Over the years, a few times I've heard a (perhaps sometimes apocryphal) story of something like this. The first one involved a programmer who had access to the payroll database.
Has anyone heard of someone getting away with this?
It seems dumb to me. Someone might feel pettiness impulses when wronged, but grievances are what lawyers are for.
(I did hear a variation on this story, where a programmer had artificially rigged up spreadsheets to fail periodically, so that they had to be brought back in as a consultant firefighter to "fix". IIRC, the story was told by a programmer who'd investigated and discovered what was going on. But this is close to standard operating procedure for a lot of development teams, though: through poor technical and business decisions, by accident or design, you guarantee yourself years of encumbered, time-burning work, to maintain and extend that.)
I heard of a vaguely related story. A team left a big investment bank, and stole some software along the way. The bank realized 6 months later, but decided to not prosecute. They concluded it would make them look too bad that a team managed to steal all this software and not be caught; bad to their investors, bad to other employees. So that was that.
Whether it's true is of course a whole different question.
Oof that spreadsheet story is like a glazier breaking windows, quite a way to make yourself indispensable!
I had to bring in a forensic IT expert after terminating someone who twice claimed twice he "might know a way" to read folks' email with no traces in the logs. He had previously mentioned a deadman-switch type setup, but in more of a "wouldn't it be cool" way.
After forensic person found no exploits, the recommendation was to proactively pay the employee a chunk of change with the stipulation that any future hacktivity would be treated as a criminal matter. We didn't do that (employee wasn't smart enough to create an invisible backdoor, or dumb enough to not just walk away).
The bad decisions he made (hiring, vendors, boys' club culture) probably did more damage than malicious code, and it's taken about 2 years to undo it.
This is bad - but I doubt there's an engineer in here that hasn't written throwaway code to make a deadline, joked about some code they wrote being "job security" because it's so confusing, or picked a soon to be deprecated package to use because it was quicker to get up and running.
Ethics is lacking in our industry, and as more and more people are laid off, you're going to have the equivalent of tens of thousands of "dead mans switches" going off at every company just out of sheer disincentivization of quality that's become so common in today's engineering culture.
I'm aware of at least one project at $work that will definitely break at some point that no one but me knows how to fix. Despite my best efforts to leave breadcrumbs to good resources and an extensive ReadMe, I suspect if I'm gone they just won't care enough to fix it and let employees go back to doing things manually (based on what happens right now when I'm not available to jump on a fix immediately). I wonder how many inadvertant "dead-man switches" like this there are out there where the loss of specific employees can cause a disproportionate amount of damage entirely by accident.
I dunno, the ethics depends on the situation, right?
If the customer asks for shoddy workmanship in a system that will have some safety critical application that will hurt the general public, you have a the engineer’s ethical obligation to blow the whistle.
If the customer asks for shoddy workmanship because they don’t care to prioritize documentation and robustness in their ad system, that’s management’s prerogative. The customer can be trusted to represent themselves.
A deadline is a business decision. An engineer makes a tradeoff (incurring tech debt) in order to meet the business goal. How is this remotely an ethics issue?
I think it's important to say that ethics are lacking from top to bottom. It isn't just devs who lack ethics. Companies do incredibly unethical things all the time and many folks act like not going along with it is somehow bad.
When the lil person gets a lil revenge we blow it way out of proportion because we're so incredibly desensitized to the constant barrage of unethical acts by executives and corporations.
I was grateful to every employer who canned me, though my parting words, verbal or written, may not have reflected it. :-)
I left one paranoid boss on "Take your child to work" day. (Coincidence) but the main lesson was not to let anyone abuse you with insulting demands. I left everything in good order and all documentation up front. I always did.
No need for revenge. They all sabotaged themselves way better than I could, even with root passwords, because they did it with their own incompetence and overblown egos.
In my last job, requirements, such as they were, were based on some idea that someone in authority thought we might need. No consideration was given to the needs of the clients of the code. They weren't savvy in the any of the current technologies, so it wasn't even the latest fad.
I developed the skill needed to implement their dumbfsck idea-du-jour quickly and without breaking existing code. However, the resulting code was increasingly more convoluted and incomprehensible. I had inherited a god object that I only added to over time.
