Honestly, if I had done something like this and they twigged to it, I’d consider just fucking off and joining the French foreign legion.
Talk about incentivizing us to make even more impactful kill switches!
We’ve all considered it
Oh yeah, but the thing that usually offsets the intrusive thoughts is a lot of courts treat this as the crime of “hurting rich people” which comes with like 30 years in pound you in the ass penitentiary.
Oh. Personally for me it’s code reviews that prevent me from doing it, but pound you in the ass penitentiary is a good motivation too
The secret is get promoted to where you do the code reviews. Then just get too busy to do them reliably. Timebomb activated.
And now imagine doing this or sort of this destruction in a smaller company that has one to three mediocre admins at highest. One can kill this company and they would never get it why the computers got weird.
Reminds me of the timebombs in windows 2000. I guess he’s forced to start fresh.
Timebombs in Windows 2000?
Timebombs in windows 2000!
Oh shit that is a large number
out of the loop :
2000 x 1999 x 1998 x … x 3 x2 x 1 = 2000 !
deleted by creator
Up to 10 years is crazy. Sure, what he did was wrong, planned and malicious, and they claim it cost them tens of thousands of dollars. But 10 years? This is crazy for something that at worst would be a yearly salary of a single employee.
Fucking capitalism.
Don’t F with the power grid.
owned by the Ohio- and Dublin-based power management company Eaton Corp.
https://en.m.wikipedia.org/wiki/Eaton_Corporation
Sentences are always harsh for anything to do with those who provide for public utilities.
@null_dot@lemmy.dbzer0.com has a comment about sabotage, which was likely a factor combined with this to drive max recommended sentencing.
Now to make it worse, ask this, “If the corporation did 10 times this amount of damage, but to the general citizens of the country, how many people would go to jail?”
That’s right 0 people would go to jail! And they would only be fined for no more than 10% of the profit they made while doing it. Maybe someone like a jr director of operations gets tossed in jail, but he wasnt really apart of the club.
Nah they would have added more fees to subsidize the protections they weren’t going to put in place. Then reach out to the government for subsidies to put these protections in place. Then give bonuses, stock buy backs and when it happened again, they’d raise the fees installed previously and consider making the upgrades if the fine threatened is high enough, if not they’ll pay the fine and buy back more stock and run an ad campaign to make the company look better.
“Up to 10 years” is the maximum possible for that type of crime. Actual sentencing guidelines for a $500k loss for a first time offender will probably come out to about 2, maybe 3 years.
In order for the recommended sentence to hit 10 years, we’d have to be talking about damage of over $550 million, or something like a long criminal history.
Substantial disruption of critical infrastructure would get someone to around 5 years, as a reference.
allegedly costing hundreds of thousands of dollars in losses.
Also it’s sabotage, which might attract heavier penalties than mere theft?
Actually for federal sentencing, property destruction is punished under the same table as theft. It’s mostly measured from the amount of loss to the victims, whether the person actually profited from it or not.
Fair enough.
Having known victims of vandalism I can say it hurts more than theft.
nothing he did was wrong.
he should have tried to overthrow the government, or stole classified documents. that’s a drastically lower sentence
“allegedly costing hundreds of thousands of dollars in losses.” It seems he was already messing with the systems while he was still working there. This is not a case of malicious compliance or they fired the only guy who knew how something worked. He was actively sabotaging the company’s network.
“he apparently became disgruntled by a corporate “realignment” in 2018 that “reduced his responsibilities,”” So it’s not even like the company was being evil as they fired him while he was on PTO to take care of his daughter with leukaemia (or something). He would’ve been better off finding a new job if he was unhappy. Instead he made things far worse.
But 10 years is way too high. Especially for a victimless crime with alleged “values” of loss. But otherwise he gets no sympathy from me.
I worked for a company once that installed a remote-activation killswitch in their drivers, as a secret weapon to force the customer to stay current on their maintenance contract.
The CEO was a fuckup however, and the code killed their system even without being activated - resulting in a bunch of angry phonecalls and some of the most egregious lying I’ve ever heard.
god, he was a piece of shit
Sounds like lawsuit territory
your honor, I would move to dismiss on grounds that my clients actions were based as fuck.
This kill switch, the DOJ said, appeared to have been created by Lu because it was named “IsDLEnabledinAD,” which is an apparent abbreviation of “Is Davis Lu enabled in Active Directory.”
Lu named these codes using the Japanese word for destruction, “Hakai,” and the Chinese word for lethargy, “HunShui,”
[Lu]’s “disappointed” in the jury’s verdict and plans to appeal
No, this guy is cooked, there’s even evidence of him looking up how to hide processes and quickly delete files, absolutely no way an appeal would work out for him, I don’t think an “I got hacked” argument is going to work.
