Thailand Continues To Try To Mimic China With Internet Censorship

Are 88% Of IT Admins Really On The Verge Of Stealing Sensitive Company Info?

from the unlikely dept

Thu, Sep 4th 2008 7:16am — Mike Masnick

You can't trust your IT admin -- or at least that's the story being pushed by a security firm that released the eye-catching study results saying that 88% of IT admins surveyed would take "sensitive company" info such as passwords, if they were fired. We've all heard stories about disgruntled tech workers, so perhaps some part of this feels true, but that 88% number just seems way too high. The security company obviously has every reason to push a high number, as it's goal is to sell solutions that help deal with this supposed "problem." And, of course, it fails to release the actual details of the survey, such as how the questions were worded. While I'm sure there are some IT admins who would do so, it seems highly suspect to claim that almost 90% of IT admins would act in such a manner.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: disgruntled it workers

47 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

PaulT (profile), 4 Sep 2008 @ 7:23am

The key phrase here is "if they were fired". A person working in a company and/or leaving on amicable terms would not be likely to steal company info. If a person is fired, that person will feel wronged and probably feel that their employment was wrongly terminated.

In those circumstances, most people in any profession will look for a bit of petty "payback". Some might smash furniture or slash their bosses' tires. Others might be more subtle - stealing clients, reporting perceived bad company practices to the authorities, etc.

A sys admin will have all the hardware, software and data of the company at his disposal. Most of us would think about damaging the company that just canned us in some way, and stealing data or sabotaging the working systems is often the easiest way, especially if your replacement is slow on blocking all your access.

The moral of the story is simple: try to break off with former employees in the best terms possible and then ensure that sensitive data is not available to that person after you've broken the news.
[ link to this | view in chronology ]
- Anonymous Coward, 4 Sep 2008 @ 8:29am
  
  Re:
  "The moral of the story is simple: try to break off with former employees in the best terms possible and then ensure that sensitive data is not available to that person after you've broken the news"
  
  honestly, you should cut off their access before you fire them.
  [ link to this | view in chronology ]
  - PaulT (profile), 4 Sep 2008 @ 10:18am
    
    Re: Re:
    Yeah, I tried to imply that, sorry if it wasn't clear...
    [ link to this | view in chronology ]
- angry dude, 4 Sep 2008 @ 9:29am
  
  Re:
  "then ensure that sensitive data is not available to that person after you've broken the news."
  
  Nice....
  
  In practice that means firing someone and immediately hauling all of his belongings outside of the corporate building in the presence of a security guard
  
  "best terms possible" indeed...
  [ link to this | view in chronology ]
  - *angry dude, 4 Sep 2008 @ 9:33am
    
    Re: Re:
    In fact, this is what happened to my that day I lost my balls in that horrible coding accident, you stupid punks.
    [ link to this | view in chronology ]
    - Anonymous Coward, 4 Sep 2008 @ 6:33pm
      
      Re: Re: Re:
      You don't have balls?
      
      I KNEW IT! HE WAS A EUNICH PROGRAMMER!
      [ link to this | view in chronology ]
  - PaulT (profile), 4 Sep 2008 @ 10:17am
    
    Re: Re:
    No it doesn't. It means not pissing off the person so much that he immediately VPNs into your system from an internet cafe, steal client data then hose your system.
    
    Something people used to dealing with physical items often forget - any competent modern sys admin has remote admin capabilities to every part of the network.
    [ link to this | view in chronology ]
- The Planes, 5 Sep 2008 @ 1:38am
  
  Re:
  Great article! I learned a lot from it, keep it up!.
  [ link to this | view in chronology ]
Kevin, 4 Sep 2008 @ 7:28am

Define 'Take'
It seems to me that if a company fails to change their passwords upon firing an IT admin, passwords would be taken by virtue of the fact that people remember passwords they use frequently. IIt seems reasonable that 88% of IT admins are smart enough to remember a couple passwords after being fired. Now if they had reported that 88% of IT admins would take passwords with malicious intent to distribute them for profit, that would be a different (possibly more effective) sales pitch.

Just a thought.

Kevin
[ link to this | view in chronology ]
- hegemon13, 4 Sep 2008 @ 8:53am
  
  Re: Define 'Take'
  Exactly. I still remember the majority of the passwords for the IT company I used to work for. I would guess that most of them still work. I don't remember them as some sort tool for nefarious purposes. I remember them because I used them everyday and the mind does not quickly (or ever) reject information ingrained by years of daily repetition.
  