When I quit, my boss knew he was not going to find anyone that could keep up my pace, much less understand the code. He tried to get me to stay, but I told him that I will never work on this code again, so there'd be no point in staying.
A couple years later a former coworker told me that the guy that had taken over had a bug in some code that was convoluted but rock solid when I left. I figured he had noodled with the code and broken it. Sucks to be him.
Told my coworker to tell him that my advice it to look for another job.
So yes, I hear you when you say they're perfectly capable of sabotaging themselves.
I've never understood this mentality. Your employer might be the absolute worst but this? This is comitting a crime. To knowingly sabotage a company this way is a crime. Technical people like to look for technical loopholes in laws and might say things "him not being there to stop it happening doesn't make it a crime" or whatever simply don't understand the law.
Likewise, I've never taken a document or a line of code from an employer. There's nothing I've ever written that I couldn't write better if I started again from scratch. And again you were paid to create those things. You might feel ownership over some work product like this but it doesn't belong to you.
Whenever I've left a job, whether it's on good terms or bad, I simply brain dump everything I did and knew and put it out of my mind, hopefully never thinking about it ever again. This is your job, not your life.
It says something about the inhumanity of our contemporary culture that people willingly accept that our employers have no obligations to us in any way.
> I've never understood this mentality. ... This is comitting a crime.
Some percentage of the population is criminals. Of various levels. Most are not the completely ruthless kind, but some are. They're all around us, and we need to factor that in to our decisions.
I’m not making any judgement on this particular event but your rigid way of thinking that because it’s a crime it’s wrong is, well, too rigid.
If I was a citizen of North Korea and I assassinated the great leader technically speaking I just committed a crime too. You see the nuance here? Maybe you think because the laws are American and Americans can do no wrong. Extraordinary rendition was completely legal and a thousand times worse than what this guy did. 10 years for this, 0 years for torture.
I want to hear his side of the story. How did they fuck him over after he gave them years of work.
Looking up the corporation in question (Eaton Corporation), I would say I am not shocked. They seem to have a history of being particularly shitty to their employees.
I thought you were going to say "smart enough to crash an entire company, but too stupid to realize that their intelligence should be put to other uses."
There have always been people like this, that are simply brainsick and petty, but it's something that is probably being exacerbated by the extreme animosity between the people that run companies, and the people that work on the front lines.
I'm not naive enough to think there was a "golden age," when everyone was happy-dappy, but I think it's much worse, now, than it has ever been.
I mean, in order to do big, complicated things, you need teams, and teams need to work together. That means much more than just the "hard" skills of individual intelligence, creativity, and discipline. It's also all the "soft" skills, that help the team to retain cohesion, like mutual respect, loyalty, integrity, etc.
The problem is that the example needs to start from the top, and there hasn't been much of a good example, up there, recently.
It's not difficult to imagine people feeling justified in doing bad things to their team, like deliberately writing shoddy code, taking credit for colleagues' work, bailing out, before their bugs come to the surface, or throwing their teammates under the bus.
I always tried to foster a team that had mutual respect, and could focus on common goals, even when everyone had their own motivations and priorities. In my case, it worked, but I know that I was lucky.
"Whoever he is, he's very cunning and won't do anything to atract attention and we'll never figure it out." ... Richard Priar the lowly data entry drone rolls up to the front door of the building in a lambo with a huge painting in the passenger seat...
Many years ago, I found a piece of corporate code that stopped working when a specific person ID was not marked active in the Users table in a DB for a specific application. That person was the long-time developer responsible for supporting that application, who finally happily retired.
This took a while to happen, since that DB was not kept updated very well, it was easy to find, and nothing malicious happened. Just some bad debug code that made it into prod.
Article is a bit light on the details. It says he was demoted, and there was a restructuring. Why?
Usually when there are motives that are not easy to relate to, the corporate media will tell you what a horrible person they are. When they are easier to relate to, there is a curious silence.
> 237. Developer sabotaged ex-employer with kill switch that activated when fired (theregister.com) 64 points by defrost 7 hours ago | flag | hide | 63 comments
It probably highlights that he was trying to cover his trail?
(Also if he wrote his fork bomb and AD lockout thing on company time using company hardware, then deleting his code for them might count as destroying company property?)
