“DROP DATABASE”: What not to do after losing an IT job
- Thread starter JournalBot
- Start date
eduardopozo56
Ars Centurion
Regardless of how unhinged, reckless and stupid this brothers are, the things i got from this story are:
This is a systematic fail on so many levels..
- Passwords in plaintext and accessible.
- Absolutely no guardrails or protection/access control
- Somehow they got employed and access again to government databases AFTER being in jail for wire fraud and computers.
This is a systematic fail on so many levels..
Upvote
602
(603
/
-1)
I have given unsatisfactory employees the opportunity to tender their resignation, which obviously means they retain their credentials for a time. It is a risk. I would not give that opportunity if I were about to fire them for the express reason of committing crimes with their credentials!
Also, that goofus has utterly incredible handwriting. I have never seen such a thing. Maybe he can teach lessons in prison?
Also, that goofus has utterly incredible handwriting. I have never seen such a thing. Maybe he can teach lessons in prison?
Upvote
235
(239
/
-4)
Offboarding is constantly being stressed by infosec at the company I work for (understandably so). Lots of problems going on at this place as others have pointed out but that missed offboard really screwed them.
Upvote
68
(68
/
0)
Who the hell gave them tech jobs after serving time for wire fraud? Especially jobs as government contractors? Doesn't SOC-2 require firms to do background checks?
I swear, the number of hours I put into maintaining my professional reputation, being honest on my resume and in interviews, and overall just striving to be a good responsible human seems less necessary every day. Not that I'm going to stop, but it's infuriating to see assholes like this getting second chances.
I swear, the number of hours I put into maintaining my professional reputation, being honest on my resume and in interviews, and overall just striving to be a good responsible human seems less necessary every day. Not that I'm going to stop, but it's infuriating to see assholes like this getting second chances.
Upvote
304
(304
/
0)
How did they have a wire fraud conviction and still pass the background check for a job with a federal contractor?
How the hell were they free for 9 months after the search?
How the hell were they free for 9 months after the search?
Upvote
148
(148
/
0)
Just here to give some props to Muneeb for his excellent penmanship and adherance to the standard legal filing format.
Upvote
101
(101
/
0)
I can't answer the first question, but as to your second one... this is actually quite common. A warrant is usually executed to gather information, and there's commonly a significant gap between warrant execution and arrest.
Upvote
72
(72
/
0)
Muneeb apparently wants to proceed pro se. I wonder if an LLM convinced him to do this.
Upvote
38
(39
/
-1)
Oh please, please let it go forward pro se. I haven't had enough reasons to have popcorn lately.
Upvote
48
(48
/
0)
Off topic, but I would find it so satisfying to use a gigantic dedicated Delete button like this.
Upvote
139
(140
/
-1)
That, and the fact that they had passwords in plaintext might be the reason why one of the brothers claims that the contractor is also being investigated by the Feds.
Upvote
83
(83
/
0)
Criminal background checks are outsourced to a vendor. I am wondering what went wrong for this to be missed. Did the employer not do a background check? Did the vendor screw up?
Also, it took less time for the DOJ to try to indict Mark Kelly for making a video stating the law than it took for the DOJ to indict these two idiots after they deleted 96 government databases and compiled a database of stolen credentials for fraudulent use.
Upvote
156
(156
/
0)
I joke that the hardest/dreadest thing I do at work every year is write Christmas cards to my team.
(it's not a joke)
Upvote
35
(36
/
-1)
(Former attorney here) I understand that it takes time - but 9 months? For the kind of shit they pulled?
Upvote
65
(66
/
-1)
For some reason I pictured these two as the McPoyle brothers from It's Always Sunny in Philadelphia while reading this
Upvote
18
(19
/
-1)
Yeah but then Compy 386 blares NICE TRY! and NOTTA CHANCE!
Upvote
11
(11
/
0)
Funny that the headline focuses on the failure to revoke access prior to firing, when there are so many other (and far worse) failures.
Just a reminder that a malicious employee can find ways to destroy things even after their access is cut off. https://www.bitdefender.com/en-us/b...finite-loop-logic-bomb-on-ex-employers-system
Just a reminder that a malicious employee can find ways to destroy things even after their access is cut off. https://www.bitdefender.com/en-us/b...finite-loop-logic-bomb-on-ex-employers-system
Upvote
21
(22
/
-1)
If I had a company that careless, that would be an ideal name for all the lawsuits.
Upvote
27
(27
/
0)
dhsproddbOMG the database name.
The company is Opexus.
Edit: link
https://cyberscoop.com/opexus-background-checks-insider-attack-muneeb-sohaib-akhter/
Upvote
88
(90
/
-2)
According to The Bobs it's best to fire people on Friday afternoon, less chance of an incident.
Upvote
72
(72
/
0)
I worked at a place where layoffs were expected. Tried to get into my office, key card didn't work.
Turned out I had started exactly on the day rwo years before the layoffs, and for security reasons you had to get a new key card with a new photo every two years. I was safe, but almost ten percent lost their job that day.
In the UK it is not uncommon to get 6 months of redundancy, I think that might be cheaper for a company. And you will focus on getting a new job say within two months and you can put four months redundancy in your pocket.
Turned out I had started exactly on the day rwo years before the layoffs, and for security reasons you had to get a new key card with a new photo every two years. I was safe, but almost ten percent lost their job that day.
In the UK it is not uncommon to get 6 months of redundancy, I think that might be cheaper for a company. And you will focus on getting a new job say within two months and you can put four months redundancy in your pocket.
Upvote
60
(60
/
0)
Didn't we hear about these two semi-recently or was that someone else that also had a history of criminal activity that went on to work for the government (directly or indirectly) that did something like this?
Upvote
17
(18
/
-1)
These guys were just dumb. For the amount of knowledge these guys had, it was increadibly stupid and short sited. Doing something like this leaves all kinds of digital fingerprints. When the FBI eventually gets involved, they WILL tie it to you. For the type of attack these brothers executed you would need to do an insane amount of follow up work to cover your tracks.
The deal is, as an admin you will always be suspect number 1. The fact that you were just fired would elevate that suspicion further. Then investigators would just need to do some data recovery on wiped drives or go through some obscure audit log and they'd have you. Unless you have very specific, very special training that covered all scenarios, the time to plan properly, and the time to properly execute it, your ALWAYS going to loose when attempting something like this (you would also need intimate knowledge of there IT infrastructure, but I left that one out since the brothers should have had that).
The deal is, as an admin you will always be suspect number 1. The fact that you were just fired would elevate that suspicion further. Then investigators would just need to do some data recovery on wiped drives or go through some obscure audit log and they'd have you. Unless you have very specific, very special training that covered all scenarios, the time to plan properly, and the time to properly execute it, your ALWAYS going to loose when attempting something like this (you would also need intimate knowledge of there IT infrastructure, but I left that one out since the brothers should have had that).
Upvote
57
(61
/
-4)
My takeaway is...
In the Year of our Lord 2025, who the hell is running a 2012 server. EOL was October 10, 2023. There is extended support you can buy but its not cheap.
In the Year of our Lord 2025, who the hell is running a 2012 server. EOL was October 10, 2023. There is extended support you can buy but its not cheap.
Upvote
68
(68
/
0)
For anyone else getting a sense of deja vu, I think these are the same brothers from https://meincmagazine.com/information...ped-gov-databases-after-being-fired-feds-say/.
Real model employees, these guys.
Real model employees, these guys.
Upvote
71
(71
/
0)
Thanks; I hadn't seen the Cyberscoop story. I've added some of that info as a brief update to the piece.
Upvote
47
(47
/
0)
If my boss was like "Hey, what should we name the DHS production database?" I'd probably come up with the same thing. Or maybe dhsprddb so the columns align nicely with the dev & stg instances.
Upvote
62
(63
/
-1)
Didn't one (or more, likely) of the DOGE goons have a criminal record? Or was at least under indictment for something? Seem to recall that, anyway.
Upvote
13
(17
/
-4)
Their big mistake was not publicly proclaiming that they took a stand against DHS.
Upvote
17
(19
/
-2)
Upvote
33
(33
/
0)
So you steal personal data with the purpose of illegally benefitting from that, then go ahead and delete DBs, so that it is perfectly obvious someone was tampering with data. This must be the definition of dumb.
Upvote
29
(29
/
0)
