I wouldn't be surprised if this actually didn't happen. Let's see if there are elements in the story that stand out if we take this perspective. (It is much harder than detecting photoshop effects).
+ He could have been on holidays, or getting a child, but it is the death of his mother. Of course, we are gonna feel really bad for him. That's really good for the story.
+ The security of the system is such that on one hand a dongle is needed, but on the other hand someone can fake sending email through your account. This is apparently widely known by non-expert colleagues to just joke around, but not known by the security staff.
+ Technological "details" that do not seem to make sense such as SQL to make it sound like a true story to the uneducated.
+ The writer already assumes that we think he is lying. Hence, he comes up with the dongle story. We would already have been fine with his word that he just didn't send the resignation letter.
+ He physically shows up 6 weeks later without checking his email once (reply email). Of course the effect of the story is much stronger in that case. However, is it very likely not to check your email at least just before you show up at work 6 weeks later? [Edit: incorrect assumption, see @c8g.]
Then what would be motive of the person asking the question. It is a throwaway account.
+ A researcher who wants to see what the difference is between a fake story on Facebook versus one asked on StackOverflow? How could such an effect be properly compared?
A lot of good points, but not all of them feel valid.
> not known by the security staff.
They may just not care, or at least not make that a priority. If the dongle stuff was done just to comply to some norm or regulation, actual security could be perceived to be secondary.
> The writer already assumes that we think he is lying.
Not quite. He assumes we think he could be mistaken. ("[…] it could be conceivable […] that, in my grief, I remotely logged in, sent the email and forgot I did it"). Still a bit fishy, but not as much as you make it sound.
> is it very likely not to check your email at least just before you show up at work 6 weeks later?
That can be estimated, but not that if it were me, that would be a virtual certainty. I never check my work email outside of work. I go to work first, then I check my email.
> It is a throwaway account.
Of course it is. One does not want to tie a long term account (which may be tied to a meat-space identity) with negative stuff like that. The evidence by throwaway is practically nil.
> > The writer already assumes that we think he is lying.
> Not quite. He assumes we think he could be mistaken. ("[…] it could be conceivable […] that, in my grief, I remotely logged in, sent the email and forgot I did it"). Still a bit fishy, but not as much as you make it sound.
Not quite assuming that we think he's lying, but a very common tell for lies is that the lier is preempting challenges to weak points in the story.
A lot hinges on his location and the exact job, but it smells very fishy that he apparently is set up for remote access to email (so it sounds like a "regular" knowledge worker job where checking your email from not-the-office at times is not uncommon), but when leaving very suddenly, ie. with no time to hand over work to colleagues, as you'd normally do for planned leave, he wouldn't bring the dongle with him, to be able to check in and make sure his colleagues have what they need to move on without him.
Thanks for actually pointing out all those things that made me feel as if the story was made up.
I would add the general style of the write up. It does not seem like a person being actually keen to receive an answer but is written like a tale. For example, notice the start of each paragraph: "Anyway"; "now maybe"; "the fact is". (That might be his personal way of writing as well, but it adds to the suspicious feeling)
And of course the fact that one can simply quit by Email, especially after having worked at a company for a long time seems highly unlikely, I would at least expect them to call you before moving on.
I know of a few instances of people resigning by email. Two weeks ago, one project manager and one engineer quit by email from my parents' company on the same day. In one instance, I started working as a replacement for the engineer the day after. It's not inconceivable to me that a CEO would take that email as formal notice, or that they might find a replacement within 6 weeks.
This is very much a personal preference and not a culture/company thing. I've worked for companies with great work-life balance where some employees (including non-management) would check emails over the weekend or when on vacation. And I've worked for companies that had an expectation you check email on the weekends where some employees (including management) would not do anything over a holiday.
Although some of these hypotheses are vaguely plausible I think it is outrageous to lay all the suspicion on a potential victim. I'm not saying we should be naive and take everything for granted in this story but the least we can do is assume he's telling the truth before advocating the devil - specially in regards of a mothers death.
Also :
+ if it was holidays or a child he wouldn't have left in a rush : those departure should arguably be prepared in advance
+ "Technological details" are very vague and sounds like something he overheard but didn't understand or know how to use.
+ the throwaway account means nothing and could very well plead in his favour : he's not sure he wants to spend time attacking his company so he stays anonymous before taking a rushed decision.
+ not checking his email is consistent with not having the dongle !
> but the least we can do is assume he's telling the truth before advocating the devil - specially in regards of a mothers death.
