this post was submitted on 11 Mar 2025
680 points (99.3% liked)

Technology

66067 readers
4697 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
680
Developer convicted for “kill switch” code activated upon his termination (arstechnica.com)
submitted 1 day ago by WetBeardHairs@lemmy.world to c/technology@lemmy.world
101 comments fedilink hide all child comments
(page 2) 50 comments
sorted by: hot top controversial new old
[–] Korkki@lemmy.ml 86 points 1 day ago (3 children)

Why do kill switches when you can just hog all the work of maintaining some critical part of the infrastructure and make it's functioning and maintenance so opaque and impenetrable that the employer can't replace or fire you without their shit catching fire soon after. It doesn't have to be malicious or illegal.

https://youtu.be/0jK0ytvjv-E

His efforts to sabotage their network began that year, and by the next year, he had planted different forms of malicious code, creating "infinite loops" that deleted coworker profile files, preventing legitimate logins and causing system crashes

I wish this guy was were actually politically motivated, but he seems to have been just really petty minded person.

[–] JoMiran@lemmy.ml 24 points 1 day ago

Why do kill switches when you can just hog all the work of maintaining some critical part of the infrastructure and make it's functioning and maintenance so opaque and impenetrable that the employer can't replace or fire you without their shit catching fire soon after.

This is literally my firm's core business practice. We've been at it for so long that at this point we have to be included in competing bids because we are the only ones in the world that can do certain specific things.

[–] ubergeek@lemmy.today 3 points 1 day ago

so opaque and impenetrable that the employer can’t replace or fire you without their shit catching fire soon after.

Somehow, that's the kinda roles I always land in lol

[–] Railcar8095@lemm.ee 13 points 1 day ago

That's what my old company used to do. You did this? Do a KT to some underpaid remote employee and when they leave it's again your responsibility to maintain it, alongside the new bugs and spaghetti they introduced.

We once told a SP50 customer that we would not provide a business critical service because an employee went on sabatical for a month and she had the only working version on her cookery computer. At that point the customer was so integrated with us that it would take them years to replace us.

[–] Vanth@reddthat.com 36 points 1 day ago (3 children)

Initially makes me wonder how the employer could be so dumb as to give one employee so much access. But then I remember a former employer of mine did the same and worse.

Colleague was known for writing his comments in such a way that only he could read them, including mixing in German (US based company doing all business in English). He was also the admin of our CAD system and would use it as leverage to get his way on things, including not giving even default user access to engineers he didn't like. We migrated systems and everyone was thinking, "this is it, the chance to root this guy out of the admin position" and... they gave him admin access again. Not even our IT department had the access he had. I left before the guy retired / was fired, this post is making me wonder if he left peacefully or left bricking the CAD system out.

[–] ubergeek@lemmy.today 3 points 1 day ago

Initially makes me wonder how the employer could be so dumb as to give one employee so much access.

Right now, just based purely on the access I need to do my day-to-day job involves me having access where I can pretty much nuke everything from orbit, with an ssh loop.

At some point, you need to trust your employees, in order to get work done. Sure, you can lock it all down tightly, but then you just made work take longer. It's a trade off.

[–] partial_accumen@lemmy.world 3 points 1 day ago

Initially makes me wonder how the employer could be so dumb as to give one employee so much access.

The amount of access he had doesn't surprise me. He'd been there for 11 years already likely working on many things as he interacted with systems in the course of his legitimate work. While its possible to set up access and permissions in an organization utilizing the "least privilege principle", its expensive, difficult to maintain, and adds lots of slowdowns in velocity to business operations. Its worth it to prevent this exact case from the article, but lots of companies don't have the patience or can't afford it.

[–] jaschen@lemm.ee 5 points 1 day ago (1 children)

My previous work didn't revoked my access to their CMS. I was so upset when they laid me off after telling them my wife is pregnant.

But I ain't that stupid.

[–] Gonzako@lemmy.world 4 points 1 day ago (1 children)

Aren't you no longer binded by profesional silence? Just log in into their DB, export it and try to get a seller

[–] jaschen@lemm.ee 3 points 1 day ago

Again, not that stupid.

[–] roz@lemmy.blahaj.zone 34 points 1 day ago* (last edited 1 day ago) (1 children)

We've all considered it

[–] IHeartBadCode@fedia.io 33 points 1 day ago (1 children)

Oh yeah, but the thing that usually offsets the intrusive thoughts is a lot of courts treat this as the crime of "hurting rich people" which comes with like 30 years in pound you in the ass penitentiary.

[–] peoplebeproblems@midwest.social 4 points 1 day ago (1 children)

Oh. Personally for me it's code reviews that prevent me from doing it, but pound you in the ass penitentiary is a good motivation too

[–] WetBeardHairs@lemmy.world 7 points 1 day ago

The secret is get promoted to where you do the code reviews. Then just get too busy to do them reliably. Timebomb activated.

[–] partial_accumen@lemmy.world 28 points 1 day ago (1 children)

A 55-year-old software developer

... and...

Lu had worked at Eaton Corp. for about 11 years when he apparently became disgruntled by a corporate "realignment" in 2018 that "reduced his responsibilities," the DOJ said.

So he was 48 at the time he started this. Was he planning on retiring from all work at 48? I can't imagine any other employer would want to touch him with a 10ft (3.048 meters) pole after he actively sabotaged his prior employer's codebase causing global outages.

[–] masterofn001@lemmy.ca 7 points 1 day ago

I'm sure DOGE is actively considering hiring him.

[–] captainjaneway@lemmy.world 26 points 1 day ago

He fucked up. But it's also kinda funny.

[–] cookedslug@lemm.ee 23 points 1 day ago

guy really tagged his name on the kill function, which was running on his own system. smh my head

[–] yeahiknow3@lemmings.world 17 points 1 day ago

That’s hilarious.

[–] DrunkenPirate@feddit.org 9 points 1 day ago* (last edited 1 day ago)

And now imagine doing this or sort of this destruction in a smaller company that has one to three mediocre admins at highest. One can kill this company and they would never get it why the computers got weird.

[–] Toes@ani.social 5 points 1 day ago (4 children)

Reminds me of the timebombs in windows 2000. I guess he's forced to start fresh.

load more comments (4 replies)
load more comments
view more: ‹ prev next ›