You can cause mayhem by force pushing all refs as empty though. Then you would likely need to get GH support on the line to restore a backup, if they had them for you.
Ironically a lot of banks and big corps are moving to "cloud dev environments" so it's possible that Brody could have deleted all the dev containers too...
yeah for sure that is definitely an urgent pagerduty request I might have sent once or twice before: /!\ DO NOT CLONE/PULL, DISCONNECT YOUR LAPTOP FROM WIFI
>The court documents state that Brody's employment was terminated after he violated company policies by connecting a USB drive containing pornography to company computers.
And this is why you have one laptop for work, and one for personal stuff, and never use your work laptop as your personal laptop.
Kinda weird line, to me. Curious if it was for connecting a third party USB drive at all, and if so, why mention the porn.
It seems like companies either have a strict USB policy, or don't. If they allow USB drives, it feels odd to me to fire someone over a drive containing porn. What if it was a genuine mistake of confusing two drives or something? Or a genuine drive that happened to just contain something copied by accident.
But if OP was say, copying, streaming, or uploading the files, then that seems like a more clear violation than what the article states.
I have worked at (regulated) places that have a zero-tolerance policy for porn and work computers. Not Illegal, it's Violation of Corporate Policy; a fireable offense
Lots of people drank at lunch, or late lunch. There was also a zero tolerance for (illegal) drugs; no testing. I saw people get terminated for porn, drugs (very obvious ), getting a (married) co-worker pregnant.
I saw a VP keep their job after a drunken accident at a corporate function where they broke their leg.
Yeah, you'd think if he had a legitimate need for USB storage then work would issue it to him right? And then in that case, if he was using a work USB storage device with his personal computer for personal data storage, then that's an issue in its own right, regardless of what the data is, but it seems it would be more straightforward to just say that.
You would think that, but it's rarely true. Getting issued a $10 USB drive could take a ton of paperwork and red tape, and eventually end with a "yeah that use case seems inconvenient but not worth us doing stuff". When you have one sitting on your desk or in your pocket already, that's a tempting one
Honestly in my experience every company I've worked at has had some kind of explicit cybersecurity policy or training telling us not to use USB drives, so from a CYA perspective I think I'd be very hesitant to plug one in to a work laptop at all. But I have only worked at massive corporations, so my experience is limited
I'm surprised banks even allow USB based storage devices to be connected. There are tools you can run on managed systems to block these devices from being able to be used.
I agree but there’s probably selection bias here: the place which doesn’t deactivate accounts when they fire people is so dysfunctional that it’s no longer surprising that they botched harder controls.
banks are just like every other company. Don't assume your bank knows what it's doing just cause it's a bank. Their core product isn't security, it's financial services. They benefit from security sure, but they don't profit off of it directly. They are going to have the bare minimum security, to make everyone feel like they will stay out of the headlines.
Financial services tend to have a lot of compliance related things thrown at them.
The crazy thing is, it wouldn't surprise me if they did this on purpose to capitalize in the future. How else can they get $529,000 to copy git repos from a backup back up onto GitHub?
Unless maybe they have no backups in which case, how is it possible that a banking institution could have code that lasted 50+ years without backups. Also the damages without backups would likely be more than $529,000 because they just lost the entire history of their apps.
Better legal repercussions. In most parts of the world if you went to the cops and said an ex-employee deleted your codebase and wrote mean things on your Intranet, they would chuckle and go back to work. It's probably a huge hassle to file a civil suit against someone who did that either, if it's even possible.
Each hired person carries massively more potential cost to the employer, due to the employer being unable to do much if the employee does things like watch porn on their work equipment, sabotage the company’s tech infrastructure before leaving, or just plainly suck at their job. That extra potential cost has to be paid from somewhere, which is typically coming from the total compensation, which translates to lower factual pay.
Kind of like how working in software dev as a contractor typically nets you more raw money than working in a comparable role doing a similar job for someone else. However, as a contractor you are responsible for paying for things like health insurance yourself. As a hired employee, you will typically have those things provided to you by your employer, but you will get paid less in raw money, because those things get priced into your salary (sidenote: which your employer probably has a discount rate for anyway, so even if it was paid out to you in cash and you paid your own insurance, you would have had net less money, so it is kind of a comparative win-win for both sides here).