[+] [-] neilv|1 year ago|reply
Has anyone heard of someone getting away with this?
It seems dumb to me. Someone might feel pettiness impulses when wronged, but grievances are what lawyers are for.
(I did hear a variation on this story, where a programmer had artificially rigged up spreadsheets to fail periodically, so that they had to be brought back in as a consultant firefighter to "fix". IIRC, the story was told by a programmer who'd investigated and discovered what was going on. But this is close to standard operating procedure for a lot of development teams, though: through poor technical and business decisions, by accident or design, you guarantee yourself years of encumbered, time-burning work, to maintain and extend that.)
[+] [-] bdangubic|1 year ago|reply
if we heard it she/he would not have gotten away with it :)
[+] [-] rich_sasha|1 year ago|reply
Whether it's true is of course a whole different question.
[+] [-] SoleilAbsolu|1 year ago|reply
I had to bring in a forensic IT expert after terminating someone who twice claimed twice he "might know a way" to read folks' email with no traces in the logs. He had previously mentioned a deadman-switch type setup, but in more of a "wouldn't it be cool" way.
After forensic person found no exploits, the recommendation was to proactively pay the employee a chunk of change with the stipulation that any future hacktivity would be treated as a criminal matter. We didn't do that (employee wasn't smart enough to create an invisible backdoor, or dumb enough to not just walk away).
The bad decisions he made (hiring, vendors, boys' club culture) probably did more damage than malicious code, and it's taken about 2 years to undo it.
[+] [-] olalonde|1 year ago|reply
[+] [-] TheNewsIsHere|1 year ago|reply
They gave themselves licenses for whole factors more physical servers than they ran, just in case, I guess.
I found out about it when an employee sent me a screenshot while troubleshooting an issue with me.
This was probably 15 years ago now.
[+] [-] shipscode|1 year ago|reply
Ethics is lacking in our industry, and as more and more people are laid off, you're going to have the equivalent of tens of thousands of "dead mans switches" going off at every company just out of sheer disincentivization of quality that's become so common in today's engineering culture.
[+] [-] 63|1 year ago|reply
[+] [-] bee_rider|1 year ago|reply
If the customer asks for shoddy workmanship in a system that will have some safety critical application that will hurt the general public, you have a the engineer’s ethical obligation to blow the whistle.
If the customer asks for shoddy workmanship because they don’t care to prioritize documentation and robustness in their ad system, that’s management’s prerogative. The customer can be trusted to represent themselves.
[+] [-] morcus|1 year ago|reply
A deadline is a business decision. An engineer makes a tradeoff (incurring tech debt) in order to meet the business goal. How is this remotely an ethics issue?
[+] [-] tbrownaw|1 year ago|reply
[+] [-] chneu|1 year ago|reply
When the lil person gets a lil revenge we blow it way out of proportion because we're so incredibly desensitized to the constant barrage of unethical acts by executives and corporations.
[+] [-] k310|1 year ago|reply
I left one paranoid boss on "Take your child to work" day. (Coincidence) but the main lesson was not to let anyone abuse you with insulting demands. I left everything in good order and all documentation up front. I always did.
No need for revenge. They all sabotaged themselves way better than I could, even with root passwords, because they did it with their own incompetence and overblown egos.
[+] [-] PopGreene|1 year ago|reply
In my last job, requirements, such as they were, were based on some idea that someone in authority thought we might need. No consideration was given to the needs of the clients of the code. They weren't savvy in the any of the current technologies, so it wasn't even the latest fad.
I developed the skill needed to implement their dumbfsck idea-du-jour quickly and without breaking existing code. However, the resulting code was increasingly more convoluted and incomprehensible. I had inherited a god object that I only added to over time.
When I quit, my boss knew he was not going to find anyone that could keep up my pace, much less understand the code. He tried to get me to stay, but I told him that I will never work on this code again, so there'd be no point in staying.
A couple years later a former coworker told me that the guy that had taken over had a bug in some code that was convoluted but rock solid when I left. I figured he had noodled with the code and broken it. Sucks to be him.
Told my coworker to tell him that my advice it to look for another job.
So yes, I hear you when you say they're perfectly capable of sabotaging themselves.