  If the survey had asked me simply whether I would remember or take passwords with me if fired, I would have to say yes because I can't force myself to forget them. That does not mean I have any intent to use them unethically.
  [ link to this | view in chronology ]
Anonymous Coward, 4 Sep 2008 @ 7:33am

Hmmmmm . . . .
" . . . at least that's the story being pushed by a security firm . . . "

Who no doubt has a solution to sell?
[ link to this | view in chronology ]
- Anonymous Coward, 4 Sep 2008 @ 8:05am
  
  Re: Hmmmmm . . . .
  So if you hire them as a security firm, and you fired them... would they fall into that 88%?
  [ link to this | view in chronology ]
Ron Larson (profile), 4 Sep 2008 @ 7:39am

They may have left out the word "Think"
My gut tells me that the question was asked was "would you THINK about stealing info if you were fired". Not "Would you steal info if you were fired". It makes a big difference.

Of course people would think about it. Anger is a part of being fired. But I think most admins are mature and responsible enough to not act on fantasies of revenge.
[ link to this | view in chronology ]
- hegemon13, 4 Sep 2008 @ 8:54am
  
  Re: They may have left out the word "Think"
  My gut says that the survey did not use a word as strong as "steal," or there is no way 88% would have said yes, anonymous or not. My guess would be that they used a word like "take" or "remember."
  [ link to this | view in chronology ]
Anonymous Coward, 4 Sep 2008 @ 7:39am

Seen this coming...
Why do you think the BOFH series has been so popular over the years?

For those that haven't been initiated, you can google BOFH... it's perfectly safe to view at work.
[ link to this | view in chronology ]
Anonymous Coward, 4 Sep 2008 @ 7:44am

Are 88% Of IT Admins Really On The Verge Of Stealing Sensitive Company Info?

They are if you are a security firm selling solutions to employee theft otherwise it is most likely closer to 8.8%.
[ link to this | view in chronology ]
Evil Mike, 4 Sep 2008 @ 7:50am

Information is...
IT Admins, by virtue of their employment, are already in possession of sensitive company info! (It's trapped in their head, right behind their eyes.)

How do they give back that info before leaving?
[ link to this | view in chronology ]
Anonymous IT hack, 4 Sep 2008 @ 7:53am

Wrong question.
The real question should be: How many managers (by percentage) piss off the IT workers enough that they're willing to steal sensitive data in the first place?
[ link to this | view in chronology ]
- Anonymous Banana, 4 Sep 2008 @ 8:07am
  
  Re: Wrong question.
  The Answer: All of them who weren't admins or IT workers themselves (in the last 1-3 years tops).
  
  The Rawr: Semi-technically inclined managers are the worst. You can understand some of it, but they try to use technical terms that may not mean the same to a seasoned IT worker.
  [ link to this | view in chronology ]
- p!ssedadmin, 4 Sep 2008 @ 9:54am
  
  Re: Wrong question.
  i'd say that figure lies somewhere between 88-100% of managers
  [ link to this | view in chronology ]
Potato Head, 4 Sep 2008 @ 8:02am

I guess...
When I get fired I will know for sure!

I have a few tricks that up my sleeve that if I was fired that would cause head aches. No stealing or deleting, just a little something to keep the new guy busy.
[ link to this | view in chronology ]
Steve, 4 Sep 2008 @ 8:02am

Contacts
I bet they're including the IT Admin's phone numbers for suppliers etc - personal contact stuff. Most companies argue that it belongs to them.
[ link to this | view in chronology ]
mobiGeek, 4 Sep 2008 @ 8:07am

And just who...
Who is it that is going to administer the new security measures designed to keep your IT people away from sensitive information....?
[ link to this | view in chronology ]
Anonymous Coward, 4 Sep 2008 @ 8:15am

Doesn't "Fired" generally mean immediately dismissed?
It is my understanding that when you truly fire someone, they are done then on the spot. Layed off, not so, but the story says only if they were fired.

It has been my experience when dealing with IT personelle that if you have admin rights, you are walked out immediately upon termination of employment by either party.

