While we fire the boss, can you lock him out of the network?
And he would have got away with it, too, if it weren’t for this one tiny backdoor
On Call Welcome once more, dear reader, to On Call, The Register's weekly reader-contributed column detailing the delights and dangers of working in tech support.
This week, meet a reader we'll Regomize as "Alvin" who regaled us with the tale of the time one of his clients told him their chief network engineer was suspected of having improperly accessed HR files.
Their evidence for the allegation was temp files that showed the engineer's account had been used to open certain documents he had no business seeing – never mind reading as thoroughly as the metadata trail indicated.
Alvin was asked to sit in on a disciplinary meeting, in which he would share his opinion that the temp files were damning evidence.
"The engineer was very skilled at gaslighting the management regarding such things, and without me present they feared he would just flim-flam his way out of trouble – and not for the first time," Alvin told On Call. The intended outcome was a severe wrist-slap that left the engineer chastened, but happy to continue his important contribution.
Alvin's advice was that this approach was not sufficient. The org had lost confidence in a critical employee and would never be able to trust him again. Only a dismissal would do.
The biz countered that the engineer had done good work for years, and had built the network from scratch. Dismissal would mean losing important corporate memory.
Alvin responded that an untrustworthy employee should not be retained, and won the day. So a plan was hatched: while HR fired the engineer, Alvin would revoke his network access to ensure no revenge could be wreaked.
- People power made payroll support in putrid places prodigiously perilous
- CEO arranged his own cybersecurity, with predictable results
- ‘I needed antihistamine tablets every time I opened the computers’
- Superuser mostly helped IT, until a BSOD saw him invent a farcical fix
To make that possible, Alvin was provided with network credentials that let him plan the deed. As he rummaged around the network, he found a VPN connecting to what looked like a residential address. And at that address he found half a dozen servers laden with company files.
"The chief engineer had built a hot backup site for the company in his apartment," Alvin told On Call. "When they asked him about it during the HR meeting, he claimed that he'd told the company they needed a hot backup site, and when they balked at the cost he had decided out of the goodness of his heart to build one for them in his home and just not tell them about it."
The engineer was duly let go, under an agreement that ensured the backup servers were handed over. All passwords were then changed and the business carried on – just without its network engineer.
For several months, all was well.
But after a time Alvin was asked why the org's network was running so slowly.
"It turned out I had overlooked an important change on the engineer's last day: I had not thought to contact the ISP and remove the engineer's name from the list of people authorized to make changes."
And changes had been made. The former engineer had throttled the bandwidth on the company's account. Which explained why the network was so slow.
Not to mention confirming that firing the engineer was the right course of action.
"The company took no disciplinary action against me for my oversight, nor their former network engineer for his sabotage, but chalked it up to a lesson learned for everybody," Alvin told On Call.
Have you been asked to help fire a colleague? Or encountered extensive undocumented tech? If so, click here to send On Call an email and we may feature it in a future column. ®