Stupid user tricks 6: IT idiocy loves company

IT fight club, dirty dev data, meatball sandwiches -- nine more tales of brain fail beyond belief

You'd think we'd run out of them, but technology simply hasn't advanced enough to take boneheaded users out of the daily equation that is the IT admin's life.

Whether it's clueless users, evil admins, or just completely bad luck, Mr. Murphy has the IT department pinned in his sights -- and there's no escaping the heartache, headaches, hassles, and hilarity of cluelessness run amok.

[ For more real-world tales of brain fail, see "Stupid user tricks 5: IT's weakest link." | Find out which of our eight classic IT personality types best suit your temperament by taking the InfoWorld IT personality type quiz. | Get a $50 American Express gift cheque if we publish your tech tale from the trenches. Send it to offtherecord@infoworld.com. ]

Below, we've compiled nine more shining examples of user stupidity for your amusement, and education.

Off the Record submissions
Stupid user trick No. 1: The itchy clicking finger of fate Sometimes you have to don Nigerian princely robes to know just how likely your network is to get hosed, learned one IT admin at a midsize financial company in the Midwest.

Sometimes you have to don Nigerian princely robes to know just how likely your network is to get hosed, learned one IT admin at a midsize financial company in the Midwest.

"We've spent well into six figures on perimeter security, antivirus, and antimalware software to keep customer data and get through audits. But even so, in the last year and a half we've had no fewer than six breaches with data being stolen or compromised," says the admin.

"Then over drinks one day, a buddy who is a security consultant casually mentioned that human compromises were just as common as technology vulnerabilities."

Keen to quantify this collective brain fail, the admin's team set up a test.

"We took the roster of employees of our two largest offices and checked their corporate email addresses to see which were accessible off the Web. Out of 178 employees, 138 corporate email addresses were easily discovered -- like two or three clicks off Google. That alone surprised me."

The team then set up a phishing email and sent it to all 138 employees.

"Now I know why those Nigerian princes keep bothering people," the admin says. "Our current malware technology caught only 58 percent of our home-brew phishing mails. On top of that, because we didn't use the usual Nigerian-prince or $1-million-estate-up-for-grabs schemes, we managed to get 64 out of 138 to click on our 'malware' link."

Needless to say, the results raised eyebrows in the corner office.

"For the past six months, we've rebuilt and toughened up our antimalware perimeter, but much more importantly we've given several seminars on Internet and corporate security, and we got our COO to make attending at least one of those seminars mandatory for every employee."

Moral: Educate your users about social engineering, because rich Nigerian royalty, or corporate data raiders, can get you no matter what kind of antimalware you have.

Stupid user trick No. 2: The dirty back end

Circumventing IT for remote access can put you in a compromising position, as one IT manager at a software company in Florida tells it, especially if your company employs developers with dirty minds -- and who does that?

"A couple of years ago, our GM of sales had to demo our product to a potentially large customer. It was a rush meeting, so he had the head software architect on his team set up a remote connection to the dev servers back at headquarters," the IT manager says.

"The sales GM didn't tell the architect what he needed those connections for, and the other guy didn't think to ask. Neither thought to ask us," the IT manager adds. "Had they done so, we'd have stopped it."

Fast-forward to the middle of the GM's sales demo.

"The GM tags back to the dev environment to access a back-end database the app was using. But the database was full of junk data, like dev databases usually are. Junk data with first some weird names and then some downright nasty names -- like XXX nasty. All that flashed up on the screen when the GM ran his query."

Needless to say, they didn't get the sale.

Moral: Don't set up a remote demo without talking to everyone concerned. And maybe talk to your developers about not getting their dev data from Hustler.

Stupid user trick No. 3: Welcome to the thunderdome

It pays to be civil to your coworkers, says one IT admin who witnessed firsthand the special kind of evil a workplace feud can wreak on your IT systems.

"We had an exec who was, simply put, a dyed-in-the-wool jerk. No question, just a jerk. He gave everyone a hard time no matter whether they were on his team or whether the quality of their work was good or bad. He just enjoyed being a jerk," the admin says.

Until he decided to give IT a hard time.

"This one time he went out of his way to blame the low productivity of two teams, including his own, on technology problems. The senior IT manager was new to the role, just got promoted into it, and was completely unprepared for this in a senior staff meeting with the CEO. So he was majorly embarrassed and almost got fired only three weeks after taking the new gig. He did get put on probation and already had a ding on his review," the admin says.

Then the new senior IT guy decided to get even.

"None of us can prove it, but from what we were able to figure out, he hacked into the jerk exec's desktop, notebook, and we think even his phone. Dropped all kinds of nasty scripts on there, including one that kept the machine asking for new NAT leases, somehow kept Windows asking for updates no matter how often the guy installed them, added some kind of white list that kept the guy off of all the sites that he needed to see and only let him onto weirdo porn or pirate sites, deleted the contact list off the phone whenever the guy hooked it up to his PC, and autotrashed a random percent of any new files that were saved each day. It was ugly," the admin says. "The guy couldn't even log on at Starbucks."

Herein lies the second source of idiocy in this sordid little fight-club tale: the senior IT manager with an ax to grind.

"The executive lost two trip itineraries and even lost a sales presentation right before he had to give it. I think that last one is where the evil IT guy figured he'd done enough -- that cost us a sale."

Moral: Support your local IT sheriff. Feuds with anyone are a bad idea, but especially the guy who controls your computer. And of course, if you feel you've been wronged in the workplace, take it to HR, not the company network.

