Cracked.com is a humor site, but it’s recent story Revenge of the IT Guy details five instances where someone who had been fired from the company was able to carry out a revenge plan that caused substantial organizational pain. In almost all these cases, good administrator account deprovisioning policies would have saved the organization. While some organizations were smart enough to change the fired IT guy’s password during the firing process, they didn’t go and force password changes on other members of the IT staff or go and look for backdoor administrator accounts that may have been created at some point in the past. Having good procedure isn’t just necessary if your organization is about to fire an admin – an administrator who leaves voluntarily for another job might actually have a substantial grudge and decide on a little post-employment payback.
The other thing you’ll pick up when you read this story is that all of these guys got caught. I’m willing to bet that for every fired admin that goes on a rampage that gets caught, there are a bunch who get away with it because they are a lot better at covering their tracks!
The other lesson to take away from this is that if you are going to take revenge on your organization – and you are smart enough to use a public Wi-fi point to carry out your attacks – ensure that you don’t go and pay for your food at the register using a method that is easily identifiable like a credit card five minutes before performing your intrusion!
Check out my new book that includes some of the things you might not know about Windows Server 2008 R2: