Over the years, a few times I've heard a (perhaps sometimes apocryphal) story of something like this. The first one involved a programmer who had access to the payroll database.
Has anyone heard of someone getting away with this?
It seems dumb to me. Someone might feel pettiness impulses when wronged, but grievances are what lawyers are for.
(I did hear a variation on this story, where a programmer had artificially rigged up spreadsheets to fail periodically, so that they had to be brought back in as a consultant firefighter to "fix". IIRC, the story was told by a programmer who'd investigated and discovered what was going on. But this is close to standard operating procedure for a lot of development teams, though: through poor technical and business decisions, by accident or design, you guarantee yourself years of encumbered, time-burning work, to maintain and extend that.)
Well, has anyone heard of someone escaping appropriate repercussions?
For example, maybe the company found out, but decided not to involve the police or demand repayment.
For another example, maybe an employee found evidence that suggested such a thing happened, but not far up the chain of command decided that investigating and escalating it wasn't worthwhile to the company.
My reason for asking, is that my initial reaction was that is just a bad idea. Then I wondered whether it was a bad idea that was nevertheless happening.
At a previous company we fired an analyst. This person had been combative from the day the company I worked for aquired the company he did. When asked to simply show us his reports the first day we met with him he refused saying he "wasn't prepared to show us the secret sauce yet, he wanted his job security". Unsurprisingly it wasn't long before he was fired.
As was standard practice IT was given a heads up with a time. His manager would call him into his office at X time and by the time he left that meeting he'd be locked out of his computer and all his accounts.
Well his manager decided there was no point waiting and he might as well just do it, so several hours before the appointed time, he did. The analyst asked if he could get some personal files off his laptop, the manager agreed, and the analyst proceeded to delete everything he had ever worked on, from SharePoint and every PowerBI report he could including emptying the recycle bin, with his (now ex) manager sitting across the table from him.
Needless to say I got a very excited call from our management. Only nice thing I will ever say about SharePoint, once I worked out it was a thing recovering everything from the second stage recycle bin was pretty easy. I then pulled audit logs showing him deleting everything and let management know I had them anytime they wanted to pursue legal action.
The day I left the company those audit logs were still on my desktop never having been requested.
Maybe not quite "getting away with it" in that I was able to undo the damage, but pretty brazen and to my knowledge never faced any consequences.
I heard of a vaguely related story. A team left a big investment bank, and stole some software along the way. The bank realized 6 months later, but decided to not prosecute. They concluded it would make them look too bad that a team managed to steal all this software and not be caught; bad to their investors, bad to other employees. So that was that.
Whether it's true is of course a whole different question.
One time, allegedly, a biz person attempted to bring valuable IP to their employer's competitor, including by exfiltrating files.
I can't say the most interesting/illuminating part, since that would point to the company, but I can say:
(1) I believe that the alleged defector-thief was going to be legally made to deeply regret that mistake; and
(2) for the company's future operations, there was a rush to show diligent security that would prevent this from happening again (and you can guess how well-reasoned the actual measures were, but reality was even worse than your guess).
Everybody loses.
Incidentally, I suspect that the company learned of the IP theft from the competitor, rather than from their own IT dept. (I'm sure many biz people are willing to poach from a competitor while expecting to benefit from arguably proprietary information that comes along in the defector's head. But I suspect that even many of those, if the defector started to whip out documents or other artifacts, would suddenly become furious paragons of righteousness, and smack that person clear out the door, while establishing a paper trail that their company wasn't exposed to the information.)
Oof that spreadsheet story is like a glazier breaking windows, quite a way to make yourself indispensable!
I had to bring in a forensic IT expert after terminating someone who twice claimed twice he "might know a way" to read folks' email with no traces in the logs. He had previously mentioned a deadman-switch type setup, but in more of a "wouldn't it be cool" way.
After forensic person found no exploits, the recommendation was to proactively pay the employee a chunk of change with the stipulation that any future hacktivity would be treated as a criminal matter. We didn't do that (employee wasn't smart enough to create an invisible backdoor, or dumb enough to not just walk away).
The bad decisions he made (hiring, vendors, boys' club culture) probably did more damage than malicious code, and it's taken about 2 years to undo it.
Has anyone heard of someone getting away with this?
It seems dumb to me. Someone might feel pettiness impulses when wronged, but grievances are what lawyers are for.
(I did hear a variation on this story, where a programmer had artificially rigged up spreadsheets to fail periodically, so that they had to be brought back in as a consultant firefighter to "fix". IIRC, the story was told by a programmer who'd investigated and discovered what was going on. But this is close to standard operating procedure for a lot of development teams, though: through poor technical and business decisions, by accident or design, you guarantee yourself years of encumbered, time-burning work, to maintain and extend that.)