If that is the case, the only thing that the employee can take is what they used everyday before that. So how can they be stealing anything after the fact? Shouldn't policy actually resolve any threats through password changes?

So this 88% is just a scare tactic, and probably doesn't constitute a threat as much as a question like: "If you were fired, would you try to login to see if any of your password still worked?"
[ link to this | view in chronology ]
- PaulT (profile), 4 Sep 2008 @ 10:12am
  
  Re: Doesn't
  Many admins will leave backdoor access to themselves in case of catastrophes. Any competent admin will also have facilities for accessing the network remotely so they don't have to jump in their car if they get a callout at 3am. They also know the mindsets of their co-workers and managers (e.g. standard passwords, etc.)
  
  Remember a sys admin has access to everything on the network. Forget to change a particular password or disable a certain service, and that sys admin can easily gain access to data after the firing, even if he's immediately escorted off premises.
  [ link to this | view in chronology ]
Anonymous Coward, 4 Sep 2008 @ 8:34am

Haha page not found...
[ link to this | view in chronology ]
Urban, 4 Sep 2008 @ 8:42am

This can absolutely not be a true percentage. If it is I can honestly say that 88% of sysadmins are causing the environment of internal politics and pointy haired bosses we also complain about.
[ link to this | view in chronology ]
Anonymous Coward #42, 4 Sep 2008 @ 8:50am

Wow, I didn't know I was in such an exclusive class. I would never steal data or do anything equally damaging to a company if I got fired. I might think about it, but never do it. I did get fired from my last job, and being the only IT person in the whole place, in just a few seconds I could have logged into the primary Linux file/print/email server (small company) as root user and run a command that would have wiped the entire hard drive clean. Believe me, it was tempting given the situation, but I would never, EVER actually do something like that.
[ link to this | view in chronology ]
Anonymous Coward, 4 Sep 2008 @ 8:51am

88%... They probably asked 100 people on the first survey, then conducted a second survey with select people... This probably was a group of 10 and 8 people said they would and 1 person said they would, but only had 1 arm (the other 8%) and 1 said they would not!
[ link to this | view in chronology ]
Anonymous Coward, 4 Sep 2008 @ 9:06am

IT people often do have the "keys to the kingdom." Therefore the first and most vital line of defense is to hire people you can trust. If you talk to most people in sensitive positions you will find out that they know a way to rip off the system. The ones you need to worry about are the ones who don't have a way to rip off the company; they just don't have a method that they are willing to talk about.
[ link to this | view in chronology ]
Benjie, 4 Sep 2008 @ 10:10am

'fired' - keyword
The article the was referenced by anothe site yesterday said for managers/etc to not treat the IT Admins like crap before firing them. Well, duh. If you treat someone like crap who controls the entire company, you get what you asked for.

She someone do it. No. You're just lowering yourself and asking for trouble yourself. If the company is truely mean, you can rest assure they'll never keep any decent admins and will have crappy IT.

Last company I worked for was a cookie-cutter Microsoft based infrastructure. But good luck doing anything since they where

firewalled from the outside,

ACL's between vlans to block unsecure windows sharing protocols,

your network account got disabled on your last day,

ALL local admin passwords were 20 char randomly generated that were changed daily,

each workstation limited logons to the primary users of the computer,

to get admin access to a computer you had to be in a certain security group and had to request the admin password which was logged and would give you temporary admin access for 2 hours before it would kick you off and demote you,

even the primary user of a computer had to opt-in and follow the same rules for admin access except they were limited to only their computer,

unused network ports were disabled,

wireless used the new AES wirelss encrpytion AND you had to VPN in to get any access to anything,

everything was based around minimal power and having to make logged requests to get access to anything which was easily done.

Even with all these check points, working as IT was easy and requests where transparent.

This was a University.
[ link to this | view in chronology ]
wasnt me!, 4 Sep 2008 @ 10:11am

im pretty sure most ppl heal trying to deflate the number would "steal" the passwords in such a situation.
[ link to this | view in chronology ]
Duder, 4 Sep 2008 @ 10:13am

Black listed?
Ok, so they have the passwords, get fired and then use the info against the compnay that fired them. The company would realize all the shit went down after they fired the guy , so when he goes for an interview, the firing company would say (when referenced) "well he gave out our sensitive data because we fired his ass for reasons xy and z"

So they would put themselves in check mate should they actually go forth with it.

