Fired VMware admin admits virtual rampage launched from a McDonald's

Disgruntled Typical sysadmin admits attack that destroyed former employer's servers


Virtual computing is supposed to mean businesses running on computers that aren't really there in the sense they're supposed to be.

Virtual "servers" are files running on an unrelated physical server while a separate piece of software lies to each of them about which is the absolute ruler within that particular world, aging the messages it passes between them to mimic the look of packets that have travelled across long stretches of network between the two kingdoms.

Metaphorically it's much more "Three Musketeers" than "The Collected Works of A.M.Turing."

[IT admins gone wild: 5 rogues to watch out for and Monitor your employees' PCs without going too far]

At least it would be if there were any potential of betrayal, tragic loss and obsessive quest for revenge.

Speaking of which...

...A Georgia man angry over disputes with management that led to his being laid off from an IT job at a pharmaceutical company pleaded guilty yesterday to having attacked and destroyed the entire virtual population of 15 VMware host servers and with them most of his former employer's computer infrastructure.

Crouched menacingly over his laptop keyboard at a table in a Smyrna, Georgia McDonald's, Jason Cornish launched his attack with a free McWiFi connection that took him into the mainstream of the Internet and north to Florham Park, N.J., U.S. headquarters of Japanese drug maker Shionogi.

He was armed with his knowledge of the virtual territory and a list of passwords incompletely deleted after a series of conflicts between local IT staffers and management led Cornish to quit and prompted his boss into a series of minor rebellions that resulted in his being fired as well.

Among those offenses was his refusal to turn over network passwords and control to representatives of the parent company. That decision made the mission much easier for Cornish, who remained with the company for two months as a consultant after his resignation before being laid off against his will, in September of 2010.

On the morning of Feb. 3, Cornish used a Shionogi account to penetrate Shionogi's perimeter defenses and call on the power of a VMware vSphere management console he had secretly installed weeks before.

There were 88 servers running on the network that day – virtual, most of them, but they didn't know that. Life was real enough to each of them.

Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question