Monday, August 4, 2008

When IT pros go bad

Author: Toni Bowers

The recent case of the network administrator who shut down San Francisco’s FiberWAN network may cause some corporate executives to initiate unneeded policies. Would that be yet another example of too much time spent on something that, in reality, rarely happens?

The Terry Childs case has been a wake-up call to corporate executives across the globe. (Childs, a network administrator for San Francisco’s Department of Telecommunications and Information Services, is currently in jail and being held on $5 million bail for allegedly altering the city’s FiberWAN network system to deny service to authorized users and setting up devices that would allow unauthorized service to the system.)

I would guess that few executives (and staff-level end users for that matter) had any idea of the power one lone IT pro could have until now. Since the mindset of most employees is that IT is the department you call when you can’t access your files or your e-mail is running slow, it’s pretty disconcerting for them to find out that, depending on their position in the company, IT pros pretty much hold the keys to the kingdom.

So now, of course, the media is feeding this newly found fear in the hearts of corporate executives everywhere.


Last Monday, in the Globe and Mail, a story by Rebecca Dube brought to light some other recent cases of disgruntled IT pros wreaking havoc on their employers. The stories included the Australian engineer who was sentenced to two years in prison for hacking into a waste-management system and causing millions of liters of raw sewage to be dumped into rivers and parks. And Roger Duronio who was found guilty of computer sabotage and securities fraud for creating a logic bomb that took down 2,000 of UBS PaineWebber’s servers.

Then there was Alan Giang Tran who, after he was fired from his job at an airport limousine company, hacked into his former employer’s network and wiped out the customer database.

You just know that company leaders are going to be instituting policies to protect themselves against any kind of retaliation like this. There are a couple of reasons such policies could be a waste of time. For one, those executives don’t understand enough about IT to know how to form a policy to curtail its activities or access.

Second, if you think about all of the opportunity IT has to manipulate or destroy data or shut down networks, it’s pretty amazing how rarely it happens. So this could be another instance of putting precious time into creating policies because of something that happens maybe 1% of the time.

Now I could be wrong. You could all be out there using the skills of your job to funnel streams of money into your Swiss bank accounts. But I don’t think so.

So let’s discuss. In your jobs, do you have the power to paralyze the company you work for? Why do you think some people take advantage of this power while most don’t?

No comments: