Sysadmin trashes his employer’s network before quitting, says he was authorized to do so according to company policies
An employee taking revenge on his/her employer is getting quite common nowadays. Yesterday we had reported how a sys admin used VPN to hack into his employer’s web server after being fired. The sys admin proceeded to cause a loss of $1.1 million loss to the paper making factory before being caught. What Michael Thomas did is more or less similar to what the above sys admin did to the paper factory. Actually, Thomas did what many sys admins secretly dream of doing: he trashed his employer’s network and left a note saying he quit.
The Register reports that way back in December 2011 Thomas completely trashed his employer ClickMotive’s entire network. Not only that, Thomas proceeded to delete ClickMotive’s backups and notification systems for network problems leaving them high and dry. He also cut their VPN access and deleted internal wiki pages, and removed contact details for the organization’s outside tech support. Thomas’ revenge left ClckMotive stranded and without any means to troubleshoot the chaos that Thomas caused.
After doing all of above, Thomas left his keys, laptop, and access card with a letter stating that he quit. Sensing that ClickMotive would be helpless after the mayhem he had caused, Thomas tongue in cheek also offered to stay on as a consultant to sort out his own created chaos.
While what Thomas did may endear him with other like-minded sysadmins, he did break the law and authorities charged him with a felony count of “intentionally causing damage without authorization, to a protected computer.”  The judge and the jury also agreed with the authorities and sentenced Thomas to time served plus three years of supervised release. He was also penalized a hefty fine of $130,000 to recoup ClickMotive’s losses.
Thomas has filed an appeal against the sentence in the Fifth Circuit Court of Appeals in New Orleans. In his appeal, Thomas says that while he did intentionally cause damage it wasn’t “without authorization.” In fact, he was expressly authorized to access all the systems he accessed, and he was expressly authorized to carry out the deletions he did – every sysadmin in the world deletes backups, edits notification systems and adjusts email systems. Thomas says that he did what he was paid to do and none of his actions were forbidden by ClickMotive under its own policies.
Here is Thomas’ version of what went down at ClickMotive:
Thomas was hired to ClickMotive by a friend of his – Andrew Cain. It so happens that before Thomas, Cain was the only IT employee of ClickMotive and also the company’s first employee. One fine day, ClickMotive fired Cain without assigning any reason. Cain suspected the reason for his firing was the founders were looking to sell the company and didn’t want to pass on the benefits eligible to Cain. On the other hand, ClickMotive offered a hefty bonus to Thomas to stay on and look after Cain’s work.
Cain informed Thomas that he would be suing the company for wrongful dismissal and proceeded to launch DDoS attacks against ClickMotive website. Thomas says that he did what a normal sysadmin would do after such attacks.
While Thomas’ alibi for deleting the backup looks solid on paper, the appeals court has to agree to it. The Register says that if the Appeals court goes on to agree with Thomas, it may have severe implications for sysadmins across the entire United States and in some degrees, around the world.