It’s actually kind of worrisome that they have to guess it was his code based on the function/method name. Do these people not use version control? I guess not, they sure as hell don’t do code reviews if this guy managed to get this code into production
- I assumed that the code was running on a machine that Lu controlled.
- Most companies I have worked at had code reviews, but it was on the honor system. I am supposed to get reviews for all the code I push to main, but there is nothing stopping me from checking in code that was not reviewed (or getting code reviewed and making a change before pushing it). My coworkers trust me to follow the process and allow me to break the rules in an emergency.
It would only work if he owned the code and the company stopped paying. There’s lots of precedent for that.
Still probably not. The code also deleted files, deleted accounts, and created infinite loops which took down large chunks of the network and infrastructure.
You could take your code, but you can’t take down the company.
Yeah he’s screwed then.
I take it he hasn’t heard about “hiding things in the open”.
That would be, for example, using a constant of some near year in “end time” column meaning unfinished action.
Or just making some part that will inevitably have to be changed - “write-only”, as in unreadable. Or making documentation of what he did bad enough in some necessary places that people would have to ask him.
So many variants, and such obvious stupidity.
That’s an amazing point, actually
Lol everyone probably fantasizes about such thing sometimes, but even if you weren’t caught, it’s not worth it to personally be bitter like that.
Just got laid off and could had done the same. Except I don’t have to. Internal systems are so bad and undocumented and I was like only IT specialist there who could use linux, and so many things related to core businesses were just basically behind me.
The kill switch has made it self. Funny how I would have written more documentation if I ever was given the time.
Same for my last job. My bosses and managers harassed and insulted me. They said I was useless and stupid.
I quit with 3 months of “notice” (standard in France to help you find a new job). They didn’t care during those 3 months. In the last week they panicked because they could not find a replacement that did everything I fixed every day.
I also interviewed my replacement, a junior out of school with big diplomas. When I asked if he knew Linux, he said “not really.” I thought “they are fucked with this guy.” They wanted to hire him because he was the son of some guy. I said to my boss that he would be a perfect fit for the company.
Unknowingly I was the kill switch. I sent them one last email with all the information they needed and told them to go fuck themselves in a polite way.
malicious compliance, I like it
but even if you weren’t caught, it’s not worth it to personally be bitter like that.
Really depends on what you do for a living… Non-profit? Sure. Weapons manufacturer? Fucking have at it.
But don’t be stupid about it. Stash a date somewhere that you manually update every so often (so that it’ll stop being updated if you’re fired) and then add a bunch of random waits whose durations scale with the time since that date. If you’re worried that the code will be found, comment it with some bullshit about avoiding race conditions.
…and now I can’t use that idea, since this comment would be used in court. If I did it to a weapons manufacturer, they’d probably get the death penalty somehow.
comment it with some bullshit about avoiding race conditions
Lmao, amazing
Fair but I wouldn’t ever work for weapons manufacturing. Also sabotage in that context would have heavy punishment, and at worst could cause collateral damage.
I was using that as an example because it was the worst thing that came to mind. There is a whole gradient between non-profit and weapons manufacturer.
I didn’t plant anything and I could still brick the production backends of a former employer because some poor ass decisions were made when choosing technologies and then when I pointed it out that it’s pretty bad the technology was stuck with so literally all it takes is sending 2-3 requests so all pods die.
But why do it.
Similar cases with my old company. In my case people who would had suffered the most direct consequences would had been my colleagues who I respect.
But I could totally cause trouble without any backdoor access.
Weird that these protections exist for corporations that aren’t actually people but no protections exist for the person who was fired.
Exactly my thought. A corporation destroys people’s lives by firing them? Nothing. Someone actually pushes back? Suddenly the government gets involved.
Eg pictures of dozens of police protecting tesla dealerships
We never left serfdom.
Everyone you have ever met is a servant of the ruling class.
You have never met a ruler and probably never will.
I don’t see how pretending that’s weird is gonna help anyone.
We all know we don’t live in a just world.
We need to try and make it one, instead of pretending we’re living in one which happens to have horrid injustice happening all the time.
I’m no English major, but I’m pretty sure @SoftestSapphic@lemmy.world calling it weird is a rhetorical device known as sarcasm.
Hmm, I wonder if it is actually. I think it’s just a euphemism for it’s wrong how" or “it’s weird how we as people keep allowing this to happen in a democratic world”, but I honestly don’t think it’s sarcasm.
I get the point and I write that way all the time too, but I thought to see what happens if I just stop participating in the pretense of it being weird.