Stupid user trick No. 4: Developers do the darnedest things

Lazy is one thing; stupid, another. Together they can leave you pantless at the side of the road -- especially when it comes to developing code.

"We had a situation that wound up costing us almost a month of software development time just doing bug tracking," says one IT pro, who sets the stage of his company's dev-based debacle: "A new developer was tasked with updating one product with some similar functionality from one of our other products."

Two weeks later, still a week ahead of schedule, the developer says he's all done -- until QA gets involved.

"QA takes this guy's code and starts getting a weird error message in response to a key use case. Just couldn't get around it. That got kicked back to the developer, who was also scratching his head. He spends another week 'bug fixing' and resubmits the code saying the bug is gone now. Pow! QA immediately gets the same error again," the IT pro says.

"Now we're past deadline, and the dev guy is scrambling to get a fix going. A couple of days later, he's saying that it's not his code; it's the difference between our dev servers and our QA servers. Which was crap, because it's a mirrored environment."

Perplexed, IT begins comparing its server environments -- a process that included a code scan of the application the developer was supposed to emulate in the update to his app.

"Turns out the little worm just copy-and-pasted the code from the first app into the second and did some lazy work aligning the variables and syntax," the IT pro says. "But he left a number of routines in there that were going nowhere, so the code worked in his cooked dev environment, but died as soon as QA started running it on a clean set of servers. By the time we figured that out, we were four weeks past deadline."

And what of the time it took to "code" and "bug fix" the update?

"The whole time he was really working on his own app that he wanted to sell himself later," the IT pro says. "Yeah, that guy got fired."

Moral: It's more work to get away with code plagiarism than to do your own code in the first place. Oh, and QA guys are sticklers.

Stupid user trick No. 5: Meatballs -- IT's revenge

Low blood sugar can turn almost anyone's brain to mush. But a stolen lunch? For some it's a one-way ticket to pathological.

"This is one of those situations that is simply unreal until it's actually happening," says a one-man IT department who was working with two subcontractors at the time of this tale. One of the subcontractors was hardworking and friendly. The other -- let's say he had a quick temper and that he really, really liked meatball sandwiches.

"One day, we hear a door slam and then lock. I look out into the hall and I can see this guy had just locked himself in an unmanned office," the IT pro says. "He's snarling at his notebook screen and mouthing a rant to himself. I figure he's just upset again and make a mental note to complain about that behavior to our rep at the consulting company. Oh, how little I knew."

As it turns out, there was a meatball sandwich thief on the loose in the office. It must have been tasty because the meatball burglar pilfered the IT guy's sandwich two days in a row.

"So the accounting department calls me saying their machines are frozen except for an internal SMS message that says nobody's getting back on until this guy gets his sandwich back," the IT pro says. "Of course, I'm thinking accounting is making a joke, so I laugh and say, 'Nice one.' The guy on the other end gets really angry and tells me to get my s#!t together or else. Now I'm scratching my head. This can't be real, can it?"

The phone rings again and it's marketing -- same scenario: "This guy was using his admin creds to systematically shut down our whole network, segment by segment, trying to get his stolen sandwich back."

Our pro and the other consultant try to log on, and they too are locked out. "Even the guest admin creds are blocked. He's got solo control of every server, switch, router, and firewall."

Panic button! "I'm kicking this guy's door and yelling that I'm going to break it down and strangle him if he doesn't give us our network back. I must have looked like a psycho, except this nut job has his face up to his hall window and is screaming right back at me in Russian."

It certainly isn't our IT pro's finest moment, but in the end, he calms down enough to tell the rogue subcontractor that in all likelihood, "his sandwich is a digested memory."

"I ask him what he will take to give us our systems back," the IT pro says. "That's when he gets really quiet, probably having figured out that he's fired, but he's too pissed and proud to give in without saving face."

Our IT pro gets creative.

"I tell him I'm going to find the sandwich heister. He lets me on the network long enough to send another SMS telling everyone that I had a webcam installed in the lunchroom, so I can easily find out who stole the sandwich. But if the guilty party comes forward voluntarily, we can have a calm discussion before things go back to normal," the IT pro says.

"Unbeknownst to our nut job, I have his partner make a deal with one of the account execs, who cops to stealing the sandwich, and I make a big show out of firing him on the spot where I know the crazy person is watching," he says. "The account exec really played it up, too, yelling and pleading for his job. I kick him out and go back to the nut. 'Satisfied?' He's reluctant, but it's that or I call the cops. So he gives us the network back and stomps out of the building. Never heard from him again and the consulting company gave us three months of free service to make up for his crap."

And the account exec?

"He comes back the next day and we all have a chuckle."

And the sandwich thief?

"Right after this I really did install a webcam in the lunchroom, which is how I caught this new guy stealing someone else's lunch. He got axed real fast and I enjoyed myself doing it."

Moral: Don't mess with another man's meatballs.

Stupid user trick No. 6: Self-service IT gets sticky

Self-service IT may seem like a dream -- until it ends in a police raid.

"We were managing a big database and dev shop. Almost every day we got complaints that there weren't enough servers for Project Whatever. So I talked our CEO into funding this giant wad of hardware, which we used to double our server capacity," says one IT admin. "We then converted the whole infrastructure into a virtualized environment running on a big hypervisor."

Each team was given open access to its own resource pool and could allocate those resources however it liked. There was nothing for IT to do except manage the infrastructure. Sounds great, right?

"Unfortunately, my guys interpret that to mean all they have to worry about is up-down green-light health on the physical servers," the admin says. "They don't check much on the virtualized servers."

Step one for exposing yourself to a bust.

1 2 Page
Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies