Slideshow

In pictures: Revenge is a dish best served electronically - 12 cautionary tales

13 Photos Josh Fruhlinger (InfoWorld)

These scorned IT staffers had their vengeance on their former employers -- but most got their comeuppance in the end

  • With great power comes great responsibility -- and great temptation. As more and more of an organization's infrastructure is shifted to IT, IT staffers find themselves with more and more concentrated power, often without the recognition or compensation they feel should go along with it. And when they're fired or quit in a huff -- well, bad things can happen. Submitted for your approval: some cautionary tales of what miffed techies can do to your company if vengeance is on their minds. (They're cautionary for all parties: most end up doing time for their misdeeds.)

  • Donald Burleson: Viral pioneer Donald Burlson concocted his computer revenge plot way back in 1985, so early in the computer era that when his conviction made the New York Times, they put the word "virus" in quote marks in the headline. Burlson's crime -- build malicious code, set it to go off after you're fired, claim that someone else did it with your login credentials later -- became the template for a generation of disgruntled IT staffers. Burlson's bug trashed 160,000 payroll records and delayed paychecks for a month, and he was convicted of criminal charges and forced to pay $12,000 in a separate civil suit.

  • Roger Duronio: Hit 'em where it hurts When Roger Duronio, a sysadmin at stock brokerage UBS Paine Webber, didn't get the bonus he wanted, he launched exactly the sort of attack security experts have nightmares about. At the opening of the trading day just after he quit, he used backdoors he had left on company servers to erase data and prevent thousands of customer transactions from taking place; to add insult to injury, he placed stock bets against Paine Webber's success and profited as his ex-employer floundered. But he failed to cover his tracks properly, and despite a defense that claimed Paine Webber's security was so shoddy anyone could have done the deed, he was ultimately convicted.

  • Viktor Savtyrev: Big talker First rule of getting tech revenge on your former bosses: less talk, more action. When sysadmin Viktor Savtyrev was laid off from his job at a mutual fund management company, he sent an email threatening cyber-retribution against the company servers if he didn't get a better severance package and a good job reference. He then repeated his threats in a phone call to his ex-bosses, promising his "comrades in Belarus" would help him in his vengeance. Unfortunately for Savtyrev, those calls were being recorded by the FBI, and he was arrested without any proof that he ever did any damage.

  • Andy Lin: The incompetent cyber-bomb maker When sysadmin Andy Lin learned that his job at a health care company might be on the chopping block, he set his revenge plan in motion: he hid a malicious program on company servers that would delete huge swaths of company data the next year on his birthday. When the firing never happened, he tried to edit the code so the sinister app wouldn't launch; it did anyway, but a bug in it prevented it from doing any damage. Instead of just deleting it, Lin reset the target date to his next birthday for some insane reason. It was discovered by another sysadmin, and Lin was eventually sentenced to 30 months in prison.

  • Rajendrasinh Makwana: The financial crisis could've been worse Remember what dire straights the U.S. mortgage market was in back in 2009? Now imagine if all of mortgage giant Fannie Mae's servers had been wiped out. Rajendrasinh Makwana was fired from his job as a sysadmin there, but didn't have his server privileges turned off until the end of the day -- leaving him time to hide a malicious script at the bottom of a legitimate script, set to erase huge amounts of data four months after his firing, leaving only a message that said "Server Graveyard." A sharp-eyed admin stumbled upon it by accident, averting disaster; Makwana was sentenced to 41 months in jail.

  • Michael Meneses: Electronic gaslighting As Ars Technica points out, many of the descriptions of what ERP guru Michael Meneses did to his company's systems after he was passed over for promotion and quit in a huff are maddeningly vague -- he stole credentials and "hacked into" and "corrupt[ed]" the network. But one specific misdeed has a certain roguish charm: he shifted all the events on the company's internal calendar by a month, which must have produced wacky corporate chaos. Meneses faces up to ten years in prion.

  • Jason Cornish: Single point of attack Where did pharma company Shionogi go the most wrong in their dealings with former IT staffer Jason Cornish? Was it when they kept him on as a consultant even after he quit the company due to a dispute with management? Was it when they terminated his contracting gig but neglected to revoke his password? Was it when they failed to notice that he had installed a vSphere VMware management console that would allow him to conveniently control all of the company's virtual servers from one place? Working on free Wi-Fi provided at McDonald's, Cornish erased 88 servers and caused $800,000 worth of damage. He was also caught and pled guilty, serving 41 months in prison.

  • Patricia Fowler: Criminal mischief Patricia Fowler seemed to have no particularly focused plans for her former employers at Suncoast Community Health Centers, beyond making them irritated. After they fired her for insubordination, executives' files started vanishing, people's passwords mysteriously changed, and employees' pay and vacation accrual rates were suddenly mucked up. After a visit or two from the FBI, Fowler caved and admitted her misdeeds, heading to prison for 18 months.

  • Omar Ramos-Lopez: Immobilizing customers, for real Most of the miscreants on this list would be what we'd call B2B hackers -- the havoc they wreaked mainly affected their former bosses and co-workers. But when Omar Ramos-Lopez was laid off by Texas Auto Center, he decided to go after the company's customers instead. Using a former co-worker's password, he was able to gain access to a system that could remotely immobilize cars and cause their horns to beep incessantly. Oh, did you know that your car dealer might be able to immobilize your car remotely? The existence of WebTeck Plus, designed as an alternative to having a repo man seize your car for non-payment, is probably the most shocking aspect of this whole story.

  • Julie Williamson and Frank Jonen: Pay up or else If all the employer-employee relationships we've discussed so far can go so wrong, imagine the potential problems with handing over control of your Web presence to a contractor that you might not ever meet in person. German Web designer Frank Jonen made waves in tech-savvy San Francisco when a payment dispute with a chain of gyms resulted in him replacing the gym's website with a note explaining his side of the story. Meanwhile, in Baltimore, when designer Julie Williamson didn't get paid for work she did for a reggae festival, she simply replaced the festival website with an image of her invoice.

  • Walter Powell: Embarrassment is the best revenge It's unclear whether Walter Powell had installed keystroke recording software on Baltimore Substance Abuse Systems Inc. computers before or after he was fired from his job there. But what's clear is that he quickly got bored with low-level antics like sending fake emails from his bosses, and decided to go for the big time: replacing the organization CEO's PowerPoint presentation with pornography. For added humiliation, the presentation was about the CEO's accomplishments, and the audience included members of the organization's board and city government officials. Powell was given a suspended prison sentence and community service hours.

  • Chris Mohney: The subtle knife We'll end this slideshow with an example that's from the tech world, but reminds you that culture-hacking can be as painful as the technical kind. When Tumblr decided to shut down its Storyboard effort and lay off the paid editors it had hired to run it, it did so with a post on company founder David Karp's Tumblr that lavished smarmy praise on the team before casually mentioning they'd been canned. The tech press reacted with horror at the ham-fisted communication style -- and it turned out that the post had actually been ghostwritten by fired Storyboard head Chris Mohney, at Karp's request, and crafted with the deliberate goal of making his ex-boss look bad.

Show Comments