You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
Imagine you were the sole admin of an SME's O365 set up. And they laid you (virus) off, but are refusing to pay your accrued TOIL and holiday. But there's nothing you can do about that.
However ( remembering they haven't employed a single other IT person, so now have no IT department but have left my account with full access <- as I would be the one to remove users etc), what little time bombs can I leave in their system? I have a few ideas myself but I realise you people are animals
Can I have your bike when you go to jail?
None because you’re not the only person losing their job right now and you don’t want to be a ****?
Technically, the only thing you can do without committing the "no unauthorised access" crime is forget your password.
I'd suggest you forget your access until your TOIL etc has been paid. 0
Maybe when they realise they've been locked out of doing anything they might have you back on a day rate. I'd suggest £2k a day should cover it.
I'd leave it alone, something will go wrong shortly (if they are still using it) and they'll be screwed.
People forget passwords all the damn time! I mean, nobody writes it on a post-it stuck to the underneath of their keyboard, do they, where it could so easily fall off and get swept up... 😜
Yeah, don't go and do anything silly. it's illegal. And they will also know who frigged it seeing as, well, you know. Go on theregister.com and read a few stories. Never ends well.
Too serious ^
Change everyone's password to 'the boss is a xxxx'. Including the bosses 😁
And the bosses external email signature to 'love you loads xx'
Do you have access to their Twitter/ Insta feeds? You could do a British Milk Council job on them 😂
Ooh, I thought about this when I was getting ****ed around by my last company - I actually created install packages, so was going to distribute one (you could do a batch file for simplicity) to all computers with a little time bomb in the registry - if you call it in the [url= https://helgeklein.com/blog/2010/04/active-setup-explained/ ]active setup[/url] part of the registry, you can basically get it to run like a little (or big!) virus... in the end I got a good redundancy payoff, so didn't bother. Not that I would have anyway, of course, or encourage anyone else to do such a thing.
Company was rather spookily called... Covid(ien) without the brackets. Weird huh.
Hammer frozen sausages into ... no, wait ...
40mpg
Subscriber
And the bosses external email signature to ‘love you loads xx’
Thanks, that gave me a giggle!😆
Just change the printer settings.
That will confuse management for months
Any responsible sysadmin should see to the prompt removal of accounts of staff how have left - this is in your security 101 course...
If you have left the company, then your last act should undoubtedly be to disable/remove your own account to protect against the kind of shennanigans being suggested in this thread.
If there is no-one left with admin rights who can login, that would be a lack of planning by your employer...
If you're as irreplaceable as you believe, all you have to do is walk away and your absence will cause the organization to implode. When they call you up begging for you to come back and save them, then you have some leverage for negotiating your consultancy fees.
Yes, you guys are right - an active act can always be traced back somehow. Guess I just needed to vent.
Also - their IT policies are very underdeveloped. I often highlighted the fact they need fast action to disable systems admin users' account permissions at the same time they're in the meeting getting their notice. Because of this exact situation. They didn't listen to me.
Changing the printer IP address would probably be the best one. If anyone ever went to the office again.
I shall stay schtum, not write up documentation for any of my procedures or policies and then bill them to answer any questions.
And the bosses external email signature to ‘love you loads xx’
I think this has potential, can I offer the following;
Miss you sweet darling
I think of you when I’m alone
My heart is yours
Here for you, your true love
Trouble is that deliberately trashing your previous employers IT system probably isn’t seen as a desirable trait for the next employeer.
It’s a ‘professionalism’ thing would you happily employ someone who did the same 🙂
I think the worst one I heard of was someone running off with all the backups TBH.
Yeah, any kind of changes outside of contract would risk a sue ball and/or prosecution under he computer misuse act. Please don’t, we like you and your beer would miss you!
Ha, there are no backups!
I suggested we should have some but was told that wasn't important.
It's also interesting that they have decided they don't need anyone employed to look after IT at all. Or have a contract with an IT support company. I am not being replaced. @Interesting@ in the fact that they now rely 100% on these systems as everyone is WFH. And I had not actually finished setting the system up - still had security policies to implement etc.
Can you do a factory reset on a few key devices, e.g. a switch with subnets, without leaving a trace?
So you're the only one with access to O365 exchange admin centre, no other accounts with access?
When do you officially finish?
Don't do something intentional, it'll only backfire at some point.
No backups and a single point of failure for IT admin? I think they're probably already screwing themselves by getting rid of you/the only IT person.
When you leave, I'm guessing there won't be a proper handover, so make sure the IT admin accounts are 'Secure' - i.e. change the passwords to something mega complex, if there's no documentation (ha!) of admin processes or accounts, then great.
Basically, in a few weeks time when they have a major issue and/or try to get an MSP in and the only person with the ability/access to fix it will be able to charge what the hell they like for the privilege of providing their skills.
Yeah, I wouldn’t do anything deliberately to screw a company (or anyone else) over.
But having been relieved of duty, I’d be charging a good rate for any freelance work.
Especially if nobody else could acheive the desired result.
Well, there's another account with admin rights, but it is dormant and only to be used in case of my account getting compromised or someone setting up a policy that accidentally blocks all logins (the account is always exempted from new policies - not that any else will ever know that since I'm not doing a handover). I have the password for that in my personal LastPass vault. I did tell them about it and that I shouldn't be the person to hold that password, but, unsurprisingly, they were not interested.
Yes - I think them witholding my overtime pay etc means that any question they ask after my leaving date will be answered with an invoice.
