Sysadmin proves we cannot be trusted
Just a little note to some of the folks who have emailed in asking for help on hax0ring websites, banks and other stupid and illegal acts. Apparently a systems administrator has gotten himself into some hot water when he realized he was not as l337 as he thought he was. He has received the longest federal prison sentence for attempting to damage a computer system. Mr. Andy Lin will be serving 30 months jail time for planting malicious code that would delete data from the companies server. Not only did his little time-bomb code fail miserably( which is little more funny considering he had root access as sysadmin ), but he also got caught when he tried to reset it for a year later.
To be frank I think he got off easy. Considering the fact that the data he was trying to delete was a database with prescription and billing information, this could have affected quite a few people if it had succeeded.
This just goes to show you that the weakest link in any security plan sits between the computer and the chair. You can trust a computer, that is until it starts executing code humans wrote. If people have malcious intent no technology can really protect you and no degree of paranoia will save you. More than 70% of all security breaches and mass data thefts occur from BEHIND the firewall. The threat nowadays is not so much from those evil Russian and Chinese hackers like the media and Hollywood have us believe, but from inside our networks, or to be more precise, our virtual network that takes into account our increasingly mobile workforce.
Endpoint security has become a new buzz word, mostly by companies that are trying to sell you a product that monitors connections to your systems, encryption, passwords, content distribution, etc. But really endpoint security is much more than this, it is a fundamental attitude and approach that should take “soft systems” into account.
Hard systems are what we currently know, it is the network infrastructure, the devices on that network that are concrete and easily understood through diagrams and data visualization, it is predictable. Soft systems are not so easy or concrete, it deals more in the realm of social science. Soft systems introduces the human element into the system. It takes into account social attitudes, prejudices, paranoia, opinions and all of those other wonderful ambiguous things that makes us so unpredictable.
The sysadmin here was the security failure, he was “corrupted’ and shipped back to the manufacturer for repairs (or in this case a correctional facility). Another sysadmin found the flaw and reported it, so maybe the answer to a more secure network is more is oversight and accountability, or maybe just a personality test 
But, then again I might fail, as sometimes I don’t even trust myself.