Forgot your password?
typodupeerror
Image

IT Worker's Revenge Lands Her In Jail 347

Posted by samzenpus
from the bad-idea dept.
aesoteric writes "A 30-year-old IT worker at a Florida-based health centre was this week sentenced to 19 months in a US federal prison for hacking, and then locking, her former employer's IT systems. Four days after being fired from the Suncoast Community Health Centers' for insubordination, Patricia Marie Fowler exacter her revenge by hacking the centre's systems, deleting files, changing passwords, removing access to infrastructure systems, and tampering with pay and accrued leave rates of staff."

*

This discussion has been archived. No new comments can be posted.

IT Worker's Revenge Lands Her In Jail

Comments Filter:
  • by Anonymous Coward on Friday December 10, 2010 @02:22PM (#34515968)

    Every time some person does stuff like this and it hits the press, every other IT person ends up suffering when the PHBs realize what the sysadmin or the Cisco guy is capable of.

    Will this mean better security? Of course not. It just means that oftentimes someone who shouldn't have access to enable secrets or root passwords gets those as a "backup".

  • Um good? (Score:5, Insightful)

    by Hatta (162192) on Friday December 10, 2010 @02:22PM (#34515972) Journal

    Person commits crime, goes to jail. Fascinating reporting there.

  • Harsh Sentence (Score:5, Insightful)

    by Manip (656104) on Friday December 10, 2010 @02:22PM (#34515974)
    I love how computer crimes are measured on an entirely different scale to all other crimes. While I think her crime was serious, when you look at the prison sentence relative to other things it seem disproportionate. If she had done the same thing without a computer I bet she would see less than 1/2 the jail time.
  • What? (Score:5, Insightful)

    by segedunum (883035) on Friday December 10, 2010 @02:30PM (#34516082)

    Fowler's attack on the company's firewall, which had caused a "lockout", took Federal Bureau of Investigations (FBI) three months to resolve.

    What? Seriously. What? What the hell is a lockout and why would it take anyone three months to solve a firewall issue?

  • by darjen (879890) on Friday December 10, 2010 @02:46PM (#34516282)

    or did she use passwords she already had to get into the system? I wouldn't be surprised if this was yet more abuse of the word "hacking".

  • by hendersj (720767) on Friday December 10, 2010 @02:59PM (#34516442)

    Really, I think this just highlights something I've said for years: If you don't trust your IT people, they shouldn't be your IT people.

    It's a job requirement to be trustworthy when working in IT. Those who aren't pull crap like this.

    Even if she hadn't gone to jail, if she got caught tampering with systems (either while employed there or after being terminated), she should never, ever, under any circumstances be trusted to admin a system again.

    Ever.

  • Re:Harsh Sentence (Score:4, Insightful)

    by Delusion_ (56114) on Friday December 10, 2010 @03:07PM (#34516544) Homepage

    My point is that you are convicted by a jury of your peers and not a jury of your victims for a good reason; a jury and a judge have a better ability to be dispassionate.

    That we involve victims in sentencing hearings is abominable, as is that we enforce arbitrary minimum sentencing regulations.

    If I am guilty of a crime, what I did is what should matter, not how good or bad a person the victim was. Rather than go down Hypothetical Alley with you about the value of human life, I'd like to keep our hypothetical closer to the facts:

    Would this crime be more heinous "your IT department", as you put it, were genuinely good people? Would it worth less sentencing if it took place at an equivalent organization whose IT staff was lazy and whose managers were bombastic annoying pricks? Surely not. In that case, your opinions as the victim as to what the guilty party deserves regarding sentencing are too compromised.

  • by Venik (915777) on Friday December 10, 2010 @03:22PM (#34516774)
    Every time I see news like this, it certainly makes me suffer: a good sysadmin would not get caught. For a sysadmin, incompetence is the worst crime.
  • Re:Um good? (Score:3, Insightful)

    by scorp1us (235526) on Friday December 10, 2010 @03:22PM (#34516776) Journal

    You missed it. There's a girl in IT. That's the news!

    Its not even that she hacked in. NASA has always had a problem with girlfriends of employees getting pissed, getting in and then breaking stuff.

  • by Venik (915777) on Friday December 10, 2010 @03:33PM (#34516932)

    Really, I think this just highlights something I've said for years: If you don't trust your IT people, they shouldn't be your IT people.

    And if you decided to fire them, make sure you terminate their access to your network in a timely manner. Somehow I seriously doubt Ms. Fowler actually "hacked" their systems. It is far more likely that after four days she discovered her remote access account still works and she took full advantage of this.

  • by Nadaka (224565) on Friday December 10, 2010 @03:59PM (#34517322)

    One difference is the respect that is shown and compensation provided to accountants, managers, legal advisers and so on. Meanwhile IT guys are basically treated like janitors.

  • by Hazelfield (1557317) on Friday December 10, 2010 @04:48PM (#34517926)

    If you don't trust your IT people, they shouldn't be your IT people.

    I think the managers sort of realized that, and that's why they fired her.
    Maybe the true lesson to learn is this: don't let former employees keep their access. Not even for a few days.

  • by Mister Whirly (964219) on Friday December 10, 2010 @04:48PM (#34517930) Homepage
    Owner status trumps technical experience every time. Trust me, any PHB stupid enough to demand access to areas they know nothing about and then go messing about is going to screw something up. When they realize just how much money it will take to fix their screwups, sooner or later they will realize why it isn't smart to give themselves access to said areas. But if the owner demands the keys to the kingdom he owns, he get them whether or not it is the smart move or not. How long do you think any employee who refuses an order from the owner is going to last? And how do you go about determining who is qualified to make the decision if someone is qualified?
  • by dgatwood (11270) on Friday December 10, 2010 @05:59PM (#34518622) Journal

    No one should have root passwords. The mere existence of a root password is a fundamental security hole. If everyone has a user account and certain people have sudo privileges, you have:

    • An audit log
    • A trivial way to cut off that person's admin access (with or without cutting off all access)

    Combine this with a proper centralized authentication/directory services system, and you're done.

  • by TapeCutter (624760) * on Friday December 10, 2010 @06:52PM (#34519114) Journal
    This so called moron* is your employer (or their representative), HE has given YOU access to HIS equipment, not the other way around. He pays YOUR bills in return for you following HIS rules while operating the equpment HE has given YOU access to. It is his perogative to break anything that belongs to him, your job is to ADVISE him not to do so (and repair it when he says "opps"). If you don't like it when he ignores your ADVICE you are free to relinquish the access HE has granted to HIS property and leave, you are not free to force your advice on him (unless he is performing an illegal act). If because of personality/intelectual problems you cannot abide by this universal employer/employee contract and have come to believe it's you right to deny him access to his property then he will need HIS passwords to grant access to the person he replaces you with when he fires your contemptuous arse. The same principles apply to everything from the combination to the company safe to the keys to the janitors closet, the only thing you have an implied right to withold from your PHB are your PERSONAL passwords, swipe cards, etc. You DO NOT have the right to deny your employer access to their property, regardless of how much better you think you can care for it.

    * - If he is the moron then why is it that you are working for him?
  • by Fulcrum of Evil (560260) on Friday December 10, 2010 @07:19PM (#34519378)
    You just don't get it - this is not a question of authority - yes, the CEO can demand the password, but he has no business knowing it.

The only thing cheaper than hardware is talk.

Working...