IT admins gone wild: 5 rogues to watch out for

By Dan Tynan, InfoWorld | Data Center

June 20, 2011, 12:44 PM — You can't survive without them. They wield enormous power over your systems, networks, and data -- the very lifeblood of your organization. Few people outside IT have any understanding of what they do, and fewer still exercise any oversight over their actions.

To be sure, the overwhelming majority of IT admins are honest, hard working, and underappreciated. But when they go rogue, bad things happen. Organizations find themselves locked out of their own networks. Customer data files inexplicably vanish. Companies scan their networks and discover somebody's running a porn site from inside their data center. Trade secrets get destroyed or stolen, and employees get the creepy feeling somebody is watching everything they do -- and they're right.

[ Bring peace to your IT department by avoiding IT turf wars. | Find out which of our eight classic IT personality types best suit your temperament by taking the InfoWorld IT personality type quiz. ]

When IT professionals cheat

Those are just the cases you hear about. Most companies do everything they can to keep news of rogue admins quiet, because the damage to their reputations could be even greater than the havoc wreaked by disgruntled or overzealous geeks.

Off the Record submissions

And many companies are virtually helpless to do anything about it, says Steve Santorelli, director of global outreach for security researchers Team Cymru.

"It doesn't matter if your systems are utterly bomb-proof and you're patched up the wazoo with nuclear-grade security," he says. "A rogue system administrator with root or privileged access can bypass all your perimeter security and your tripwires, because they have to get into the system to do their jobs. The persons responsible for carrying out insider attacks are often the same ones responsible for spotting and preventing them. They know how to overwrite the firewall logs or change their access controls so that no one else can get in. They know where the backup logs are kept and how to manipulate their encryption keys."

You may already have rogue admins in your organization, ready to blow. Here's how to spot them and what you can do to minimize the damage.

Rogue IT admin No. 1: The crusader

Follow Dan on Google+

Author Dan Tynan has been writing about Internet privacy for the last 3,247 years. He wrote a book on the topic for O'Reilly Media (Computer Privacy Annoyances, now available for only $15.56 at Amazon -- order yours today) and edited a series of articles on Net privacy for PC World that were finalists for a National Magazine Award. During his spare time he is part of the dynamic duo behind eSarcasm, the not-yet-award-winning geek humor site he tends along with JR Raphael.