General discussion

Locked

IT Admin "Was Fired" But... Was it a GOOD idea?

By Yowye ·
There was an IT Administrator who had been fired from his Company, do to deliberate mismanagement of the companies network systems in order to acquire new products and software for which they proposed - was the best solution in order to fix the problem, however, A.S.A.V.M operates an internal investigation department... one which no employee had been aware of.

They found in there investigation, that this IT Admin, deliberately mismanaged the net work to obtain software and hardware for both personal use and for personal private transactions.

Now there is a new IT Admin running the show, which just became a circus... The old IT Admin, apparently created personal encrypted passwords which have locked in all essential files, and has been unsuccessfully decoded... now the company has become paralyzed by and Admin who no longer is with them.

The first question is... If you were this new IT Admin, what course of action would you take?

And the second question is... Do the companies you work for have back up plans for the unexpected... what ever the unexpected may be?

This conversation is currently closed to new comments.

266 total posts (Page 3 of 27)   Prev   01 | 02 | 03 | 04 | 05   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Jeff I suggest you read the OP

by jmgarvin In reply to Generally agree with wern ...

"They found in there investigation, that this IT Admin, deliberately mismanaged the net work to obtain software and hardware for both personal use and for personal private transactions."

Unethical behavior. This is the first glimpse we get as to how the admin acted and his ethics.

"... The old IT Admin, apparently created personal encrypted passwords which have locked in all essential files, and has been unsuccessfully decoded... now the company has become paralyzed by and Admin who no longer is with them."

I think a lot can be infered here. No company were just "not ask" the admin for the passwords and stay dead in the water. Further, the Admin locked out essential files that the company need to operate and did not provided the passwords because they have "been unsucessfully decoded."

I think I agree with Stress that this is a tort, but IP theft can fall into the criminal realm (although I'm not a lawyer, I just know that IP theft is a fuzzy area as far as criminal vs civil suits)

As far as using grey matter, the OP stated that the admin was unethical and implied that he/she would not give up the passwords....

Collapse -

I read it and I do not see anything illegal about what the IT Admin did

by jeffersnet In reply to Generally agree with wern ...

Since this is the WWW we can't all have the same standards as American's would have. I usually assume that people are not guilty until there is some sort of evidence and it does not ever say in the post that there is evidence. You are trying to read between the lines and I just don't see what you do between those lines.

How about looking at this line, "operates an internal investigation department... one which no employee had been aware of." The internal investigation department may not have any technical knowledge and may assume that since they can't get into the administrator account then it must be encrypted. This secret group may not even have any experience, we don't know because there just isn't any information contained here to lead us to believe that they know what they are doing. If you were to read history books you would find many examples of people who did nothing wrong being investigated by secret units. I've seen people who have been taken to the cleaner because of some moron who has been put in charge of security and they get on a power trip.

I do not get the impression that a fair investigation was conducted at all. I also do not get the impression that most of the people here would be willing to listen to the admin's side of the story if we were able to figure out who he or she is.

We do not know what the person was using the companies system to purchase. It appears as though the admin used his or her own money to purchase something using the companies time and contacts but was it to have a copy of something to gain more knowledge for work? I use my companies time to purchase books from Barnes and Noble so that I can fix problems quicker at work.

While my experiences are not exactly the same as what is posted here I have had a run in with secret investigators in an agency. The investigators tried to go after an employee who was suspended because he had his position listed in his signature of his personal email. The employee wrote a supervisor asking when he would have his hearing and the signature at the end of the email contained his title and below that it listed his work email address. The investigators assumed that he was illegally using the agencies email system because of the signature even though the email came from a personal acccount. The same investigators went after an employee because there was a folder on a file server that was named with that employee's name. The investigators assumed that the employee was responsible for all of the folder's contents even though the whole agency had full permission to the folder. The folder contained pictures of women and even though none of them were nude they charged the employee with using the state's resources for personal gain. The employee received a warning even though no one could prove who placed the pictures there. No one bothered to ask one of the system administrators for information on the folder.

No, I never assume that any secret investigator knows what end is up and what end is down. I will also stick up for people who I feel haven't been given a fair shake until I hear enough of the story to make up my mind. It does make me upset to see so many people being so quick to jump the gun.

Collapse -

Try comprehension then

by Oz_Media In reply to Generally agree with wern ...

Reading something is useless without comprehension. In just about country, it is illegal to tamper with company owned equipment. As the OP stated :
"this IT Admin, deliberately mismanaged the net work to obtain software and hardware for both personal use and for personal private transactions."

This is against the law, in most countries we use the term THEFT to describe such action.

"The old IT Admin, apparently created personal encrypted passwords which have locked in all essential files, and has been unsuccessfully decoded"

This would also be constituted as corporate sabotage and theft, if allegations of such encryption are correct.