For me personally as an employee, I would rather my employer be able to fire me for watching porn on my work equipment or be able to go after me for intentionally sabotaging company’s infra. Because I do not plan on doing either of those things, so just having that extra money in exchange for not being able to do those things unpunished is the easy choice, personally.
> due to the employer being unable to do much if the employee does things like watch porn on their work equipment, sabotage the company’s tech infrastructure before leaving,
Except that’s not really true throughout most of Europe. Yes firing someone for sucking at their job might be more expensive. All the other stuff? Not really, as long as you can prove it
I am not from EU, so I was mostly going off the comment in this thread that was lamenting how “terrible” employment in the US due to employees being easily fireable for watching porn on employer-provided equipment. What you said makes it sound way more reasonable.
You won't necessarily go to jail, but you will have to pay compensation to your employer for the damage you caused if there's proof it was intentional malice on your part, sometimes even if it was accidental.
There are loads of cases like that in the EU. Going to prison I never heard of, but depending on jurisdiction, I assume it's also a possibility if the damage is large enough and affected other parties not just the business of your employer.
Better workers' rights protect you from employer abuse, but don't absolve you from responsibilities of your own actions at work.
You're going to navigate the legal system in India or China because some kid you hired for cheap decided to vandalize your codebase and database? Good luck.
Probably most the world, since as a company they're probably larger and more wealthy than the individual, so where there's a strong rule of law the legal system handles it, and where there isn't they can just grease the wheels of justice with cash. It probably won't take a lot to get them to come down on an individual that also happens to be guilty.
American here - I believe that the comment means "you cannot fire an engineer from their job for this reason (connecting a USB device with porn to a work computer) in the EU"
That's what I would guess too. In general it is much, much harder to fire somebody in the EU than it is in most US states where you can fire for pretty much any reason as long as it's not for being a protected class.
I couldn’t interpret it as anything else as well, but that still leaves me severely confused.
Like, is that supposed to be a brag that in EU it is nearly impossible to fire an employee for watching porn on the employer-provided work equipment? If anything, I would consider firing them for being so stupid as to not consider one of many easily accessible alternatives that they almost certainly had access to, like a smartphone (just hopefully not an employer-provided one).
Porn on a work computer ANYWHERE should be an instant dismissal. The track record of porn sites using nefarious trackers and extorting customers is so well documented anyone viewing it has problems beyond just being a pervert.
He was a cloud developer. That implies some basic technical acumen/knowledge.
It's not about if you are being monitored, it's more about you don't know when/if you are being monitored and how, so why risk it over garbage like pr0n?
I know this, because I've been asked to monitor a number of fellow emps in my career (SysAdmin/Support) and there are just too many bases to cover, so why even bother?
There's simply no way he couldn't afford some beater laptop.. (pun intended..lol)
Bruh, in our EU F500 tech company, our office internet is so slow and the IT policies so strict, backwards and draconic on what SW, services and ports we can use, that our trusty USB 3.0 USB drives are still the fastest and quickest way to share large files like ISOs between us.
I doubt sneaker-net will die anytime soon. There's literally nothing simpler, faster, more reliable and universally compatible for short distance file transfers than a USB drive.
Could it be immediately after the JPMorgan acquisition they were looking for excuses to reduce headcount? Maybe the USB drive incident was sitting in an HR file for a while.
> As alleged, Brody left a few "taunts" in the code that he unleashed on FRB. In particular, he is alleged to have used the word "grok," which the government explains is a misspelling of "grock," which, in turn, means to understand.
IT also failed to put enough checks here. The article states that the employee still had a valid company account that he could use to access the repos.
Yeah but if someone purposely drives into that car with the intention of killing the driver, I'd hope they went to prison even if the victim wasn't wearing a seatbelt
It's totally legitimate to simultaneously hold that the real perpetrator is, er, the perpetrator, and that the victim could have done more to prevent the incident from happening.
Jail the guy, and let his story stand as a warning to implement proper IT and HR practices.
Nobody is excusing him but it’s possible for multiple people to make very bad decisions as part of the same problem. In this case, the bank has almost certainly claimed to have security policies in place which would have prevented any of the damages in question. I don’t even work in banking but “how do you deactivate accounts when someone leaves?” is in every single system’s approval process and ongoing audits.
