Developer convicted for “kill switch” code activated upon his termination

IT work is feast or famine.

"IT people, your not doing anything, what the hell do we pay you for?"

"IT people, everything is on fire, what the hell do we pay you for?"

The smart criminals never get caught...

That's why you only hear about the dumb ones

Did it say they went through his work search history? Everything you search on Google with your IP or through your account is recorded, in case law enforcement knocks. Don’t think using a phone protects you. Use a trusted VPN in a separate browser if you want to search for things and not have them show up in court.

In this day and age with everyone carrying a smartphone, there’s no excuse for using work computers for personal activities

There are plenty of reasons, mostly amounting to "Nobody tends to give a fuck" and "I'm not running out to buy a second high end laptop just to casually browse the web from my couch on the weekend".

What you've got is a very poorly enforced, very draconianly executed set of deliberately vague and inarticulate rules that vary from company to company. And none of that really has anything to do with the "kill switch" thing. In the same way you might say "Well but obviously nobody should smoke weed in a state that criminalizes it! That's just stupid!" when you've got the police tearing apart a particular person's house for a completely unrelated issue, based on an officer's exclamation of "I smell weed!" at the front porch.

Just accept you live in a police state and stop buying into excuses made to surveil and punish.

don't underestimate how lazy and stupid even the smartest person can be.

Exactly my thought. A corporation destroys people's lives by firing them? Nothing. Someone actually pushes back? Suddenly the government gets involved.

And how our legal system is setup to best defend the wealthy.

yeah it's pretty crazy. almost like government is for some things and not others, and knows it, like maybe laws were always just an excuse and tool for victim blaming. or something.

I don't see how pretending that's weird is gonna help anyone.

We all know we don't live in a just world.

We need to try and make it one, instead of pretending we're living in one which happens to have horrid injustice happening all the time.

Don't F with the power grid.

owned by the Ohio- and Dublin-based power management company Eaton Corp.

https://en.m.wikipedia.org/wiki/Eaton_Corporation

Sentences are always harsh for anything to do with those who provide for public utilities.

@[email protected] has a comment about sabotage, which was likely a factor combined with this to drive max recommended sentencing.

Now to make it worse, ask this, "If the corporation did 10 times this amount of damage, but to the general citizens of the country, how many people would go to jail?"

That's right 0 people would go to jail! And they would only be fined for no more than 10% of the profit they made while doing it. Maybe someone like a jr director of operations gets tossed in jail, but he wasnt really apart of the club.

"Up to 10 years" is the maximum possible for that type of crime. Actual sentencing guidelines for a $500k loss for a first time offender will probably come out to about 2, maybe 3 years.

In order for the recommended sentence to hit 10 years, we'd have to be talking about damage of over $550 million, or something like a long criminal history.

Substantial disruption of critical infrastructure would get someone to around 5 years, as a reference.

allegedly costing hundreds of thousands of dollars in losses.

Also it's sabotage, which might attract heavier penalties than mere theft?

he should have tried to overthrow the government, or stole classified documents. that's a drastically lower sentence

nothing he did was wrong.

"allegedly costing hundreds of thousands of dollars in losses." It seems he was already messing with the systems while he was still working there. This is not a case of malicious compliance or they fired the only guy who knew how something worked. He was actively sabotaging the company's network.

"he apparently became disgruntled by a corporate "realignment" in 2018 that "reduced his responsibilities,"" So it's not even like the company was being evil as they fired him while he was on PTO to take care of his daughter with leukaemia (or something). He would've been better off finding a new job if he was unhappy. Instead he made things far worse.

But 10 years is way too high. Especially for a victimless crime with alleged "values" of loss. But otherwise he gets no sympathy from me.

I developed a spreadsheet for a company I worked for a few jobs ago. When I left I used a picture of Dennis to lock everyone out of the spreadsheet but only for one day, months after I left. Stupid idea, but felt good.

Edit: this was it:

Same for my last job. My bosses and managers harassed and insulted me. They said I was useless and stupid.

I quit with 3 months of "notice" (standard in France to help you find a new job). They didn’t care during those 3 months. In the last week they panicked because they could not find a replacement that did everything I fixed every day.

I also interviewed my replacement, a junior out of school with big diplomas. When I asked if he knew Linux, he said "not really." I thought "they are fucked with this guy." They wanted to hire him because he was the son of some guy. I said to my boss that he would be a perfect fit for the company.

