IT Worker Sentenced To Seven Months After Trashing Company Network (theregister.com)
- Reference: 0178244932
- News link: https://it.slashdot.org/story/25/07/01/1552216/it-worker-sentenced-to-seven-months-after-trashing-company-network
- Source link: https://www.theregister.com/2025/06/30/british_rogue_admin/
> A judge has sentenced a disgruntled IT worker to more than seven months in prison after he [1]wreaked havoc on his employer's network following his suspension , according to West Yorkshire Police.
>
> According to the police, Mohammed Umar Taj, 31, from the Yorkshire town of Batley, was suspended from his job in nearby Huddersfield in July 2022. But the company didn't immediately rescind his network credentials, and within hours, he began altering login names and passwords to disrupt operations, the statement says.
>
> The following day, he allegedly changed access credentials and the biz's multi-factor authentication settings that locked out the firm and its clients in Germany and Bahrain, eventually causing an estimated $274,200 in lost business and reputational harm.
[1] https://www.theregister.com/2025/06/30/british_rogue_admin/
...but why?? (Score:2)
I don't understand what his end goal was. He had to know they'd know it was him. It just seems incredibly short-sighted to be that vengeful.
Re:...but why?? (Score:5, Insightful)
People who are vengeful are often also not very rational in that emotional state, history is littered with examples of this and they seem incapable of extrapolating the consequence of their shortsighted actions. In this case, the dude's rampage came about because he was suspended from work which indicates he had already generated a fair amount of "friction" at his workplace.
Re:...but why?? (Score:4, Interesting)
I ended up involved in a similar case as a consultant. Admin was let go and I advised at the time that they consider forcing an across the board password change (This was one of those places where the admins would just ask users for their passwords when troubleshooting with them so they knew a bunch of user account creds). They declined. I was called back a week or so later when stuff started breaking. The old admin offered to come back and "consult" to fix the issues, for a decently high rate of course. He thought they would be grateful and he would make some extra cash off of his revenge while he looked for a new job.
Unfortunately for him I noticed some oddities with how things were broken and started digging. He ended up pleading guilty in federal court.
Re: (Score:3)
No, the guy he caught, lived up to the moniker.
Re: (Score:2)
Yeah those were the days. More than a decade ago I worked for a company that had an IT services business. They had a single administrative account that they used everywhere. All the IT staff, and many others, knew the password to this account. When I pointed out this security problem, they wanted to change it but couldn't, because it was hard-coded in so many places, and used in so many interconnected services, that changing the password would have brough down their entire operation.
Re: (Score:2)
> But seriously
You lost any ability for anyone to take you seriously after this beauty:
> "Mohammed Umar Taj" seemed so nice and respectable
Reputational damage? (Score:5, Informative)
If the company didn't rescind his credentials immediately upon firing, that's all the reputation you need to know.
This is basic security practice taught in every 100 level IT security course.
Re: (Score:3)
He wasn't fired immediately, he was suspended, and did the damage will still an employee.
If he really wanted ... (Score:3)
... to screw over the company, he should have purchased an enterprise VMWare license. And then negotiated a cloud contract with Oracle.
[Saw this posted elsewhere]
These morons never learn (Score:2)
Yes, they will get caught. Yes, they will go to prison. And, yes, they will pay for the damage, probably for a long, long time.
Punishment isn't working. (Score:1)
Why do assume they will pay for anything instead of going bankrupt?
Hard time breaking rocks into gravel is real punishment. Confinement under lax modern conditions is not.
Re:Punishment isn't working. (Score:5, Interesting)
"Punishment isn't working": you can't prove that because it's proving a negative. How many people thought about causing damage to their employer after getting laid off, but decided not to because they knew they would go to prison?
Related to that, even a harsh punishment doesn't necessarily mean that someone will make an illogical choice not considering the consequences; you will never stop 100% of issues like this because there will always be someone who misunderstands their situation and makes an illogical choice regardless of punishment.
Re: (Score:3)
This guy's record will follow him his entire life. These days, it's really hard to get hired anywhere, particularly in IT, if you have a criminal record. That's pretty severe (and appropriate) punishment, in my opinion.
Re: (Score:3)
You appear to believe that increasing the severity of a threatened punishment "enough" will eliminate the sanctioned behavior.
If that were the case, the death penalty would only be applied to the wrongly convicted or intentionally suicidal.
This is because of two interlocking facts: (a) most criminals are not terribly rational, in particular they tend to have broken time preferences. And (b) many crimes like this are "crimes of passion" - e.g. being stupid because you're super angry.
Making prisons more