Think of it as if he had stolen money from them after being fired: there’s no question that the culpability would be his but also regulators and insurance would descend on the bank’s management asking why they lacked such basic internal controls for such very well-known risks. Most places will remove all forms of access as soon as the decision is made to fire someone because it’s the most likely time to have anything from theft to, in the US, a workplace shooting.
When shitty policies are part of the root cause, then yes, the victim also shares in creating an environment that allowed easy victimization.
You wouldn't secure your laptop in the front seat of a car in NYC or Chicago. Just as you are not to blame with the vandalization and theft of said equipment, you also could have did easy mitigations to hamper it.
People who shout "victim blaming" are also refusing to take responsibility for reasonable remediations that would have prevented the bad thing.
There is a symbiotic relationship between HR and IT.
In my orgs, when HR TELLS US, in advance, we nuke the creds while they are discussing the term with HR. If HR doesn't tell us, then we have zero way of knowing to kill their account.
When they don't tell us, then termed users continue to have access... again... because we have no way of knowing to term the access.
Don't underestimate a dumb managers influence on this. Back when I was running an orgs IT we had a similar incident when we fired an employee. HR had given us the heads up when it would happen, and we had someone standing by to kill their credentials (as the meeting started someone would give the final go ahead). Their manager however decided to "get it over with" without telling us, then when said employee asked if they could get some information off their work computer, proceeded to sit with them while they attempted to delete all their work.
I was able to recover it from OneDrives second recycle bin so nothing was lost, but I was livid. This employee was literally being fired because they were refusing to train anyone else on their work for "job security purposes", it's not like we didn't have warning this wouldn't be graceful.
I remove this from HR's and other Department's hands, once IT is made aware. Beforehand, I obviously cannot affect.
They tell IT in advance and maintain the schedule and contact us to adjust or DRAMA. Lots and lots of drama.
Had I been in that situation, I would taken that garbage to my direct Super, which is usually the CFO. I would explain why this is such a horrific idea. They usually agree. If they don't, then I look for somewhere else to work, since I cannot keep PHI secure, when I cannot control who has what access and when.
I'm not going to be held responsible when others callous actions remove all the guardrails. No thanks.
In short, the issue is that the manager didn't keep to the schedule. If they had done it at the proper time HR would have been involved and we would have gotten our notification. Instead the damage was done hours before this was scheduled to happen.
In terms of higher-ups notification the "oh shit can you recover this" call came from the CEO
I don't know what happened to the manager. I can't imagine it ended well for them, pretty much that entire section of the org was on thin ice (acquisition that didn't want to absorb into the company) so I can't imagine it ended well. I know we didn't pursue legal action against the ex-employee, which pissed me off at the time, but I can see the logic in leaving it done and dusted.
The only PHI the company held was what HR had on it's the employees, so not at risk here.
It's often not pursued by a company unless there are literal damages. Morality, sadly, has nothing do to with the decisions corporations make.
I'm glad to know you didn't suffer for this. It happens so much in the tech world that most of us have installed creature comforts in the space under the bus. I've installed a nice recliner, a small, but tasteful lamp and a few good books to read, during my time under it.
Naturally, that sounds on point for every company everywhere.
Though I've heard it's quite common in large enterprises that are fragmented due to a lot of aqui-hires, for corporate HR to forget or miss people they supposed to fire and who still remain on the payroll, especially on the satelite offices where there's no on-prem HR and nobody really knows what's going on from central.
A friend of mine was theoretically fired along with his entire team but just not him because corporate HR forgot about him or something, so he still showed up at the office without his team and without any work to do, badged in and played videogames all day for almost a year while getting paid in full, until some other people started asking "hey, who's is this guy and what does he actually do here all by himself?", then they actually fired him, or more like paid him a generous severance package to leave voluntarily in silence and not tell anyone about HR's blunder.
Was it required he even show up to work? Presumably the checks would keep coming.
On the other hand, in a just world, continuing to show up would make it impossible for the company to try and claw back the money. He was available even if nobody asked anything of him.
I am more interested in how he was caught. There are many people around me who seemingly do nothing, he would just blend into the crowd. Were there layoffs or some other accounting of personnel that forced the issue?
