variously, rm -rf /, rm -rf *, and others) is frequently used in jokes and anecdotes about Unix disasters. The rm -rf / variant of the command, if run by a superuser on the root directory, would cause the contents of every writable mounted filesystem on the computer to be deleted."

So anyway I'm sitting scripting on my Solaris test sparc, open-plan surrounded by the 'creme de la creme', and a developer/script-kiddie a few chairs up starts talking about when someone he worked with accidentally typed in rm -rf.

Because he is talking about it, it is at the back of his mind so at one point he types it in, and his sparc goes out. He loses his days work and has to get an admin to restore the previous data, which takes ten minutes but which is a huge embarrassment to him. Everyone is thinking 'Poor guy, what a fuck up for typing in rm -rf just because he was thinking about it'. Or at least that is what I was thinking when I typed in the same command. Not a career highlight, never got me sacked, took ten minutes to restore.

My point is 'Unix disasters' like this are recoverable delays at worst and no sabateur would limit themselves so. So, there is an implication of a third party disk-wiping software being used. Same again. a recoverable delay.




















































Because this is Indymedia and not a tech forum, I'll add this. 'How to seriously fuck up a company using IT'.

Packaging.

>>Nobody is ever sacked for a scripting error, that will be an excuse at best. You get sacked because people don't like you or don't trust you.

It depends. If the error was was of a great consequence/cost then you'd get sacked. But yes, one error wouldn't be a cause of a sacking in the most part. People also get sacked because they are incompetent, don't/can't do the job, turn up late, call in sick too often etc.

> I am much amused by people who sack you in the morning then ask you to work in the afternoon. It is the equivalent of saying "We are going to ruin your career tommorow but please do few hours work for us without pay". The person who says that should be sacked themselves.

Yes, it would be insane to sack someone and then let them continue working in IT. Thats generally why they escort you out of the building once you are dismissed. Not nice, but makes logical sense.