Thanks for your counterarguments. I of course admit that my assumptions are assumptions and henceforth definitely not airtight. However, I just wanted to say that I would have never actually responded to that question itself with how I commented on HN, just to be safe.
CEO couldn't, it's fraud, but employee laws / rights in the US are pretty shoddy to begin with so I'm sure just firing the guy normally wouldn't be too difficult.
True, I've omitted the things that seem to be platform specific.
+ No follow up comments on questions for some more info or thanking people that feel for him.
+ Using a very general name as nickname (although not English).
+ A throwaway account. Although it's understandable, because it is a personal story; if this would happen to me everyone would know.
It also interesting to see how good the story is. When people respond to this in the sense of "who did it?", they come up with the CEO. If he would have weaved in the name of one of his colleagues that used to joke around with fake email addresses, the story plot becomes weaker.
Also the fact that it seems no one from his work (bosses or colleagues) phoned him or made contact in his absence to enquire about his or his mother's wellbeing to empathise with him on his resignation (which would have therefore eliminated his "surprise" on his return.
The other thing that is odd is that they mentioned their mother's illness took a turn for the worse and they were communicating with only the CEO via phone. It seems unlikely that you only let the CEO know at the beginning of your absence and then don't let him/her know when you will actually be coming back. It also seems unlikely that the company would accept your resignation, post the position, interview, make an offer, and have the new person start all within 6 weeks. Perhaps it is just me, but that seems like an aggressive timeframe to get all of that done.
'Technological "details" that do not seem to make sense'
It's not unusual for database servers to have functions available to send emails from stored procedures - it doesn't seem completely unlikely to me that someone could use something like this to send spoof emails.
Nevertheless, it does pose a more general question. Given that in many workplaces the employer has access to your work email/account, how can one prove that he/she did not send a particular email?
There's a large amount of information generated when you send an email, and a whole branch of IT (digital forensics) with many dedicated professionals who deal with such things routinely.
Even though I only worked peripherally with digital forensics people, and I know a lot about how email/computers/networks work, I know enough to know that I could never get away with forging an email (especially not one where anything serious depended on it).
Still, as far as I understand it, it comes down to how good/competent the IT dept is at log-keeping, and how complicit they are in the forgery.
In a more broader way, how can one prove innocence if their company use the employee's credentials (ID/email/etc.) to drop the blame on them? Wouldn't it be the employees words against the employer, while at the same time the employer has the control over the data/evidence?
Digital forensics professionals deal all the time with attempts at active fraud (eg. people deleting logs, clearing caches, etc). Even if the IT department didn't keep the logs, or tried to delete them, there would be some "Data remanence" on one of the various machines involved in sending/transmitting/receiving the email.
Sure, but removing all traces is hard and most criminals are careless, sloppy or dumb.
I mean, if this particular case is real, someone has performed a serious crime, risking years in jail, for a comparably trivial reason and small gain - it's not an indication that the perpetrator is likely to be risk-averse, meticulous and smart.
If we were looking at a forged email as a part of a sophisticated campaign for extracting secret information or defrauding very large amounts of money, then it would be likely that the forgery is done carefully by skilled people thoroughly removing all traces - but for a reason like this? not likely. Heck, digital "intelligence ops" by major governments sometimes leave traces due to some sloppiness or carelessness, it's very hard to be sufficiently thorough.
If the poster didn't really send these e-mails/IMs/communications, this would be a huge fraud, security, workers rights, BS situation. In most situations in IT, directors will pay these types of situations out, mark them as redundancies and move on. I agree. Everything about this story should be examined carefully.
I see a lot of company mail servers misconfigured to allow authenticated users send mail as anyone. So while the SQL part makes no sense to me, sending mails for another account seems rather widespread whereever I .. tested. And then there's of course the ability to just send from your account and change only the FROM header.
Would be interesting indeed to know what kind of set up they are using that emails are stored in SQL and don't specifically go for example through postfix/exim where it can be easily detected by logs. Or why they are not using gmail/exchange.
Alternatively (if it's not a complete fabrication - which I agree is most likely).
The author implies that he's used the 'SQL' way of sending emails. Calling it 'SQL' sounds like a way of feigning ignorance of the details - and therefore giving a defense on future cross-examination.
I suspect he either used it personally to resign, or asked a colleague to, who has effectively been set up.
For what it's worth, my parents asked me to replace one of their contracting engineers who had just resigned. I started working for them the next day. Obviously hiring contractors is different from permanent employees, but if you have the right connections, you can fill a position quickly enough.