Unknowingly I was the kill switch. I sent them one last email with all the information they needed and told them to go fuck themselves in a polite way.

but even if you weren't caught, it's not worth it to personally be bitter like that.

Really depends on what you do for a living... Non-profit? Sure. Weapons manufacturer? Fucking have at it.

I didn't plant anything and I could still brick the production backends of a former employer because some poor ass decisions were made when choosing technologies and then when I pointed it out that it's pretty bad the technology was stuck with so literally all it takes is sending 2-3 requests so all pods die.

But why do it.

Sounds like lawsuit territory

You are truly a madman

Edit: or a madlady

It's actually kind of worrisome that they have to guess it was his code based on the function/method name. Do these people not use version control? I guess not, they sure as hell don't do code reviews if this guy managed to get this code into production

It would only work if he owned the code and the company stopped paying. There's lots of precedent for that.

I take it he hasn't heard about "hiding things in the open".

That would be, for example, using a constant of some near year in "end time" column meaning unfinished action.

Or just making some part that will inevitably have to be changed - "write-only", as in unreadable. Or making documentation of what he did bad enough in some necessary places that people would have to ask him.

So many variants, and such obvious stupidity.

Naturally. Advantage, privilege and money should only be in the hands of those who run large companies or better.

If that made you angry, bear in mind that's what most top level company executives think. Well, actually they don't think it, they know it unconsciously as the true order of the universe they inhabit and they get really uncomfortable should it even look vaguely like someone might be trying a competing philosophy to their own.

To be fair though, most people get really uncomfortable when something might undermine even part of the philosophy they live by.

Literally the same day as HP *activating a "kill switch" code for their printers.

Look at me, I am the killswitch now.

I work on a small team and recently realized my boss is falling victim to survivorship bias. Another colleague and I handle our work, which is mission critical to the org, competently and fairly opaquely, only raising issues as they arise. However some other members of our team have less critical but more visible work that they tend to bungle. The department invests hiring dollars, training efforts, and materials purchases in service of remediating those issues. But my colleague and I are both burned out, eyeing the door, and fully aware there’s no one who understands what we do or is capable of doing it within our organization - aside from each other, but our respective scope of work is non-overlapping and there’s truly not wiggle room to cross train or support each other’s work. I’ve said all I know to say to leadership about this issue but they seem willfully ignorant.

When one of us goes, I think the other will follow quickly. Hiring takes almost 2 months at my work, so the gap/lack of knowledge transfer will make for a huge shit show.

Why do kill switches when you can just hog all the work of maintaining some critical part of the infrastructure and make it's functioning and maintenance so opaque and impenetrable that the employer can't replace or fire you without their shit catching fire soon after.

This is literally my firm's core business practice. We've been at it for so long that at this point we have to be included in competing bids because we are the only ones in the world that can do certain specific things.

That's what my old company used to do. You did this? Do a KT to some underpaid remote employee and when they leave it's again your responsibility to maintain it, alongside the new bugs and spaghetti they introduced.

We once told a SP50 customer that we would not provide a business critical service because an employee went on sabatical for a month and she had the only working version on her cookery computer. At that point the customer was so integrated with us that it would take them years to replace us.

so opaque and impenetrable that the employer can’t replace or fire you without their shit catching fire soon after.

Somehow, that's the kinda roles I always land in lol

Initially makes me wonder how the employer could be so dumb as to give one employee so much access.

Right now, just based purely on the access I need to do my day-to-day job involves me having access where I can pretty much nuke everything from orbit, with an ssh loop.

At some point, you need to trust your employees, in order to get work done. Sure, you can lock it all down tightly, but then you just made work take longer. It's a trade off.

Initially makes me wonder how the employer could be so dumb as to give one employee so much access.

The amount of access he had doesn't surprise me. He'd been there for 11 years already likely working on many things as he interacted with systems in the course of his legitimate work. While its possible to set up access and permissions in an organization utilizing the "least privilege principle", its expensive, difficult to maintain, and adds lots of slowdowns in velocity to business operations. Its worth it to prevent this exact case from the article, but lots of companies don't have the patience or can't afford it.

My previous work didn't revoked my access to their CMS. I was so upset when they laid me off after telling them my wife is pregnant.

But I ain't that stupid.

Oh yeah, but the thing that usually offsets the intrusive thoughts is a lot of courts treat this as the crime of "hurting rich people" which comes with like 30 years in pound you in the ass penitentiary.

I'm sure DOGE is actively considering hiring him.

Timebombs in Windows 2000?