258
No work you will ever do at a job is your labor. Employees are company property, their thoughts and achievements are company property.
It's petty to do this but it shouldn't be possible to get jail time.
this post was submitted on 23 Aug 2025
258 points (100.0% liked)
Technology
3928 readers
1033 users here now
Which posts fit here?
Anything that is at least tangentially connected to the technology, social media platforms, informational technologies and tech policy.
Post guidelines
[Opinion] prefix
Opinion (op-ed) articles must use [Opinion] prefix before the title.
Rules
1. English only
Title and associated content has to be in English.
2. Use original link
Post URL should be the original link to the article (even if paywalled) and archived copies left in the body. It allows avoiding duplicate posts when cross-posting.
3. Respectful communication
All communication has to be respectful of differing opinions, viewpoints, and experiences.
4. Inclusivity
Everyone is welcome here regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation.
5. Ad hominem attacks
Any kind of personal attacks are expressly forbidden. If you can't argue your position without attacking a person's character, you already lost the argument.
6. Off-topic tangents
Stay on topic. Keep it relevant.
7. Instance rules may apply
If something is not covered by community rules, but are against lemmy.zip instance rules, they will be enforced.
Companion communities
!globalnews@lemmy.zip
!interestingshare@lemmy.zip
Icon attribution | Banner attribution
If someone is interested in moderating this community, message @brikox@lemmy.zip.
founded 2 years ago
MODERATORS
Sounds like he could have been a bit more creative in implementing this. Having something immediately traceable back to a username is no bueno.
If he was smart he would not of done this in the first place
Is it even possible to do this in a way that can't be tracked back to you? Unless you're a Hollywood hacker that will rig something up to literally burn down the building the server the malicious code is contained on, there will always be some fingerprints left behind in the software. And there will almost always be a relatively short list of possible suspects. Even at large companies, there won't ever be more than a handful of people with the skills, motive, and access needed to pull something like this off. Oh, the company's entire database suddenly and mysteriously deleted itself? I wonder who caused that, maybe the disgruntled sysadmin we just fired? There really aren't that many suspects in situations like this. And once you're a suspect, they can get a warrant, seize all your computers, and scour them to dig up even more evidence against you. Hell, even just documentation of ill will against your old employer would be evidence in court. You better hope you really left no trace, otherwise you will be found out very quickly.
And really even in the best case scenario you still end up under heavy investigation, get all your computers seized, probably lose your new job, etc. Even if they can't pin it on you, if you are the only one with the means, motive, and opportunity? They'll tear your life upside down for years trying to prove it. Even if you are so good you can literally do it with no trace, no evidence in the code at all? It still won't prevent your life from being torn apart. It will just keep you out of jail at best.
It would be easy depending on your company's git practices. Complicated git workflows can leave room for you to slip stuff in unnoticed or misattributed. I mean, it still has to pass a review, but a lot of the devs I work with don't review that closely. Could just assign a lazy dev to the review and increase your odds of getting it through.
They are one of the developers. The code is full of everyones fingerprints.
He 100% didn't think this would result in criminal charges. A lot of people don't think through the "how will this company with lawyers react to my petty nonsense?" when doing stuff like this.
What he did was brazen and stupid but 4 years sounds a bit excessive. Unless the journalist is under reporting what happened, he didn't do any long-term damage just probably knocked them offline for a day and required somebody to come in and manually reset the drsm account in the domain controller.
But in a fit of rage and passion he built out booby traps and put his name all over everything. He wanted them to know it was him, How do you absolutely denied himself plausible deniability.
All he had to do was pretend he was inept and replace service accounts with his own login. Push 90-day password resets on the account for 'security'. Set up a house of cards out of security certificates.
The company probably walked into that court with a technically competent team of lawyers and a bunch of expert testimony, he probably had a state defender.
I'm curious what this crowd thinks is an appropriate punishment here. No priors, found guilty, caused some lost revenue (which I have to admit doesn't mean you actually lost revenue). So, should they even be sent to jail? House arrest? Or do we just want consistency in punishments?
Honestly, it's kind of hard to tell. We're missing a hell of a lot of intent and access to the evidence here.