You don't even need to poke specific holes in this story. It's an internet story, so if it smells like bullshit it probably is.
Apply Occam's Razor to it. What's more likely; that some unknown person resigned on this guy's behalf or that he resigned and he's going with this b.s. story to save face or that none of this happened? One of the latter two is the most likely.
I don't understand your application of Occam's razor. In what way is the scenario that he resigned by accident more likely? Maybe he was drunk, angry, depressed and overwhelmed and sent an email later to change his mind but then... why write about it on stackexchange? Or assuming none of it's true, again why bother writing it up and pretending a fake story?
It's fine to say "this is the internet and people invent stories" but to apply Occam's razor you need to actually come up with a motivation that would cause this guy to actually invent this story and post it online.
I don't feel like I need to explain his motive for posting on SE since the original story doesn't address it either (since he's already fired and seems to have given up. Why is he posting is still an open question even if you believe the original story.)
Why he chose to post is a separate issue. People have any number of
motives for doing things, and what you believe to be reasonable explanations depends on how you think about human psychology. Personally I have seen enough people post lies online that I don't even worry about what the motives are anymore. I just look at what I think is more likely; is this story true or not? This story reeks to me. There's no way some unknown person resigned for him. Either he did it and regretted it or this whole story is made up. Both of those are way simpler than the claim that some unknown person logged into his secure email and that the company reacted so nonchalantly to him telling them he didn't do it. If someone hated him enough to write a fake resignation letter and risk their own career like that, he would know who it was.
Frankly it's one of the more obvious fake stories on HN in a while.
Ok, if you don't have an possible explanation for his motivation, that's fine. You are entitled to and should rely on your gut instinct because after all no one here has the complete story.
I think you should be careful to invoke Occam's razor like this though. It states: "Among competing hypotheses, the one with the fewest assumptions should be selected". You can't compare two hypotheses unless you express all of their respective assumptions.
I wouldn't be surprised if that "someone" was the CEO or someone working on the CEO's behalf. What else could even make sense?
Even if some coworker had a grudge or a bone to pick with OP, they had to know that OP would return eventually and any CEO worth his salt would demand answers immediately. Specially considering the legal risks exposed here for firing someone on FMLA qualifying leave (assuming US).
Weigh that against a CEO who accepted a resignation and re-hired for the position based on a single email alone without so much as a follow up call. When OP returns seems lackadaisical about investigating. Seems fishy to me.
The whole thing smells like fiction, and this is the very first post from a days-old Stack Exchange account.
> It could’ve been a colleague because I know there is a backdoor way to send emails using someone else’s account via some sort of a SQL database thing. We used to do it as jokes but it was never used for something like this
I mean, the "first post" thing is hardly a red flag--it could be a throwaway, or just the first time this person had felt the need to ask an SE question.
It's workplace.stackexchange.com, so they aren't necessarily computer literate. It's entirely possible there is a script somewhere the sets the from field, possibly user configurable. A lot of ticket management tools will do something like this, making a change to a task in the software will send out an email from you.
> Weigh that against a CEO who accepted a resignation and re-hired for the position based on a single email alone without so much as a follow up call.
That is the part that smells to me too. I don't know any CEO, manager, or person otherwise responsible for employees, that would take a single resignation email as the one and only thing to start the paperwork and rehire a replacement.
The cynic in me, say that the CEO was unhappy with performance and/or the leave. Used his posistion to gain control and send the mail to get the ball rolling.
If it wasn't him, I would fully expect him to launch an investigations right then and there when it became apperant that someone spoofed an email. IT should have all the logs necessary to figure out where the email was send from.
Not only that at most exit interviews or shortly after a company will normally request a signed statement that the company doesn't owe the former employee any further compensation (pay, unpaid holiday leave, etc).
Completely agreed. The fact that the CEO didn't call to talk to him is fishy as hell. Even to say "I'm really sorry about your mother and I'm sorry this didn't work out."
This really seems like the CEO committing fraud to free himself of a problem he felt he had no other way to solve.
I don't know how I'd fight this or if it'd be worth it. You can sue anybody for anything, of course. But if the CEO is willing to commit fraud to this extent - maybe it's best to cut the loss?
This is exactly what I thought when reading his description of the story.
- Someone acting maliciously would have to account for the possibility of the CEO simply picking up the phone and dialing the OP to check in.
- OP specifically mentions the CEO "told/showed me a resignation email". The OP specifically mentioning it was told as well as shown felt like a message from his subconscious mind that the CEO is guilty and had rehearsed how to prove his innocence.
