would lock every employee out of their accounts if his credentials were ever revoked, and named the code IsDLEnabledinAD, as in "Is Davis Lu enabled in Active Directory."

That's kind of an easy figure out: look for all the D.L.s in the company and work from there. But then

investigators subsequently found the source code for this program on an internal development server in Kentucky, and that Lu's user account had been used to execute the malware on the production box. Lu was also the only member of his team who had access privileges for that dev machine.

This guy left an easy forensic trail.

[–] jet@hackertalks.com 13 points 2 days ago (1 children)

Incompetence isn't a crime. Dude should have written really poorly designed debug code for a ad feature he was working on.

[–] Arbiter@lemmy.world 5 points 2 days ago (1 children)

Just enclose your code in while(true)

[–] jet@hackertalks.com 6 points 2 days ago

//FIXME Debugging BG-9731

[–] Krik@lemmy.dbzer0.com 6 points 2 days ago

There was something amiss before. Nobody starts compromising the system just a few months before getting fired.

he was demoted

That also indicates there's more to the story than it seems.

[–] Binette@lemmy.ml 1 points 2 days ago

i was wondering if it was possible lol