If he was just straight up vengeful, He should have been on the hook for the lost wages they paid for all the people that were knocked offline. The cost of whatever contractors they used to repair the problem. 6 months jail time and some psychiatric review.
If he had the intent of blackmailing them, then felony and probably pulling his work visa.
As it sits, even if he had some way to keep his right to work here, there are a few that would touch him with a 10-ft pole. He's required to disclose felonies as part of the hiring process pretty much everywhere. Anybody prospective employers are going to be extremely reluctant to give him any work that would afford him access to their network.
He should get a corporate level penalty. He made X dollars while working for that company but did something wrong while making that money. He should have to pay back .001% of his profits as a fine and the illegal stuff he did should then be ignored/forgiven. That is what corporations get as a penalty when they break the law, I think it should be applied when they are the victims.
Every user gets 0.003 cents as part of the settlement.
That sounds fair.
Usually a moderate prison sentence and a fine
5-10 years most likely
4 YEARS?! And gaming companies can just build a kill switch into their game and get no penalty?
The difference is, the rich and powerful do their crimes with lawyers. A contractor could actually write something into their contract that allowed them to install such a kill switch. And it would be perfectly legal. No different than if you stop paying for a software license and the program stops working. But regular employees don't have the leverage to demand such a kill switch. Maybe more programmers should form unions. Write it into the contract that if the contract ever expires before a new one is signed, the union has the right to remotely activate a kill switch, shutting down crucial operations within the company. As long as this was all disclosed and signed to, it would be perfectly legal.
Tesla build them into fucking cars.
Good. Some one should sponsor and hire this guy.
The defendant breached his employer’s trust
The company breached employee trust when they fired a bunch of people during a "realignment".
Four years is far too long. If he had run over the CEO in the parking lot he wouldn't have gotten four years.
It's because they can quantify damages that way. Because you legally cannot put a value on the life of a "human" (still unsure if CEOs are human, but legally they still are), it's just "murder" and not "you cost us eleventy billion dollars in downtime." One is more negotiable in terms of damages than the other.
Then Ceos should be treated and charged with every crime a company commits or this is another class problem I'm going to solve. The guy who made the opiod crisis literally walked away with a billion dollar fine but should've gotten multiple live sentences for multiple murders.
You're not wrong, but sadly that's not how our legal system works.
For developers in similar situations, where the corporate overlords make your life miserable; use dead man's triggers Instead of a simple killswitch: manually start handling certificates, introduce memory leaks that you can easily clear, have excessive disk filling logs that you can daily clear, and all kinds of other stuff that is a perpetual dumpster fire that you extinguish as part of your job. Oh, and don't forget to forget commenting and documenting. The next developer should instantly learn the pressure they have been putting on you.
So I've done plenty of that in my, ahem, practice. And honestly if I had a choice to concentrate and not do that, even if that meant losing my "dead man's triggers", then so be it. Extinguishing a perpetual dumpster fire as part of your job is not good. Also someone might be given that to fix after you leave, I've been in that role too.
Errr
That's EXACTLY why I did that in the past. It wasn't an accident at all. Nope. It was future proofing my job. Completely intentional.
I'd like to imagine countless instances of this that we never hear about because there just isn't anything concrete to write a news article about
Well the guy from the article is named David Lu and added a function with the name IsDLEnabledinAD. That by itself deserves an article.
load more comments
(6 replies)
company ruins life of employee: stonk
employee ruin company: immediate imprisonment
edit:
Ultimately, Eaton Corp. bore substantial costs getting its network back online
actually, it did nothing to the company but cost it a few bucks. do not pass go/collect $200.
this person was not fired, he was laid off. he was not actively harming the company until the company ruined his life.
load more comments
(9 replies)
Dipshit. Just do bad coding and leave timebombs that could be considered an accident.
Exactly, my coworkers at nearly every job have done this just by their disinterest in reading code and not caring about their craft.
It’s far more effective. Once you have a bad architecture and you keep adding to it over the years in haphazard ways, it becomes increasingly difficult to make any changes.
load more comments
(3 replies)
Have to make an example of them lest the surfs realize they have power
load more comments
(9 replies)
view more: next ›