- The CEO gave a definitive statement that another person was already in his position, rather than treat it as a serious issue of fraud and a hostile work environment.
- The OP professing "I don’t care that much about the job" makes me imagine a scenario where the CEO gets to let an unmotivated employee go (or at least one who could be replaced within ~2 months) and keep 6 months of paid leave.
Be that as it may, the OP never mentioned where he is working from. As you probably already know, labor laws and business culture differ depending on where you live.
For instance, I live and work in Saudi Arabia right now, and there is a lot of red tape around firing Saudis in the workplace--even wages are partly determined by your country of origin.
It is the only explanation because if it was an honest mistake/impersonation, someone would have called him. HR. Even security to know where to send some box or about some device he failed to return.
> The fact is, I don’t care that much about the job. It was the fact that I had long service leave in about 6 months (I was actually coming in to negotiate whether I could take the leave early) and quitting meant I wouldn’t be paid out for it.
Forging his resignation probably saved a lot of money for the company...
I had a situation once where a single (not very interesting) paragraph from a confidential document a client had "mistakenly" sent me was mysteriously leaked on a public forum. Said client then claimed I leaked that paragraph, and used that claim as part of their official legal justification as to why they didn't need to pay me.
Ask yourself who had the incentive to leak that paragraph... And it sure as hell made me wonder why I had been "accidentally" sent the document in the first place.
edit: Worth noting, that this was a situation where the amount of money involved wasn't quite high enough to make it worth suing over. So really, it was just a dumb thing to do that didn't make any real difference - I wasn't going to realistically be able to get the money anyway. My best guess is this wasn't an "official" thing the client did, but rather a dumb spiteful mistake made by an individual at the company without the permission of anyone else, and who wasn't thinking about the situation objectively.
Hardly related, but does anyone know why resignation letters are so popular in the first place? When I quit the only job I ever had, I went to my boss and told him I wanted to quit. We had a constructive conversation.
Now, this company has a very strong "talk about it" culture, with super supportive management, etc. No bureaucracy or paperwork anywhere. Nevertheless, my boss was totally surprised that I wanted to talk about resigning. Pleasantly surprised I might add, but still: In his entire career, every employee who had left had written a letter and left it at that.
Why do it that way? Of course I understand if there's fundamental disagreements or deep unhappiness, it's a good way to keep emotions out of the way. But that wasn't the case here, and everybody I know who left that company left it on good terms.
I ask because I'm an employer now. I try to be a good and open-minded boss, and I'd much rather have someone tell me what's going on than receive a letter out of the blue. Is this wishful thinking?
I (and the people I know) write resignation letters because it makes the intention clear (I really am resigning, not just sounding off because I'm annoyed or discussing possibilities). It also gets the facts down in writing in case of later possible confusion or dispute: in particular it ought to say "my notice period is X and I have Y days of leave outstanding, so my final day of work will be Z".
Basically leaving work is a formal change in status that deserves to be memorialized in writing, just as the initial contract should be in writing and any subsequent changes would. That doesn't mean I wouldn't also talk to my manager, but the letter is important too I think.
does anyone know why resignation letters are
so popular in the first place?
My employment contract literally says "Your employment may be terminated either by you or by us by providing X weeks written notice" and while I could work to get that language changed, I don't imagine such a change would deliver measurable business benefits.
I suspect many employment contracts are the same, lawyers having seen that clause in some 25-year-old textbook.
Yeah. I've always explained my decision in face to face discussions, and the first thing they ask once they've confirmed that is definitely what I want is if I could write it in a letter please.
A lot of the time, people resign because they aren't happy with their job, and believe there's not much that they can do about it. Maybe they don't like their manager, or some of their colleagues, or think that the work is boring, or the job is not conductive to their future career success, or that there is something systematically unfair going on in term of work load or salary, or so on.
People on a team understand they cannot fire team members, even if they are dickheads. They cannot change what they work on, or double their salary. That means there will be radio silence for the last few weeks or months when they are looking for a new job.
Employees also tend to think the employer already knows what the problems are. If the problems are not being addressed, they will think the employer does not think they can or should be fixed. Why bring up something the employer obviously must be aware of, but has done nothing about?
In my experience, the resignation announcement will, indeed, usually come out of the blue. For an observant manager, it may not become as a total surprise; there are some signs. But almost never will employees discuss with you about these things in earnest. There will be signs, but not forthright discussion.
