#2. Joseph Nolan and Jason Cornish Should Not Be Trusted With Passwords
Not every hacker out there is a computer genius: Sometimes all it takes to do some serious damage is a little password. It seems really obvious, but one thing that security experts have to keep reminding companies is that if you're gonna fire someone, it might be a good idea to change your damned passwords. Especially if the guy you fired happened to be a vindictive asshole.
Take Jason Cornish, a former IT administrator at the U.S. subsidiary of Japanese drug company Shionogi, who, after being fired for the second time that year (he was let go in July 2010 but brought back as a consultant, then fired again in September), decided to spend his wealth of free time messing with his former employer.
Throw in a mini-fridge, and you never have to leave the keyboard.
Over the next four months, Cornish attempted again and again to access the company's network -- using the passwords and system knowledge he acquired while working there -- until he succeeded in February 2011 and trashed 15 virtual hosts containing vital information. Oh, and he did that while sitting in a McDonald's, leeching off their free Wi-Fi.
Cornish's attack "froze Shionogi's operations for a number of days" -- employees were no longer able to ship products, cut checks or send emails, because all that stuff and more depended on the hosts that he deleted. Perhaps he wanted his former colleagues to know what it feels like to be unemployed and have nothing to do all day, although it's more likely that he was just being a douche. His attack cost Shionogi $800,000 in damages, and Cornish now faces 10 years in jail and a hefty fine. It wasn't hard to catch him; while he was smart enough to do it from the McDonald's public Wi-Fi connection instead of his own, he actually used his fucking credit card to buy food there five minutes before the attack.
Presumably while yelling, "I AM JASON CORNISH, AND I AM GOING TO HACK THINGS AT THAT BOOTH!"
But Cornish isn't the only disgruntled IT guy of dubious intelligence who abused passwords to get revenge on his old company. Joseph Patrick Nolan resigned from the Ann Arbor-based Pentastar Aviation in January 2007, but later found out that he wouldn't get his last paycheck because he neglected to sign his separation agreement in time. Nolan took the news like the mature 26-year-old that he was, by which we mean that he logged in to the company's computer system and took a shit all over it.
Nolan accessed his former employer's database and proceeded to obliterate an entire computer drive containing personnel information and payroll records, presumably figuring that if he didn't get paid, no one else should. It cost the company between $30,000 and $50,000 to repair the damage over the next few months, and in the meantime everyone at the office had to be called "that guy" or "that other guy."
"Well, for right now, I just put you in as Butt Muscle. So you'll probably want to let your bank know."
At least Cornish carried out his anonymous attack from a public Wi-Fi connection -- Nolan did it from his own apartment, and it's not clear how anyone mildly familiar with computers could have expected to get away with it. He was sentenced to four years probation, had to pay $1,158.25 to Pentastar and was even shamed into quitting his sweet new job as a senior infrastructure specialist at the Ann Arbor Information Technology Department. Hopefully he remembered to sign the damn agreement this time.
#1. Timothy Lloyd Plants $10 Million Time Bomb
When Timothy Lloyd was fired from Omega Engineering, a company that produced equipment for the U.S. Navy and NASA, his employers thought they'd finally gotten rid of a rogue programmer who bottlenecked and sabotaged projects to make his colleagues look bad and generally acted like a massive dick toward everyone. He was like every bad IT guy stereotype put together. What they didn't know was that even after he was gone, Lloyd would continue haunting them through six little lines of code he had written into the main computer that would pretty much ruin the entire company:
We're assuming every programmer reading this just shat their pants.
Lloyd had worked at Omega since the '80s and was at one time their star employee. However, as Omega expanded, Lloyd felt he was losing relevance and being marginalized (his being a dick probably didn't help). Rather than stepping up his game and proving he still had it, Lloyd started devising a Machiavellian plan. In early 1996, months before his firing, he began testing a little program that would be triggered at a specific date, running a simple line of code that would delete a certain sector of the main server.
At the same time he started centralizing the most important documents in the company's file system in the same place, and asked for access to the only backup tapes for those files. Meanwhile, he began visiting job fairs and interviewing at other companies.
He also sought revenge for the death of the other two Gruber brothers.
And so on July 10, 1996, Lloyd had to act all surprised when he was finally fired from Omega, doing his best to suppress the maniacal laughter roaring inside of him. Because, you see, exactly 20 days after his firing, on July 30, employees at an Omega manufacturing plant in New Jersey logged in to a computer terminal ... and everything was deleted. More than a thousand design and production programs (i.e., the whole thing they did at Omega) were wiped out in seconds, which ended up costing a staggering $10 million to the company and killing their bright future. In the '90s Omega was a rising manufacturer with contracts all over the world -- today they don't even have their own Wikipedia page, and it's probably all on this guy.
But wait, how could something like that even happen? Didn't they have backups or something for such important files? Yep -- Lloyd had taken them home in the weeks before his firing (along with $50,000 worth of stolen equipment) and deleted them. The baffling thing here is that Lloyd created this complex plan to get revenge on something that hadn't happened yet -- he knew he was such a colossal dick that they had to fire him at some point, and in preparing for the eventuality gave them an even better reason to do it.
"I give this company years of dedicated service, and you fire me just for plotting its downfall?"
He was eventually sentenced to three years in prison and ordered to pay a $2 million restitution. While his career as a programmer is probably dead by now, we think he could make some decent money doing consulting work for supervillains.
Benjamin Buso lives in Texas and is currently seeking employment in security consulting.
For more insight into people you should be careful around, check out Why Tech Support Sucks: A Look Behind the Scenes and 6 Reasons The Guy Who's Fixing Your Computer Hates You.
And stop by LinkSTORM because it's Friday and who wants to work?.
Do you have an idea in mind that would make a great article? Then sign up for our writers workshop! Do you possess expert skills in image creation and manipulation? Mediocre? Even rudimentary? Are you frightened by MS Paint and simply have a funny idea? You can create an infograpic and you could be on the front page of Cracked.com tomorrow!