Skip to comments.
Former Citibank Employee Sentenced for Causing Intentional Damage to a Protected Computer
www.justice.gov ^
| 7-25-16
| DOJ Texas
Posted on 07/30/2016 6:17:56 AM PDT by dynachrome
click here to read article
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-44 next last
To: dynachrome
They was...
They guys...
I’m guessing he qualified for the job in a non-academic way.
21
posted on
07/30/2016 7:00:56 AM PDT
by
Bogey78O
(We had a good run. Coulda been great still.)
To: Bogey78O
Maybe they was on MJ. On the other hand, I’ve seen sloppy English being used by contractors and nobody seemed to care.
22
posted on
07/30/2016 7:03:07 AM PDT
by
HiTech RedNeck
(Embrace the Lion of Judah and He will roar for you and teach you to roar too. See my page.)
To: Flick Lives
Sounds to me like he was a sysadmin and dumped the configurations on the core network routers. Stupid-simple, effective and obviously, illegal due to malicious intent. Believe me, this crap happens all the time on small scales and no one notices except for the impacted environment. Reload the correct config/route tables from secure rom and you're back in business before the trouble ticket gets escalated.
After incarceration, he'll be ready for his close-up hanging off the tail of a garbage truck. He'll never work IT again, too toxic.
23
posted on
07/30/2016 7:12:10 AM PDT
by
paulcissa
(Democrats want you unarmed so they can kill you.)
To: BuffaloJack
Shutting down one server shouldn’t cause an outage if the application runs on clustered servers. *Mission critical* applications should, IMHO, run on mainframes configured in a parallel sysplex environment.
You’d be surprised what some fortune 100 companies have. I vividly recall a major outage I supervised some 10 years ago for my customer (World’s 2nd largest retailer - hint) during the Christmas season. They outsourced their online sales to a company that ran the online sales application on end-of-life hardware (unsupported) on an unsupported configuration. Smart, huh?
They were down for days.
To: BuffaloJack
From the article it sounds like it was network equipment that he toasted (routers) not servers.
Routers are the devices that hook networks together so that all the different sites can talk to each other.
Each router has a configuration running in it that tells it what networks its supposed to be connecting and how.
This configuration is remotely updateable so that valid network changes can be made. However, a malicious network admin (like this guy could’ve been) who has access to make these valid changes could also trash the config if they wanted to.
There usually are backups of router configs held somewhere but it makes it hard to get them back since its the network thats affected and you need that network to be able to talk to the router to fix it.
25
posted on
07/30/2016 7:17:56 AM PDT
by
LizardQueen
(The world is not out to get you, except in the sense that the world is out to get everyone.)
To: Flick Lives
A. Why would such a self-destruct command even exist. B. Why did this guy have access to run such a command.
Says something about Citibank's computer security procedures, or lack thereof.
I've worked IT in all sorts of industries, including as both a contractor and employee of a bank.
The people who are in positions of power in most industries are generally the people who work the core business. IT is too often an afterthought and seen as peripheral to "what we do". Consequently it's often underfunded and often lacks the power to force changes.
In my experience, the IT guys generally are acutely aware of the problems that exist, have repeatedly reported them up the chain, and simply don't have the time or resources to fix them the "right" way. Often the "good enough" way isn't the most secure way.
In the case of routers, there is generally an administrative password that is all-powerful - there are legitimate needs to wipe the configuration on occassion. You can generally also set up users with less power that can do some administrative tasks, but not all. In the best case, you can set up tiered levels of access, so maybe a low-level person can pull logging data, a mid-level person can make some tweaks to the configuration, and only the highest level can do dangerous things.
But that takes time. Someone has to think through which levels should have what capability. Those decisions need to have a plan of implementation that is replicated across the organization and that plan has to be maintained over time and enforced with policy and procedure. In the case of a router, it probably takes multiple times the amount of time and resources to build that security infrastructure than it does to just get the routers up, running and working right with basic security. When the IT guys are already working nights and weekends in their windowless basement cubicles in some grey building in a bad neighborhood and have projects stacked up years in advance, there's a lot of pressure to just "get it done" and move onto the next project.