Now you have also stated that he was probably never even asked, which is a fair point also and I agree that in most similar cases, the admin would hapily give up such info as needed....but who knows what else he has installed, encrypted or hidden that he still has access to?

Regardless of company policy, regardless of whether this is in America, England, Canada etc. This is still unlawful as it hinders the company's ability to conduct business as it normally does in a day to day fashion. They have had the locks on the front door changed and they weren't given the key. (perhaps that will allow you to see the issue here). Even if they called and he returned with the keys, he has STILL tken it upon himself to change the locks, which would also be just as ilegal.

So while this would most likely be resolved by a simple phone call, what the admin has done IS ilegal by laws in most countries that I've worked in.

So now we come to the investigators, they accuse him of locking out the system, yes that could be fraudulent if proven.
You dont trust investigators, neither do I, the problem is the admin hasn't provided his passwords, this is theft of company property, and if a simple phone call doesnt bring him to action, then a lawsuit should follow. As you say, give hi the benefit of the doubt, if he doesn't offer ALL passwords and open access to ALL systems, have him arrested.
The guy has made unauthorized changes to the system. He has left with private company information, which may even be used to access critical client data, passwords, employee information, financial records, etc. Again, he would be a theif in any country I've visisted.

His ONLY, and I repeat, ONLY way of saving face is to return with all passwords and physically unlock all systems with the new admin present. At that point the company should then change all the passwords, restrict access and provide a strict, written company policy regading usage just so others understand the difference between shopping for office supplies and theft.

With or without policy, with or without investigators and with or without speaking to the admin, he has broken the law and stolen from the company. He can either admit it and come clean, or face prosecution.

Collapse -

No brains, no headache OZ must not need aspirin

by jeffersnet In reply to Generally agree with wern ...

OK, I give in. String him up, it will teach him a lesson. Let's just cut off the hands of everyone who we think may have taken something.

Who cares if the old IT manager really did anything wrong. This is just about finding a reason, any reason, to go after anyone. After all, if you are not able to lift yourself up in any way then the only way you will ever make yourself look better is to step on whoever you can.

I don't care what other stupid thing you have to say, I'm not coming back to this discussion again. While there are a few people here with the power to reason there are way too many without any reasoning power like OZ.

Hasta la bye bye, I'm out of here....

Collapse -

Oz, I think you hurt jeffersnet feelings

by jmgarvin In reply to Generally agree with wern ...

I think he might be crying in a corner RIGHT NOW...

What do you have to say for yourself!!

:-)

Collapse -

Yes it is a federal case!

by jimpen In reply to I just went through this ...

http://www.networkworld.com/research/2000/0626feat.html
"At the time, a relatively new statute made computer sabotage a federal offense if it affected a computer used in interstate commerce and caused more than $5,000 worth of damage to the company over a 12-month span."

http://www.securitydocs.com/library/2998

It is a federal case denying access to a companies property (data).

Collapse -

Iron hand in a velvet glove

by mdisbury In reply to one for the lawyers

You can nicely ask him for the passwords, failing that suggest that the matter will be put into the hands of the legal team, followed up by discussing the matter with every agency in town to make it hard for him to get another job.

Collapse -

ask first

by jeffersnet In reply to one for the lawyers

From what I've read so far I am not sure that anyone asked for the password. A good admin is going to keep the passwords secure and there is a good chance that this person would just tell the new IT manager the password. Of course there are a$$holes out there who would rather go after someone when they are down because some people have no other way of making themselves look good to others. Bad managers build themselves up by stepping on other people.

Collapse -

Agreed

by timbstoke In reply to ask first

Part of a good IT admin's responsibility is precisely to keep the network passwords out of the hands of users. This includes senior management, as much as they would like to suggest otherwise.

In the fired admin's position, I would want a written request from one of the company directors, detailing exactly who I was to pass on my responsibilities to, before I would release any passwords to anyone. If there wasn't anyone in the company who the director was prepared to hand over responsibility for the companies entire infrastructure to, I would leave an email and snail address with the company, so that the director could get in touch when such a person was available.

Collapse -

I agree with John

by brent In reply to one for the lawyers

If he can get away with what he's already done for as long as he did, the last thing you want to do is let him back in. Bruteforce or a Data Recovery Firm would be my choice as well. With documentation for proper litigation if needed.

However, from the admins point, it was his responsibility to maintain security. Giving up passwords to the wrong people would most definitelybe a violation of that responsibility, no whether or not he's been fired. If I were him, I would have left contact info, or requested my replacements public contact info, to pass on the necessary passwords and such. This assumes that I didn't feel jaded in some way by the company that let me go. If I did, I might be a little less willing and then simply let them come to me.

Back to IT Employment Forum
266 total posts (Page 3 of 27)   Prev   01 | 02 | 03 | 04 | 05   Next

Related Discussions

Related Forums