Revenge is a dish best served cold 😉
Edited, read it wrongly
Send the boss an email highlighting the security flaws that you've previously reported, describe the problems they may encounter and enclose a note of your fees should they wish to call on your services.
Yeah, min charge is the daily rate of 4k, plus expenses covering travel, lunch, C&H etc.
I'd make sure I had a hard copy of any email stating they didn't need backups or whatever, too. But tempting as it is, I wouldn't do anything actively to hurt them. Are you actually out of work right now? Or suppposedly working a final two week handover?
Send their shoes a weemail.
Yeah, min charge is the daily rate of 4k, plus expenses covering travel, lunch, C&H etc.
This, or at least 4 hours for a simple thing.
Oh, you need your password resetting? minimum 4 hours charge.
Is the password for the other account documented anywhere? If not, and they haven't asked you to do a handover, then of course you'll need to charge for any work (including documentation) after you've officially left.
Bum the bosses dog and then hammer frozen sausages in to the walls of the server room.
This is the way
You could build a laptop and send it out to the end user leaving yourself logged on to the machine.
You could install an older version of the bespoke in-house database rather than the bug free working version. On every single laptop build.
Ask how me and my team have found this out....
Bum the bosses dog and then hammer frozen sausages in to the walls of the server room.
This is the way
You think they've got a 'server room'? Hahahahaha...
If they have any servers at all, it's probably a tower single server, on top of a filing cabinet somewhere, with no UPS, which is their DFS, DHCP, AD, group policy etc etc. And probably with a single admin account...
I've had the pleasure of dealing with these sort of SME's as an MSP.
I have spoken.
Probably worth making sure they have a really secure system when you're gone by making sure everyone changes their password regularly. REALLY regularly. I mean, no password should be more than a day old should it? And can you set it so they are all at least 17 characters long with a combination of upper case, lower case, symbols, numbers, fonts etc.
Also...
Read up about the guy that did something similar when he was thrown out of Jet2 I think it was.
In fact I'll save you the faff: https://www.theregister.co.uk/2019/12/18/jet2_hacker_scott_burns_prison_sentence/
5 months being asked to pickup the soap.
The Register's BOFH has many good ideas, many involving an old roll of carpet and quicklime. For the avoidance of doubt, it's a humorous column.
I wouldn't do anything, but leave them your contact details and a high but reasonable rate.
Can I just add, stuffing everyone's profile so they lose the contents of Drives overnight is a good one
Have you tried switching it off but not back on again?
There's so much wrong with that Jet2 article I don't even know where to start.
OP, revenge attacks are always a bad idea if you ever plan on working in IT again. You will get found out and it's an incestuous industry. From the sounds of things it's a time bomb anyway.
Adjust the router, to redirect some websites to somewhere different.
Or make it more subtle, and just turn the internet upside down. http://www.ex-parrot.com/pete/upside-down-ternet.html
Don't change all of their emails to auto reply with a message saying "Mr XXX is unavailable for the next four weeks. On their return please refer to them as Janice in all formal communication"
Sounds like they will end up in a pickle quite soon anyway with their corner cutting.
Just offer your services at 150% of your current daily rate should anything crop up.
If it a small company I would make that offer publicly so that the bosses get an earful from their employees when it goes to shit, should ramp up the pressure a bit.
Seems if you're the only one with access, then you're the only one with the passwords. Play the long game, something will go wrong, they'll call you for the passwords, simply forget them........then offer to consult for them and an inflated hourly rate
Just offer your services at 150% of your current daily rate should anything crop up.
then offer to consult for them and an inflated hourly rate
For consultancy at sysadmin level including specific knowledge I'd expect somewhere between £500 and £1000 a day, in half-day blocks.
Swap all the USB ports for floppy disc drives...
Then bum them.
My ex colleague changed our bosses standard light grey 8 point t&cs below the email signature to be contain some very fruity phrases.
One was that he would not be held accountable for any pornography, child or otherwise, sent from this address.
Didn't notice for 3 days which is about 450 emails in his job. Brilliant.
Don't leave you screen unlocked if you're a t****r!
In your case, don't do anything proactive, but certainly make it so sysadmin access is needed constantly. It's not your fault if they didn't ask you for the passwords and EVERYTHING now needs a password.
A mate who was a plant hire shop manager for a big company upon being sacked printed out the entire customer record files concerning hiring construction tools to the big building companies. The type that hires 20 jcb's, big compressors etc.
He went there to his next job also in a hire company and then contacted all his previous customers with new rates.
My ex colleague changed our bosses standard light grey 8 point t&cs below the email signature to be contain some very fruity phrases.
One of my favourites was a chap I know in SecOps for another company who got so sick of telling a colleague to lock his PC when left unattended* that he went into Outlook's autocorrect list and added the guy's manager's name aliased as "Fat Bastard." So the next time he emailed his boss it started "Dear Fat Bastard"...
(* - yes, this should have been done at Group Policy level)
Take a pic of the desktop, then have it as the background. Hide the icons.
All of a sudden nothing you click on works.
Definitely not worth it, but have often thought of ways.
One way I came up with, which was quite elegant and simple I thought, was to get group policy to run a startup script hidden somewhere on the server, on all the clients. The batch file would simply have one line that read “pause”. Never tested it.
Nothing is broken, PCs won’t boot, but it would be a pain to find the cause for anyone not in IT.
Like the desktop image trick too.