Are you me? At my only "real" job I scheduled a meeting with the MD and we had a very long and constructive chat about the reasons I was leaving (grievance with my immediate boss which had been raised repeatedly but never dealt with), plans to hand over the projects I was working on, and my plans for the future. He wished me all the best and said he'd always be there if it didn't work out. At the end of the meeting I handed over my written notice, which was just a few lines confirming that I was leaving and the date of my last day.
The MD is still a good personal friend (he even hosted our wedding reception in his garden) and we've worked together on multiple projects since. The bad boss was let go shortly after I went, when it was looking like another senior developer was on the verge of quitting.
I guess the moral of the story is to never burn your bridges, no matter how bad the situation seems at the time. Plus, as a business owner myself now I'd much prefer the honest feedback so I could actually make improvements that might make other employees' lives more tolerable.
Documentation and records are a good thing. A resignation letter makes the intention clear. It protects the employer from things like future disputes like for example if the employee claims they were fired.
All I see in that conversation is risk of offending someone you need for a future reference. Employers are unlikely to get the whole truth even if a discussion takes place.
I've always told my boss briefly in person and followed up with a letter. The letter is necessary documentation. It provides proof the resignation occurred (or provides the starting point for a criminal investigation if forged).
Talking about it is great, but you must document it all.
You must get the letter, as it is a rather significant amendment to the employment contract. All kinds of bad stuff can happen when you don't document this well. Employee and employer should both insist on this being well documented in writing.
Because you know why. Nobody wants to risk getting revenge reference by badmouthing the place. Why risk anything by showing grievances when there is no reward?
A lot of that stackoverflow sites q's are from India which has a lot of byzantine rules about paperwork related to employment "reliving letters" seem to be a huge problem.
"The letter was a forgery, someone in your company is unethical, and you should find out who.
As far as I am concerned I am thinking of suing, but if you simply paid out my leave I would be satisfied, and finding the unethical employee will be on you."
And that's it. If the CEO is as honest as the question makes him out to be, this should be enough, and it's much simpler. If not, then you lost nothing, and can sue, get a lawyer, etc, as all the answers suggest.
> As far as I am concerned I am thinking of suing, but if you simply paid out my leave I would be satisfied.
You know to many that type of language would be interpreted as a threat. You might also take into consideration the CEO may legitimately believe the company has done no wrong in this case. Not all people/companies respond to threats by getting scared, many fight back.
The allegation which is being made, is that the company accepted a fake/fraudulent letter. It will be highly unlikely that a company would openly admit to be such a victim, unless it was in their best interest.
> If the CEO is as honest as the question makes him out to be, this should be enough, and it's much simpler.
This is business, a CEO's job is to protect the business not kowtowing to someone who is threatening to sue.
To add to that, I do not delineate between threats to sue and suing. If you threaten to sue me I will instruct my lawyers to beat you to the courthouse with a countersuit. I've found this attitude tremendously clarifying in the long run.
When I was working at a previous company, my manager jumped on my PC and used it to send an email from my account to my colleague, while I was out on my lunch break. It was a joke, which I thought was highly unprofessional. I asked my colleague, and he said that he seen the manager use my computer. I confronted the manager and she owned up to it. I've asked her to explain, and her excuse was that I should have locked my PC and I didn't take it anywhere further. However, I could see how a more serious incident could happen, so I wouldn't be surprised if it was the CEO where hubris can run rampant at those levels. Usually companies would have audit logs of who and when the account was accessed, I would start looking there.
At a previous employer I worked at, this was pretty common.
If you left your computer unlocked for any amount of time, you were pretty much guaranteed to be screwed with.
Because it was so common, it wasn't a big deal. If you got an odd email from a co-worker, you assumed they must have forgotten to lock their computer.
It was a security related company, and the general excuse was that the practice was intended as negative reinforcement to push everyone to have better security practices.
I don't know if it was a good or bad culture to have. I can tell you that, to this day, I never leave my computer unlocked.
Pranks are a sign of trust. The trust bit is that you only use it for pranks and not any of the myriad other things you can actually do with a logged in computer. But the pranks should be a reminder they might just as well not have been a prank, and that you should bloody well lock your computer already.
Can't find it at the moment but I remember Adam Savage once saying that him and Jamie Hyneman never play practical jokes on each other. It would end up with one of them duct-taping the windows on the other one's house to fill it with water. Don't prank your sysadmin. It won't end well for you.
For context, the two Mythbusters presenters have famously different personalities and are not exactly friends. This reinforces the idea that pranks are generally done between people who feel they can trust one another.