PLus, saying you would do something doesn't mean you would. My bro got jumped once, I said i would have done this and that, then i got jumped a couple of years later, I did not deliver what I said I would a couple of years earlier.

Also, if these people have families, they don't want to risk the possibility of prison or even a law suit because their families come first. (usually)
[ link to this | view in chronology ]
Benjamin Wright, 4 Sep 2008 @ 10:15am

digital clues snitch on the criminal
Stealing company data is very dangerous. The act of stealing can be recorded by electronic footprints that can trace to the criminal. In the Age of Information, anyone abusing authority or privilege risks being caught by all the surprising little records chronicling the caper. --Ben
[ link to this | view in chronology ]
Pope Ratzo, 4 Sep 2008 @ 10:17am

Honestly, today's corporation would happily ruin the lives of thousands of workers by laying them off if it meant a temporary two dollar bump in their stock price.

So why on earth would any worker feel obliged to have a shred of loyalty to their employer? It wasn't the workers who created the sense of hostility that exists between ownership/management and labor.
[ link to this | view in chronology ]
uncle bob, 4 Sep 2008 @ 10:34am

There are lies, damn lies, and statistics...

Oh, and for good measure- 88% of statistics are made up on the spot.
[ link to this | view in chronology ]
Ortzinator, 4 Sep 2008 @ 10:38am

This just in...
88% of dogs are on the verge of killing their owners.
[ link to this | view in chronology ]
Jim Gaudet (profile), 4 Sep 2008 @ 11:00am

As an IT Admin
I think you need to have more control than that. Any network admin with a password can't hurt a network. That doesn't make you a hacker. You will be caught and pay a fine or go to jail.

You should respect the company's privacy even if you are fired.
[ link to this | view in chronology ]
Anonymous Coward, 4 Sep 2008 @ 11:00am

Statistics........
88% is too high. It is more like 82-82.5%.
[ link to this | view in chronology ]
Anonymous Coward, 4 Sep 2008 @ 11:51am

Does that include the password groups you use everyday and would require a brain tap to have the removed or is it just the one you write down and take home. Clearly the other 12% just forgot the passwords...
[ link to this | view in chronology ]
m1t0s1s, 4 Sep 2008 @ 12:01pm

spam them all
The best thing is get everyone's email address and sign them up for spam.

Here's some examples (pulled from recent spam):

http://www.dataentrycorp.com/unsubs.php

http://redguu.com/remove/

http://www.emerica linksite.com/index/MTYwMXw=/Unsubscribe.html

http://cactusmedia.com/goldrush/unsubscribe.asp
[ link to this | view in chronology ]
Overcast, 4 Sep 2008 @ 12:14pm

That sounds like a BS report. MOST IT people know that the resume is > revenge.

I wouldn't do that, no matter how pissed off I was. I'm not about to try and find a job with anything like that on my record.
[ link to this | view in chronology ]
Anonymous Coward, 4 Sep 2008 @ 12:36pm

IF
If I really wanted to I could make some really good guess about the CEO or executive passwords. As an IT admin they are often to willing to given me their password2 so I can quickly resolve a most demanding issue with there PC. It does not take much brains to see trends in their password3. I am sure that the logic used generated their next password4 would be easily figured out. EVEN their VPN password5 is fairly logical.
[ link to this | view in chronology ]
DC, 4 Sep 2008 @ 4:37pm

No 88% is at least 60% too high
I've heard of two people in 25 years damaging a system when fired or disgruntled. I'm sure this number is whacked...
[ link to this | view in chronology ]
Dan, 4 Sep 2008 @ 7:08pm

Only "where the bodies are buried", and keep that in a safe place. Payback is a bitch.
[ link to this | view in chronology ]
m1t0s1s, 4 Sep 2008 @ 10:17pm

spam them all
The best thing is get everyone's email address and sign them up for spam.

Here's some examples (pulled from recent spam):

http://www.dataentrycorp.com/unsubs.php

http://redguu.com/remove/

http://www.emerica linksite.com/index/MTYwMXw=/Unsubscribe.html

http://cactusmedia.com/goldrush/unsubscribe.asp
[ link to this | view in chronology ]
Sos, 5 Sep 2008 @ 12:00am

All your base...
...are belong to us.
[ link to this | view in chronology ]