The 10 baddest IT pros
BOFHs who got caught
In 2008 a survey of 300 sysadmins by Cyber-Ark grabbed a lot of press coverage when a whopping 88 per cent of respondents said they would steal company information if fired.
BOFH: Let's go to work!
One quarter said their organisations had suffered internal sabotage and security fraud, and one third believed that industrial espionage and data leakage had occurred within their company.
Could this be why BOFH (the Bastard Operator from Hell), Simon Travaglia's long-running column about a fictional psychopathic sysadmin-cum master of social engineering, is so popular?
A lot of sysadmins were having fun perhaps at Cyber-Ark's expense. But halve the figures and then halve again - and that's still a lot of rogue IT employees out there. And a lot more who would go nuclear if you diss their gruntle or fire them.
It's surprising then how few IT pros end up in court. Perhaps the other baddies are evil geniuses or maybe their ex-employers prefer to sweep internal mishaps under the carpet.
We can speculate - but we can tell you about the worst ones who got caught - all except one ended up in court.
In descending order here is our league table of the 10 baddest IT pros. We have also set up a poll for you to vote on your top rogue employee. And please do share your experience of co-worker evilness in the El Reg Forums.
To the list.
10. Traffic light saboteurs
Gabriel Murillo and Kartik Patel, traffic engineers, LA. In 2006, Los Angeles traffic engineers went on strike. As a precaution, managers blocked access to the computer that controlled the city's 3,200 traffic lights but two strikers Murillo and Patel used stolen supervisor credentials to gain access.
Inside, they disconnected signal control boxes at four of the city's busiest intersections. Murillo then hacked the system to prevent managers from reconnecting the lights. It took four days to restore the system.
Wired.com names this caper as one of the top 10 cybercrimes of the Noughties. Really? The judge who put Murillo and Patel on probation appears to have more perspective.
9. Not deadlier than the male
Patricia Marie Fowler, IT technician, Florida, was sentenced to 18 months in prison and ordered to pay restitution of $17,243 for interfering with employee records at the Suncoast Community Health Centers (SCHC) located in Ruskin, Florida.
Fowler makes our list as she is one of just two females IT pro gone bad that we have uncovered.
8. The cable-cutting engineer
Terrance Tan Khoon Shan was handed a 15 month prison sentence after the disgruntled engineer was found guilty of cutting $185,000 worth of fibre optic broadband cables.
Tan's defence argued that he had mental problems and when that was rejected by the judge, said his crime was merely opportunistic. That was rejected too - after all, "opportunistic" is an unusual description for the 617 separate occasions that Tan cut the cables.
7. Drunk and upset
David Anthony Mcintosh, IT consultant, Australia, deleted 10,475 user accounts belonging to employees of Australia's Northern Territory government. It took 130 experts five days at a cost of $1.25m to restore the system. McIntosh resigned his job at the NT gov in April 2008 and a month later sabotaged its system, to try to prove that there were security vulns.
Also he was drunk and upset that his fiancee had broken off their engagement. McIntosh was sentenced to three years and four months and said he would retrain as a chef on his release. God forbid he breaks up with his girlfriend again.
6. The IT urine bandit
Foley: I know you need a toilet break but this is taking the piss
Raymond Charles Foley, IT worker, Iowa, was dismissed and charged with criminal offences after urinating on the chairs of female colleagues he found attractive. Foley searched the employee database to seek out his hotties. "I was doing inappropriate things I shouldn't be doing," he told his employer. Well, yes.
Foley's company, Farm Bureau Financial Services, spent $4,500 to make good the damage. We guess Foley's marks got new chairs.
5. San Francisco lock-out
Terry Childs, network engineer, San Francisco, is probably the most infamous rogue IT employee of all. He was arrested in June 2008 for refusing to reveal the passwords of San Francisco's main computer network. He said he never intended any harm, but did not trust his bosses with the passwords.
San Francisco was locked out of its FiberWAN network for 12 days and Childs served two years in jail. In May 2011, Childs was ordered to pay $1.5m to the City of San Francisco in restitution costs.
4. Tried to kill Fannie Mae
Rajendrasinh Babubhai Makwana, a Unix sysadmin from Maryland, was sentenced to three years in January 2011 for trying to wipe out the financial data of Fannie Mae, America's biggest home mortgage provider.
Makwana, a contractor for more two years at Fannie Mae, was fired on the spot for changing settings on the organisation's 5,000 servers without authorisation. His access to the company network was shut a few hours later and in the meantime Makwana wrote a malicious scrip intended to destroy all data from Fannie May networks on 31 January 2009.
A co-worker found the script a few days after Makwana was fired and some weeks before the logic bomb was due to explode.
3. Pirate and porn entrepreneur
We would have placed 'Ed', a preternaturally corrupt sysadmin from Pennsylvania, uncovered by Computerworld, even higher on our baddest IT pros league table if we had more than a pseudonym to go on.
Ed used a dummy company to sell half a million dollars worth of pirated software to his employer, and ran a pay-for-porn operation using the company's servers. He had also hacked the company's ecommerce servers and had downloaded the credit card information of 400 customers. And he had sole access to all admin passwords.
Ed merely got fired - and his employer, a $250m Pennsylvania retailer, spent surprisingly little, an estimated $250,000-$300,000, to clear up the mess.
We wonder where Ed is working now.
2. UBS Logic bomber
Roger Doronio, sysadmin, New Jersey, was sentenced to eight years and ordered to pay $3.3m restitution for seeking to harm UBS and profit from his actions.
Duronio quit UBS when he got a smaller than expected bonus. He created the logic bomb which would delete all the files in the host server in the central data centre and then every server in every branch. On March 4, 2002 some 2,000 servers did go down and 400 branch offices were hit. Backup systems did not work and files were deleted.
Expecting the share price of UBS to fall in response to the damage caused by the logic bomb, Duronio purchased more than $21,000 in put option contracts for UBS's stock. A put option is a type of security that increases in value when a stock price drops, But Duronio got it wrong.
The day the "defendant quit UBS he walked out of their offices and straight to his broker's office to bet against UBS. his broker, Gerry Speziale, testified at the trial that an angry Duronio said words to the effect, 'God knows what I can do to get even'."
1. Endangered health of thousands
Jon Paul Oson, technical services manager, Southern California. Sentenced to more than five years and ordered to pay $409,000 in restitution for destroying the records of thousands of low income patients of a San Diego non-profit.
Oson saw red with the "interpersonal difficulties" cited in a performance evaluation for his job as an IT manager for the Council of Community Clinics.
He resigned and soon after logged into the servers of his former employee. From there he disabled a program that backed up medical records of thousands of patients. Six days later he logged on again and "in the span of 43 minutes, methodically deleted the files containing patients' appointment data, medical charts and other information."
Jon Paul Oson tops our league table of rogue IT employees - because he messed around with people's health. But who do you think is the baddest IT?
That's the El Reg IT rogues gallery. We are probably just scratching the surface. Tell us about the most dishonest, vengeful IT pro you have worked with.
Also we are thinking about compiling an article about the most incompetent IT pros. Commentards, share your experiences. Indiscretion is guaranteed, but remember post nothing that can identify someone to others.
Dishonourable mentions - IT rogues who did not make our Top 10
Jason Cornish - revenge is not sweet
David Barksdale - Google snooper and show-off
Ismael Alvarez - small scale revenger
Douglas James Duchak- tried to sabotage terrorist screening database
Sam Chihlung Yin - Gucci grouch
Not just IT pros
Sponsored: Transform Your IT Infrastructure