There was trust between them. Trust does not require compatible personalities. Both of them have spoken at length about their working relationship. Part of that trust was knowing the other one would never condone or sign off on pranking. Adam was pranked once with a cattleprod and it resulted in firing the producer that was responsible (and Jamie was not in on it).
Pranks are cheap laughs, slapstick humor. It does not belong in a work environment.
I've done this, but I would only do it to people I already consider friends. If it ends up being over-stepping, you apologize and move on. It shouldn't be a big deal.
Well, you totally deserved it imho, because you really should lock you PC. If something serious would have happened (missing important data etc.) it still would be mostly your fault, because I'm sure if you read company's IT security policy (that you've probably signed) you will find a clause that demands looking your PC whenever you leave your desk.
Where I work such jokes are even encouraged by IT personnel to help workers to take security seriously. Of course, nothing harmful is allowed, it's on the lines of "I'll bring cake to everyone tomorrow", "free pizza for everyone", "I owe $10 to X" etc. It's fun and, unlike most security practices, it really works as old-timers lock their PC even when going to restroom and mostly newbies still fall for this.
So unprofessional and disrespectful for both people...
Forgery is a crime - and I think sending an email from someones unlocked computer would fall under that if it was pressed in court.
If sysadmins have things set up that way, they can unlock a locked desktop and log in as the user; or even change the users account password and log in. Using these two methods as the example I would think no sane person would think it ok to log in and send an email as described. So why is it OK in this case, when a computer is left unlocked?
A normal person should feel guilty digging in another persons stuff - always; and the person who was violated should also be indignant. Period.
What if a boss or coworker had requested you to take care of something on their computer? Is the fact they gave you the access make it ok to look through their browser history while your there? If not, what exactly is and is not off limits during an 'authorized' entry event? And what is different if they left it unlocked instead?
Hope you can see how this opens a huge pandoras box.
Also, if people are not there to protect the team and coworkers, how can they trust each other when it is really important?? What will happen when there is an attacker from the internet forging things? How will you even know who is telling the truth then?
A professional will take care of the problem with a warning or a note. After so many repeat offenses, give the warnings more teeth, and/or start tracking them and provide punishments. Alternatively lock the desktops with an inactivity timer.
Just realized maybe you are trolling (or hoping you are!).
> So unprofessional and disrespectful for both people...
I know of companies that do this, and I totally agree with you. It's done under the guise of security, but is really just immature hazing. First, if I'm in an office environment with fellow employees why is locking my computer so important? Is it to stop the random person from stealing company secrets or impersonating me? If that's the case why wouldn't the other employees around my computer notice someone, since clearly they had to be close enough to notice if I left it unlocked.
Second, if I'm out in public theft is much bigger issue than locking the computer.
Finally, and something you touched on, is that now it makes it hard to differentiate between authorized and unauthorized. It's much easier to say using someone else's computer without their knowledge is grounds for termination 100% of the time.
> It's done under the guise of security, but is really just immature hazing.
I so agree. I saw things like this in the military. At that time it was tools...
Before aircraft takeoff and between shift changes; all tools must be turned in and accounted for. If one is missing all personnel for that shift and the one coming on have to go together for a tool search at every jet, vehicle, etc. This means every person searches as a team until it is found - this could be 50 or more people, 1/2 staying late from the previous shift! Depending on the supervisor they may also ground the aircraft squadron temporarily- ensuring that the pilots and admin staff also know who lost a tool.
It was extreme hazing - but at least I could assume that it was done for a good reason - true safety. If a jet starts up and a tool gets sucked into the engine bay people can die - not to mention the damage - it would be career ending for those found at fault.
Unfortunately like anything some joker I saw used it as an opportunity to harass someone they did not like. People could pocket a targets tool for a while, and turn it in anonymously at some point into the search when they felt enough damage had been done.
When I saw someone do that and justify it as a lesson - I decided that my integrity is more valuable. I have not regretted that particular decision yet.
Exactly - The reason for security is a weak reason - my coworkers had the same access as I and everyone could see my screen or if there was someone unknown sitting there, they would have spotted them straight away. We were all shoulder to shoulder in a far corner of the company. There was not much secret stuff going on there either.
There are many more important security practices that should be followed, more important than desktop locking, yet they don't attract the same kind of vigilante attention.
In my situation, it was blatant bullying, especially considering the inappropriate content of the email that was sent. The desktop locking was just an excuse. There was no other way you could frame this.