Add into that mergers of large organizations with disparate equipment, policies, procedures, etc. which are chaos in the best of times and it becomes a disaster waiting to happen.
Not saying all industries or all banks are this way, but it happens more than you might think even today.
Another consideration I've seen (full disclosure: I am a white male) is affirmative action hires. Now, I've worked with some top notch female and minority IT people. People who I'd be proud to work for, with, or under me. But they are much harder to find than the quotas mandate and the quotas take priority. An incompetent IT person is a very dangerous thing to have in an organization and banks tend to have a lot of them thanks to diversity departments.
All of the above is just my experience and opinion.
26
posted on
07/30/2016 7:43:35 AM PDT
by
chrisser
To: Enchante
they should fire whoever hired him
27
posted on
07/30/2016 7:46:25 AM PDT
by
Chode
(You Owe Them Nothing - Not Respect, Not Loyalty, Not Obedience, NOTHING!)
To: DAC21
Bingo!: His language skills precedes him, no photo necessary!
28
posted on
07/30/2016 7:53:56 AM PDT
by
Grampa Dave
(Democrats want you unarmed so they can kill you!)
To: Diogenesis
29
posted on
07/30/2016 8:32:58 AM PDT
by
Bigg Red
(You're on fire, stupid!)
To: ViLaLuz
30
posted on
07/30/2016 8:33:26 AM PDT
by
Bigg Red
(You're on fire, stupid!)
To: Flick Lives
No IT knowledge here, but, if I may put on my tinfoil hat, is it possible that Citibank was actually able to recover whatever the perp had erased, but the incident made a great cover for the laundering of some funds?
31
posted on
07/30/2016 8:35:35 AM PDT
by
Bigg Red
(You're on fire, stupid!)
To: dynachrome
Think I know what that means...
32
posted on
07/30/2016 8:40:00 AM PDT
by
glasseye
To: Chode
33
posted on
07/30/2016 8:49:36 AM PDT
by
COBOL2Java
(Donald Trump, warts and all, is not a public enemy. The Golems in the GOP are stasis and apathy)
To: COBOL2Java
i've been RIFed three times, twice from the same place, and all three times the head of security was outside the HR door waiting to take me back to my office and watch me clean out my stuff, take my badges, keys and beeper or phone before escorting my out of the building...
34
posted on
07/30/2016 9:00:08 AM PDT
by
Chode
(You Owe Them Nothing - Not Respect, Not Loyalty, Not Obedience, NOTHING!)
To: dynachrome
He didn’t get Hillary’s gold-plated treatment from the federal government.
After all, he didn’t mean to do it. Isn’t that Hillary’s defense?
Then why does she skate and he goes to prison and has to pay restitution?
35
posted on
07/30/2016 9:06:01 AM PDT
by
goldstategop
((In Memory Of A Dearly Beloved Friend Who Lives In My Heart Forever))
To: Chode
Bank servers, e-mail servers.
Two people breached security.
Oh - one of them is running for President.
36
posted on
07/30/2016 9:07:49 AM PDT
by
goldstategop
((In Memory Of A Dearly Beloved Friend Who Lives In My Heart Forever))
To: goldstategop
shoulda picked this mutt for VP, would guarantee the black lies matter vote
37
posted on
07/30/2016 9:17:13 AM PDT
by
Chode
(You Owe Them Nothing - Not Respect, Not Loyalty, Not Obedience, NOTHING!)
To: dynachrome
“Protected” computer? Was it black, Hispanic or homosexual?
38
posted on
07/30/2016 9:23:51 AM PDT
by
JimRed
(Is it 1776 yet? TERM LIMITS, now and forever! Build the Wall, NOW!)
To: Flick Lives
The reason such a command exists could very well be for maintenance. Let’s say you want to move the router from location A tolocation B. You don’t want it to come up with the configs from A when you plug it in to the B network, so you reset the device to factory defaults right before shutting it down.
Another is that when you retire the device, you don’t want any of your existing network configs on it for security reasons. This is standard practice at most places with aclue these days.
39
posted on
07/30/2016 11:26:40 AM PDT
by
zeugma
(Welcome to the "interesting times" you were warned about.)
To: Chode
#34 How many servers did you shut down : )
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-44 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson