Sysadmin 'trashed old bosses' Oracle database with ticking logic bomb'
Always ensure the office laptop gets returned
A systems administrator is being sued by his ex-employer, which has accused the IT bod of planting a ticking time-bomb on company's servers to wipe crucial data.
Nimesh Patel, of Shrewsbury, Massachusetts, is alleged to have broken the Computer Fraud and Abuse Act, trespassed, and committed conversion – that's legal jargon for using other people's property for a crime.
For 14 years, Patel worked at high-performance computing chip biz Allegro MicroSystems as a sysadmin, with particular responsibility for programming the shop's Oracle financial database system. He resigned on January 8, 2016 but is accused of then trying to sabotage the company.
Over the course of his employment Patel was issued two laptops, which his bosses requested he return. Patel gave back one of the original laptops, and another unissued laptop, after completely wiping the hard drive.
The chip designer alleges the second work laptop was kept so that Patel could still access the company network and because it still contained a file with all the employees' login data and passwords.
Court documents filed in a Massachusetts district court by Allegro claim that on January 31 that year, Patel trespassed on company property to get within wireless range of the network, and then used the laptop to log into the network using the account of his subordinate staffer. He then uploaded malware into the Oracle financial gear.
The code was designed to activate on the first day of Allegro's financial year, April 1. The software was designed to delete key financial figures and records from the system.
The software worked as designed, and two weeks into April the accounting department noticed something was wrong. Allegro called in investigators, who found the malicious code on April 25, along with evidence that Patel had used the second laptop to access the network after he had left the job.
The biz claims that the only other employee with the skills to write code for the Oracle database had left before Patel's departure. It also alleges he logged into the network using the subordinate's ID before he quit the job.
Allegro claims the meddling cost it over $100,000, and it is seeking to recover these costs from Patel plus its legal bills and any damages the court levies. The lawsuit was filed in August 2016, but is still rumbling on. Late last week, District Judge Timothy S. Hillman was told "discovery is ongoing and on track" and the "parties do not believe [the] case is ripe for mediation."
In other words, right now, it's heading to trial. ®
Sponsored: Becoming a Pragmatic Security Leader