[+] [-] jmyeet|1 year ago|reply
Likewise, I've never taken a document or a line of code from an employer. There's nothing I've ever written that I couldn't write better if I started again from scratch. And again you were paid to create those things. You might feel ownership over some work product like this but it doesn't belong to you.
Whenever I've left a job, whether it's on good terms or bad, I simply brain dump everything I did and knew and put it out of my mind, hopefully never thinking about it ever again. This is your job, not your life.
[+] [-] goldfishgold|1 year ago|reply
[+] [-] BurningFrog|1 year ago|reply
Some percentage of the population is criminals. Of various levels. Most are not the completely ruthless kind, but some are. They're all around us, and we need to factor that in to our decisions.
[+] [-] ninetyninenine|1 year ago|reply
If I was a citizen of North Korea and I assassinated the great leader technically speaking I just committed a crime too. You see the nuance here? Maybe you think because the laws are American and Americans can do no wrong. Extraordinary rendition was completely legal and a thousand times worse than what this guy did. 10 years for this, 0 years for torture.
I want to hear his side of the story. How did they fuck him over after he gave them years of work.
[+] [-] vivzkestrel|1 year ago|reply
[+] [-] fzeroracer|1 year ago|reply
[+] [-] jarsin|1 year ago|reply
[+] [-] jmugan|1 year ago|reply
[+] [-] progbits|1 year ago|reply
"You only hear about the ones that get caught"
[+] [-] naruhodo|1 year ago|reply
https://www.youtube.com/watch?v=DPmeLibaVwg&t=112s
[+] [-] ChrisMarshallNY|1 year ago|reply
I'm not naive enough to think there was a "golden age," when everyone was happy-dappy, but I think it's much worse, now, than it has ever been.
I mean, in order to do big, complicated things, you need teams, and teams need to work together. That means much more than just the "hard" skills of individual intelligence, creativity, and discipline. It's also all the "soft" skills, that help the team to retain cohesion, like mutual respect, loyalty, integrity, etc.
The problem is that the example needs to start from the top, and there hasn't been much of a good example, up there, recently.
It's not difficult to imagine people feeling justified in doing bad things to their team, like deliberately writing shoddy code, taking credit for colleagues' work, bailing out, before their bugs come to the surface, or throwing their teammates under the bus.
I always tried to foster a team that had mutual respect, and could focus on common goals, even when everyone had their own motivations and priorities. In my case, it worked, but I know that I was lucky.
[+] [-] dietr1ch|1 year ago|reply
[+] [-] ranger_danger|1 year ago|reply
[+] [-] smitty1e|1 year ago|reply
Not that one couldn't make it very hard to tell, but even circumstantial evidence in the hands of a good prosecutor can deliver a conviction.
[+] [-] cozzyd|1 year ago|reply
[+] [-] ttyprintk|1 year ago|reply
[+] [-] jjfjjjjjjjfjjf|1 year ago|reply
[deleted]
[+] [-] Brian_K_White|1 year ago|reply
[+] [-] yaky|1 year ago|reply
This took a while to happen, since that DB was not kept updated very well, it was easy to find, and nothing malicious happened. Just some bad debug code that made it into prod.
[+] [-] thaumasiotes|1 year ago|reply
[+] [-] timbit42|1 year ago|reply
[+] [-] unknown|1 year ago|reply
[deleted]
[+] [-] tehjoker|1 year ago|reply
Usually when there are motives that are not easy to relate to, the corporate media will tell you what a horrible person they are. When they are easier to relate to, there is a curious silence.
[+] [-] amai|1 year ago|reply
https://ransomware.org/blog/beware-the-ire-of-ex-employees/
[+] [-] ttyprintk|1 year ago|reply
I think a white-knight signal would be to rotate ssl keys, trying to intentionally expire the cert. Easy for anyone to grep in code.
The problem is in-between.
[+] [-] neilv|1 year ago|reply
> 237. Developer sabotaged ex-employer with kill switch that activated when fired (theregister.com) 64 points by defrost 7 hours ago | flag | hide | 63 comments
[+] [-] setnone|1 year ago|reply
[+] [-] wodenokoto|1 year ago|reply
[+] [-] tbrownaw|1 year ago|reply
(Also if he wrote his fork bomb and AD lockout thing on company time using company hardware, then deleting his code for them might count as destroying company property?)