He accessed the database containing the names and addresses of each swimsuit model and offered to rig the contest in each woman's favor in exchange for sex, says Ammon, who is now chief strategy officer at Xceedium, a maker of appliances that manage how privileged users access key systems. The scheme was only detected after one of the models called the magazine and complained. Ammon doesn't know how many models accepted the offer without complaining.
"The big challenge with insiders like this is they tend to be both highly intelligent and very familiar with your infrastructure," he says. "They're able to violate policy simply by the nature of their position, and they're mostly unmonitored. The question then becomes who's watching the watchers."
Anti-rogue defense: Don't just rely on background checks to vet potential employees, says Schwartau. Smart employers also run psychological profiles to understand each person's motivations, proclivities, and weaknesses.
"Are they a good guy or a bad one?" he asks. "Are they easily swayed by sex or money? Where are their buttons? Every law enforcement agency does it, but corporate security is behind in this."
Rogue IT admin No. 4: The spy
IT admins don't merely control systems, networks, and databases; they often have access to trade secrets, intellectual property, and corporate dirt. A rogue may decide to use this information for personal gain, to benefit a competitor, or simply to blow the whistle on employers -- and there's often little a company can do to stop it.
Proving corporate espionage is difficult. Borland found that out in the 1990s after former vice president Eugene Wang jumped ship to Symantec, allegedly taking scores of proprietary documents with him. Wang and Symantec CEO Gordon Eubanks were indicted for theft of trade secrets, but the charges were later dropped. Borland sued both Wang and Symantec; the case dragged on for five years before both parties agreed to dismiss it.
Not much has changed. Heirmerl says he consulted with a manufacturing company in 2005 that laid off an engineer in its R&D department because he was impossible to work with. The same day the engineer was walked out of the building, he went to work for the firm's chief competitor. Three months later, that competitor released a product that was virtually identical to the one his former employer was set to announce a few weeks later.
"By being second to market, that firm estimated it lost something on the order of $80 million in sales," he says. "They sued the engineer, but they were unable to prove that he'd stolen that information."