I worked somewhere where the behaviour described in OP's post happened. It was just lighthearted. We worked in desk 'bays', so someone sat next to the unlocked PC would have visuals on what the prankster was doing on the machine. Harmless emails like 'I'm buying the whole office donuts at lunch' were sent. It was very rare for any employee to leave their machines unlocked twice with this unofficial procedure in place.
I could see how a joke like this can accidentally turn into something harmful. Often these incidents are impulsive and the sender may not think twice about the implications.
So, while the computer is not your property, the information as well as access to personal accounts or information might be protected. All of that is personal and depending on jurisdiction can be protected and accessing it would be a violation.
I'm not entirely certain what the legal status of this in the US, but I know of other jurisdictions (Costa Rica, for example), where employers are forbidden from scanning, logging or viewing personal email accounts or even personal email on work accounts/computers. Hell, they can't even make a back-up of your computer without your permission.
The issue would be more like "I see my neighbour left his door open when leaving for work; I go in, leave a note on the kitchen table and shut the door". This might be OK or not depending on community, but at least it wouldn't be always entirely unreasonable.
At a former employer, when someone left their computer unlocked, usually, someone would send a mail from the unlocked computer to a mailing list that most people were subscribed to (including the person that left their computer unlocked, or CCing them if they weren't), with a subject like "I went to urinate" (and the mailing list name was essentially "pee", but in the local language).
That actually worked quite well as an "educative" tool.
This is pretty common in my workplace as well. Usually what gets sent is an e-mail along the lines of "due to leaving my computer unattended today, I'm bringing cake for everyone tomorrow".
I consider it a good method to keep everyone aware of computer security.
As said on stackexchange, you should get a lawyer and contact the authorities as a felony has been committed. Even if the company isn't involved in the events, they should not treat you as they did and owe you a proper severance pay.
Getting a lawyer is a fine idea, but if this happened in the US, they don't owe you anything apart from optional COBRA (medical insurance for purchase). Severance pay is not required, and is typically not paid if a person terminates employment of their own volition. Even if a person is fired/laid off, severance isn't mandatory and is mostly about protecting the company from litigation/employees going to competitors.
How do people afford a knowledgeable lawyer and forensics expert as mentioned in some of the replies? Don't they get expensive fast? What if you lose the case... how much money will you be out?
Many people have legal dispute insurance (at least in Norway, Netherlands, and Switzerland[1] this is not uncommon once you make a normal IT salary). It is not that expensive and well worth having. They wont pay for top lawyers, but it will pay for legal advice and normalish proceedings, especially on common legal areas related to hiring and firing.
Secondly, advice about going to lawyer does not mean sue until it hits the supreme court. It means, get professional advice on the likely outcomes of the different actions. Such as what kind of settlements can you expect, are you like to win on procedural grounds etc... How to best proceed etc... and what outcomes are acceptable to you.
This kind of advice will give you an expected ROI on different approaches that are available to you. Upon which you make an "investment" decision on which approach will be the best for you (not always financial).
Normally such a conversation won't take to long and will not be billed at the legal firms top rate.
It's a European thing, as people in many European countries will sue much later than in the US and court cases are usually quite cheap. Most lawyers in Europe don't make a huge amount of money (unless you're a corporate lawyer), so that many cases will only cost the insurance a few hundred dollars.
In one of the most litigious societies in the world? I find that extremely surprising. How are all these ordinary people able to afford suing big companies because they burnt their tongue on their coffee?
According to a poster I saw once posted in front of my house, the average IT salary is 8700 CHF a month. But expect more depending on the region and for programmers.
Legal advice from union lawyer is free (at least here) and since this obviously breaches contract even the court battle would be free or at minimum cost (this is exactly why we have unions)
Consultations tend to be relatively inexpensive, and a lot of lawyers in the realm of employment law will work on a contingency basis -- you pay a certain percentage of the settlement/award amount. If you lose, you don't owe the lawyer anything.
The "get a lawyer" advice gets tossed around workplace.stackexchange WAY TOO OFTEN and basically snubs discussion.
Getting a lawyer, at a minimum, means forking over a few hundred dollars just for some advice. Going beyond that we're talking hundreds to thousands more for the lawyer to merely write a letter. Going further beyond that, it then becomes the plantiff's "life work" to deal with the court system while paying many thousands to the lawyer for, AT BEST, an iffy outcome after months of drudgery, and yes, then face being effectively blacklisted in the local industry.
That said, there are some good reasons for people to get a lawyer but getting fired with a dirty trick (assuming the dubious story is even true) is rarely one of them.