It's usually time. I knew a guy that "worked" at Walmart. His job was collecting the carts. He would clock in, then go on about his day. When it was time to clock out, he would drive back and clock out.
It took 8 months for the store to realize this and fire his butt.
In his case, it was a meeting. It was an All Hands, his timecard showed he was clocked in, but never appeared at the meeting.
>Was it required he even show up to work? Presumably the checks would keep coming.
He had to show up at work because he was never formally fired. If he hadn't showed up at work but still collect his paychecks then it would have been breaking the law and the company would have clawed back all paychecks. By showing up at work he was just fulfilling his contractual obligations, it wasn't his fault nobody gave him any work to do so he was legally entitled to collect paychecks while playing games and doing side projects at work.
> There are many people around me who seemingly do nothing, he would just blend into the crowd.
Not always the case. It might be a thing in large enterprises of US/Anglophone countries from what I noticed, but in German speaking countries it's not really common for people to show up at the office and do nothing all day, the efficiency and work ethic tends to be relatively higher, especially at smaller offices. So you stand out, people will gossip and eventually someone above will inquire about that guy without a team doing nothing.
Sure, you can lie to everyone around you about why you're still here without your team doing nothing so they stop asking questions, but lying can still be considered a felony here if the thing ends up in court and get you in actual legal trouble later as they will still find out eventually about you, so it's best to be honest and legally enjoy the ride while it lasts.
Even if there was severe employee misconduct, in most US states it wouldn't be legally possible to claw back wages that had already been paid to a W-2 employee unless there was a specific contract in place allowing the employer to do so. A few executives have such contracts with clawback provisions (mainly in financial services) but they really aren't a thing for regular employees. If the employee had actually stolen money through fraud or embezzlement then the employer could file a civil suit to recover damages, but wages are a separate issue entirely.
It's legal in Europe to claw back wages if they prove you have been absent from work. Granted, they'll have to sue you for that, but they'll win if your time sheets how you never showed up even though your contract said you should.
> Though I've heard it's quite common in large enterprises that are fragmented due to a lot of aqui-hires, for corporate HR to forget or miss people they supposed to fire and who still remain on the payroll
> Though I've heard it's quite common in large enterprises that are fragmented due to a lot of aqui-hires, for corporate HR to forget or miss people
I've worked at small (<1000 people) firms where there were at least 10 different entitlements systems and removing someone was a nightmare. I can 100% believe that this also happens at large companies (due to acquisition as you mention) too.
Modern IT integrations connect the HR system to the IT to auto-provision (ie, hire) and auto-deprovision (ie, terminate) user access in near-real-time. In this case, once the termination is completed (& approved) in the HR system, the user loses access immediately without any IT involvement.
Which works if every single tool you use is hooked up to your one central authentication provider. Then there are tools that aren't. Entire acquired company's systems that aren't (yet). Parts of those companies nobody know exist and thus aren't ever migrated over etc.
Yeah I have the same (symbiotic) lack of symbiosis relationship with HR so I run scripts and other automated tasks every so often to verify all the employees are actually using the accounts. Sometimes new people get hired and have to wait because HR cannot follow the simple instructions I ask for. Like a person's name typed out and emailed to me.
Historically, I went to the mat arguing that I won't let my departments even create new accounts unless the "new account" form is used. This is PHI, we get 1 chance to get it right.
There has been pushback, but I'm always willing to walk away from jobs that insist on stupid.
At my last job, most of the company was laid off during the early part of the COVID lockdowns.
...Including the IT guy who was responsible for killing everyone's access credentials...
All of us that were laid off watched the company-wide zoom where the CEO tried to blame everyone who had been laid off as dead weight. They managed to get the other IT guy to kill our credentials the following week.
Then they laid the other IT guy off before anybody had sent in their work laptops or other work equipment because the CEO decided that if the offices were going to be closed indefinitely we didn't need an IT guy. The company had to write off more than $1 million in assets that were never returned, including a number of very expensive, very new RED cameras.
A lot of times, IT's "failures" are just the failures of management.
I would wonder what would happen whenever I was frustrated and now I know, thanks. I'll look for a new intrusive thought to have as a coping mechanism.
Reminds me of the furry who got fired from a company and used a backdoor into their web server to tamper with their site after the fact. Only he knew how the server actually worked because it was a custom server whose scripting language was the FurryMUCK extension language. He blogged about this casually on his LiveJournal like it was no big d. Very Dennis Nedry of him. Few years later he was involved in the Ginko Financial scam on Second Life.
Are you sure about that? I was under the impression that the CFAA is broad enough that even if you have credentials to access computer systems, but do so in a way that was not intended, then you have broken the law. Intentional damage is included in that definition too.
Section (a)(5)(A): knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer
I think the big chunk of the penalty is because he lied to the secret service agents rather than the company damage, that being said, why would the secret service investigate a private sector company incident? At most, it should be the FBI afaik
Lying to federal agents to cover up a crime is definitely a big part of the penalty. He got caught and kept digging himself into more crimes.
I’m also surprised the secret service was involved. I wonder if they suspected foreign involvement or considered it a matter of national security because it was an attack on banking infrastructure?
The USSS started as the Treasury Department’s anti-counterfeiting enforcement agency and only later expanded into protecting lawmakers. They still have a mission to protect the financial systems of the United States and I’d imagine anything involving bank IT integrity involves a call for them.
> why would the secret service investigate a private sector company incident? At most, it should be the FBI afaik
The Secret Service started out as an anti-counterfeiting service, expanded into VIP protection, general national financial system security, and for a while general cybercrime, though the latter (outside of where it touched on the other Secret Sevice functions) fell away.
“We also protect the integrity of our currency and investigate crimes against the U.S. financial system committed by criminals around the world and in cyberspace.” https://www.secretservice.gov/about/overview
The Secret Service also does anything with hacking the telecom system, wired and wireless and it looks like they also do some of the internet and infrastructure stuff.
On the federal sentencing guidelines, the base offense level for that is 6 (0-6 months), which is way lower than the fraud's level would end up given the dollar amount.
Why did he do it? I hate having access to things, it's just liability for you. I kept all my company passwords in my company password manager that was linked to my employee email so that if I lost my email access I would lose all passwords to anything company related. Whenever someone texts me a password I delete it after using it.
136 comments
[ 3.4 ms ] story [ 176 ms ] threadhttps://docs.github.com/en/repositories/creating-and-managin...
>Accessed FRB's GitHub repository and deleted the hosted code
And this is why you have one laptop for work, and one for personal stuff, and never use your work laptop as your personal laptop.
It seems like companies either have a strict USB policy, or don't. If they allow USB drives, it feels odd to me to fire someone over a drive containing porn. What if it was a genuine mistake of confusing two drives or something? Or a genuine drive that happened to just contain something copied by accident.
But if OP was say, copying, streaming, or uploading the files, then that seems like a more clear violation than what the article states.
I can see some firms afraid of porn but distributing leaflets about safe fentanyl use, lol.
I saw a VP keep their job after a drunken accident at a corporate function where they broke their leg.
The crazy thing is, it wouldn't surprise me if they did this on purpose to capitalize in the future. How else can they get $529,000 to copy git repos from a backup back up onto GitHub?
Unless maybe they have no backups in which case, how is it possible that a banking institution could have code that lasted 50+ years without backups. Also the damages without backups would likely be more than $529,000 because they just lost the entire history of their apps.
Kind of like how working in software dev as a contractor typically nets you more raw money than working in a comparable role doing a similar job for someone else. However, as a contractor you are responsible for paying for things like health insurance yourself. As a hired employee, you will typically have those things provided to you by your employer, but you will get paid less in raw money, because those things get priced into your salary (sidenote: which your employer probably has a discount rate for anyway, so even if it was paid out to you in cash and you paid your own insurance, you would have had net less money, so it is kind of a comparative win-win for both sides here).
For me personally as an employee, I would rather my employer be able to fire me for watching porn on my work equipment or be able to go after me for intentionally sabotaging company’s infra. Because I do not plan on doing either of those things, so just having that extra money in exchange for not being able to do those things unpunished is the easy choice, personally.
Except that’s not really true throughout most of Europe. Yes firing someone for sucking at their job might be more expensive. All the other stuff? Not really, as long as you can prove it
I am not from EU, so I was mostly going off the comment in this thread that was lamenting how “terrible” employment in the US due to employees being easily fireable for watching porn on employer-provided equipment. What you said makes it sound way more reasonable.
There are loads of cases like that in the EU. Going to prison I never heard of, but depending on jurisdiction, I assume it's also a possibility if the damage is large enough and affected other parties not just the business of your employer.
Better workers' rights protect you from employer abuse, but don't absolve you from responsibilities of your own actions at work.
You're going to navigate the legal system in India or China because some kid you hired for cheap decided to vandalize your codebase and database? Good luck.
Like, is that supposed to be a brag that in EU it is nearly impossible to fire an employee for watching porn on the employer-provided work equipment? If anything, I would consider firing them for being so stupid as to not consider one of many easily accessible alternatives that they almost certainly had access to, like a smartphone (just hopefully not an employer-provided one).
What is this, 2005?
We typically allow exceptions for those that have a common need to use a flashdrive and cannot leverage the typical network for access to the data.
That being said, we prefer not to create these exceptions, for reasons just like this, but it's not always our choice.
My interest is in what kind of grand mal idiot thinks throwing pr0n on a work computer is a good idea!?!?
A naive guy that maybe doesn't think everything he does on the computer is recorded.
It's not about if you are being monitored, it's more about you don't know when/if you are being monitored and how, so why risk it over garbage like pr0n?
I know this, because I've been asked to monitor a number of fellow emps in my career (SysAdmin/Support) and there are just too many bases to cover, so why even bother?
There's simply no way he couldn't afford some beater laptop.. (pun intended..lol)
I doubt sneaker-net will die anytime soon. There's literally nothing simpler, faster, more reliable and universally compatible for short distance file transfers than a USB drive.
This line gave me a chuckle
> As alleged, Brody left a few "taunts" in the code that he unleashed on FRB. In particular, he is alleged to have used the word "grok," which the government explains is a misspelling of "grock," which, in turn, means to understand.
The access should have been cut off right away.
> The only reason this happened was because they failed to secure their own systems, it was bound to happen
Instead, parent said:
> IT also failed to put enough checks here
My emphasis on the "also".
Jail the guy, and let his story stand as a warning to implement proper IT and HR practices.
Think of it as if he had stolen money from them after being fired: there’s no question that the culpability would be his but also regulators and insurance would descend on the bank’s management asking why they lacked such basic internal controls for such very well-known risks. Most places will remove all forms of access as soon as the decision is made to fire someone because it’s the most likely time to have anything from theft to, in the US, a workplace shooting.
When shitty policies are part of the root cause, then yes, the victim also shares in creating an environment that allowed easy victimization.
You wouldn't secure your laptop in the front seat of a car in NYC or Chicago. Just as you are not to blame with the vandalization and theft of said equipment, you also could have did easy mitigations to hamper it.
People who shout "victim blaming" are also refusing to take responsibility for reasonable remediations that would have prevented the bad thing.
In my orgs, when HR TELLS US, in advance, we nuke the creds while they are discussing the term with HR. If HR doesn't tell us, then we have zero way of knowing to kill their account.
When they don't tell us, then termed users continue to have access... again... because we have no way of knowing to term the access.
I was able to recover it from OneDrives second recycle bin so nothing was lost, but I was livid. This employee was literally being fired because they were refusing to train anyone else on their work for "job security purposes", it's not like we didn't have warning this wouldn't be graceful.
They tell IT in advance and maintain the schedule and contact us to adjust or DRAMA. Lots and lots of drama.
Had I been in that situation, I would taken that garbage to my direct Super, which is usually the CFO. I would explain why this is such a horrific idea. They usually agree. If they don't, then I look for somewhere else to work, since I cannot keep PHI secure, when I cannot control who has what access and when.
I'm not going to be held responsible when others callous actions remove all the guardrails. No thanks.
In terms of higher-ups notification the "oh shit can you recover this" call came from the CEO
I don't know what happened to the manager. I can't imagine it ended well for them, pretty much that entire section of the org was on thin ice (acquisition that didn't want to absorb into the company) so I can't imagine it ended well. I know we didn't pursue legal action against the ex-employee, which pissed me off at the time, but I can see the logic in leaving it done and dusted.
The only PHI the company held was what HR had on it's the employees, so not at risk here.