But yes maybe it is just sarcasm, but like the same sort of rhetoric is often used to talk about problems which are sort of too complex and large to easily assert something which should or even could be done.
But yes. Sarcasm.
r/iamverysmart
yeah it’s pretty crazy. almost like government is for some things and not others, and knows it, like maybe laws were always just an excuse and tool for victim blaming. or something.
The amazing thing is that the government doesn’t get nearly as much tax income as you’d expect from these hugs companies. It’s almost as if the politicians have some other, secret motivating factor. Oh well, I guess we’ll never know.
wait, are you saying that there’s this class that are the beneficiaries of governments and laws, and it’s the same as the class that doesn’t suffer any limitations when they do stuff that the governments and laws don’t like?
and that we’re in this other class, that the laws and stuff exist to punish, but has to fund them and pay for them, or we get punished for that too?
that’s fucking crazy.
And how our legal system is setup to best defend the wealthy.
They are the protagonists of democracy after all.
Democracy™®
I’m disappointed they found so much in his search history. Do these people not have phones? In this day and age with everyone carrying a smartphone, there’s no excuse for using work computers for personal activities
The smart criminals never get caught…
That’s why you only hear about the dumb ones
In this day and age with everyone carrying a smartphone, there’s no excuse for using work computers for personal activities
There are plenty of reasons, mostly amounting to “Nobody tends to give a fuck” and “I’m not running out to buy a second high end laptop just to casually browse the web from my couch on the weekend”.
What you’ve got is a very poorly enforced, very draconianly executed set of deliberately vague and inarticulate rules that vary from company to company. And none of that really has anything to do with the “kill switch” thing. In the same way you might say “Well but obviously nobody should smoke weed in a state that criminalizes it! That’s just stupid!” when you’ve got the police tearing apart a particular person’s house for a completely unrelated issue, based on an officer’s exclamation of “I smell weed!” at the front porch.
Just accept you live in a police state and stop buying into excuses made to surveil and punish.
I’m not running out to buy a second high end laptop just to casually browse the web
Even the cheapest laptop or tablet will cover that need
But when you’re at work, planning criminal activities, the least you can do is save your searches for “how to be a criminal mastermind” on your personal phone
Did it say they went through his work search history? Everything you search on Google with your IP or through your account is recorded, in case law enforcement knocks. Don’t think using a phone protects you. Use a trusted VPN in a separate browser if you want to search for things and not have them show up in court.
I think that what happens on a work computer, a work network, belongs to the company and they are free to check it at will.
However my phone, and what happens on the network it’s attached to are between me and my provider, and usually needs a warrant for someone to look through.
don’t underestimate how lazy and stupid even the smartest person can be.
I feel targeted :-)
Don’t worry, we don’t underestimate with you. :)
Why do kill switches when you can just hog all the work of maintaining some critical part of the infrastructure and make it’s functioning and maintenance so opaque and impenetrable that the employer can’t replace or fire you without their shit catching fire soon after. It doesn’t have to be malicious or illegal.
His efforts to sabotage their network began that year, and by the next year, he had planted different forms of malicious code, creating “infinite loops” that deleted coworker profile files, preventing legitimate logins and causing system crashes
I wish this guy was were actually politically motivated, but he seems to have been just really petty minded person.
Why do kill switches when you can just hog all the work of maintaining some critical part of the infrastructure and make it’s functioning and maintenance so opaque and impenetrable that the employer can’t replace or fire you without their shit catching fire soon after.
This is literally my firm’s core business practice. We’ve been at it for so long that at this point we have to be included in competing bids because we are the only ones in the world that can do certain specific things.
That’s what my old company used to do. You did this? Do a KT to some underpaid remote employee and when they leave it’s again your responsibility to maintain it, alongside the new bugs and spaghetti they introduced.
We once told a SP50 customer that we would not provide a business critical service because an employee went on sabatical for a month and she had the only working version on her cookery computer. At that point the customer was so integrated with us that it would take them years to replace us.
so opaque and impenetrable that the employer can’t replace or fire you without their shit catching fire soon after.
Somehow, that’s the kinda roles I always land in lol
So when company do it it’s fine but when we do it to companies it’s not?
Literally the same day as HP *activating a “kill switch” code for their printers.
what happened?
(updated with a link)
Naturally. Advantage, privilege and money should only be in the hands of those who run large companies or better.
If that made you angry, bear in mind that’s what most top level company executives think. Well, actually they don’t think it, they know it unconsciously as the true order of the universe they inhabit and they get really uncomfortable should it even look vaguely like someone might be trying a competing philosophy to their own.
To be fair though, most people get really uncomfortable when something might undermine even part of the philosophy they live by.