> Getting a lawyer, at a minimum, means forking over a few hundred dollars just for some advice. Going beyond that we're talking hundreds to thousands more for the lawyer to merely write a letter.
This has not been my experience at all.
A few years ago I had a dispute over a commercial lease agreement with my landlord. I did all the research I could and wrote a short summary of my position on the matter, along with a few relevant citations. I made an appointment with an attorney and asked that she write a lease addendum that terminated the lease immediately and held harmless both parties, which included my reasoning for doing so.
I paid her $120 for her time to write the letter, and it was invaluable as leverage in negotiating with my landlord - there's a big difference between saying "I'm gonna sue!" and bringing a document to the meeting prepared by your attorney to resolve the disagreement.
Hiring an attorney doesn't have to cost a fortune - you just have to take steps to minimize the time they have to spend on your case.
I would write a formal letter to the board of directors (and perhaps key external shareholders) as well. It doesn't have to be much - even a forward of the post, letting them know that it refers to you and their company.
If they are complicit - it makes a paper trail for others to discover. If they are not complicit then the CEO will get instructed to do the right thing.
If you could see the email, look at the email headers. It should indicate what IP address and email program sent the email, as in, it may say SQLMail and it IP of the machine.
Finally someone using their head instead of just blindly speculating. SQL keeps history of commands as well. Plus if this company is so "advanced" that they use some kind of SQL procedures to send email, I am sure there are plenty of other audit trails they can follow to verify where the message came from.
All-in-all, the fact that he mentions he exploited security hole in his company and then calls it "SQL thing" screams at me: FAKE
> All-in-all, the fact that he mentions he exploited security hole in his company and then calls it "SQL thing" screams at me: FAKE
Why? That doesn't surprise me at all. As a (Computer Science) student, there were a lot of jokes (e.g. connecting to other computers, and doing... stuff) involving scripts that most people just blindly copied, without understanding them at all. And I have seen the same last year during an internship.
How do you accept your exit package without signing anything in person, I have never had a job where a single resignation email was enough for HR to close you out as an employee, this smells super made up.
The scenario is odd - I understand dropping things to take care of a relative. But a 6-week interval is too great in this day. There should have been some further communication of intent.
You can do this with most systems. Just edit the From field in a script. External emails will usually be blocked and you can still see in the header that it was not sent from the actual account so that the risk of fraud is low.
If it happened with a script it should be easy to find out by looking at logs and/or header.
It's possible the CEO did try to ring him but didn't get hold of him. From the lack of response the CEO assumed the guy was serious about his resignation and went ahead.
Local IT guy in the company is only person to help most likely, it would be first person to reach for such sneaky task. Either he would know or would have logs.
Though, seems hard to solve, especially if he is out of US/Europe.
Yeah. But if he's not the culprit he's the best person to help.
Also, unless there's a personal vendetta, the biggest motive for someone doing this is someone that doesn't want to pay the expense of an employee on leave for awhile.
Why is this on HN? The top-voted comment here calls it fake, not a single comment adds anything substantial that wasn't written on SE. As far as I can tell it's just tabloidish voyeurism...
>It could’ve been a colleague because I know there is a backdoor way to send emails using someone else’s account via some sort of a SQL database thing. We used to do it as jokes but it was never used for something like this and I can’t imagine anyone that would hate me enough to go this far.
Most places would escort you out of the building for doing this.
My friend got managed out of the BBC and had emails confirming a promotion deleted from his inbox; unbelievably they were still in his trash folder. Someone else was promoted in his place while he was away on holiday. Nothing surprises me anymore when people have a sense of entitlement to someone else's promotion.
+ He could have been on holidays, or getting a child, but it is the death of his mother. Of course, we are gonna feel really bad for him. That's really good for the story.
+ The security of the system is such that on one hand a dongle is needed, but on the other hand someone can fake sending email through your account. This is apparently widely known by non-expert colleagues to just joke around, but not known by the security staff.
+ Technological "details" that do not seem to make sense such as SQL to make it sound like a true story to the uneducated.
+ The writer already assumes that we think he is lying. Hence, he comes up with the dongle story. We would already have been fine with his word that he just didn't send the resignation letter.
+ He physically shows up 6 weeks later without checking his email once (reply email). Of course the effect of the story is much stronger in that case. However, is it very likely not to check your email at least just before you show up at work 6 weeks later? [Edit: incorrect assumption, see @c8g.]
Then what would be motive of the person asking the question. It is a throwaway account.
+ A researcher who wants to see what the difference is between a fake story on Facebook versus one asked on StackOverflow? How could such an effect be properly compared?