I'm glad to know you didn't suffer for this. It happens so much in the tech world that most of us have installed creature comforts in the space under the bus. I've installed a nice recliner, a small, but tasteful lamp and a few good books to read, during my time under it.
Though I've heard it's quite common in large enterprises that are fragmented due to a lot of aqui-hires, for corporate HR to forget or miss people they supposed to fire and who still remain on the payroll, especially on the satelite offices where there's no on-prem HR and nobody really knows what's going on from central.
A friend of mine was theoretically fired along with his entire team but just not him because corporate HR forgot about him or something, so he still showed up at the office without his team and without any work to do, badged in and played videogames all day for almost a year while getting paid in full, until some other people started asking "hey, who's is this guy and what does he actually do here all by himself?", then they actually fired him, or more like paid him a generous severance package to leave voluntarily in silence and not tell anyone about HR's blunder.
Lucky bastard.
Not a silver bullet, but it covers a majority of these cases.
On the other hand, in a just world, continuing to show up would make it impossible for the company to try and claw back the money. He was available even if nobody asked anything of him.
I am more interested in how he was caught. There are many people around me who seemingly do nothing, he would just blend into the crowd. Were there layoffs or some other accounting of personnel that forced the issue?
It took 8 months for the store to realize this and fire his butt. In his case, it was a meeting. It was an All Hands, his timecard showed he was clocked in, but never appeared at the meeting.
He had to show up at work because he was never formally fired. If he hadn't showed up at work but still collect his paychecks then it would have been breaking the law and the company would have clawed back all paychecks. By showing up at work he was just fulfilling his contractual obligations, it wasn't his fault nobody gave him any work to do so he was legally entitled to collect paychecks while playing games and doing side projects at work.
> There are many people around me who seemingly do nothing, he would just blend into the crowd.
Not always the case. It might be a thing in large enterprises of US/Anglophone countries from what I noticed, but in German speaking countries it's not really common for people to show up at the office and do nothing all day, the efficiency and work ethic tends to be relatively higher, especially at smaller offices. So you stand out, people will gossip and eventually someone above will inquire about that guy without a team doing nothing.
Sure, you can lie to everyone around you about why you're still here without your team doing nothing so they stop asking questions, but lying can still be considered a felony here if the thing ends up in court and get you in actual legal trouble later as they will still find out eventually about you, so it's best to be honest and legally enjoy the ride while it lasts.
Milton has entered the chat.
I've worked at small (<1000 people) firms where there were at least 10 different entitlements systems and removing someone was a nightmare. I can 100% believe that this also happens at large companies (due to acquisition as you mention) too.
Here's an example of how Microsoft supports auto-provisioning from SAP Successfactors for this: https://learn.microsoft.com/en-us/entra/identity/saas-apps/s...
The budget to pay for it.
There has been pushback, but I'm always willing to walk away from jobs that insist on stupid.
...Including the IT guy who was responsible for killing everyone's access credentials...
All of us that were laid off watched the company-wide zoom where the CEO tried to blame everyone who had been laid off as dead weight. They managed to get the other IT guy to kill our credentials the following week.
Then they laid the other IT guy off before anybody had sent in their work laptops or other work equipment because the CEO decided that if the offices were going to be closed indefinitely we didn't need an IT guy. The company had to write off more than $1 million in assets that were never returned, including a number of very expensive, very new RED cameras.
A lot of times, IT's "failures" are just the failures of management.
Ugh, it could be anyone of us!
Some men just want to watch the world burn.
Section (a)(5)(A): knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer
Sabotage is sabotage. Just because it was done with a computer is of little point here, other than the specific law to target.
I’m also surprised the secret service was involved. I wonder if they suspected foreign involvement or considered it a matter of national security because it was an attack on banking infrastructure?
The Secret Service started out as an anti-counterfeiting service, expanded into VIP protection, general national financial system security, and for a while general cybercrime, though the latter (outside of where it touched on the other Secret Sevice functions) fell away.
“We also protect the integrity of our currency and investigate crimes against the U.S. financial system committed by criminals around the world and in cyberspace.” https://www.secretservice.gov/about/overview
> impersonated other bank employees by opening sessions in their names
Did he get extra time for grok references? It’s just an odd thing they added to the list.