Jump to content

Recommended Posts

Saw this on digg. Brilliant.

http://blogs.ittoolbox.com/security/inv ... 008976.asp

Geeks Take Down Dirty C-Level Executives

I found this email in my inbox this morning, and had to share it with everyone immediately. In this story, a couple of geeks find out about some dirty activities by their C-level executives and devise a plan to 'air the dirty laundry'.

While I never condone such actions, I have to admit that this geek gets a '10' for ingenuity.

Dear Chief,

Love the case files that you publish. While I am not much of a writer, I wanted to share the following experience I had at a tech startup.

We were a small tech startup with approximately 50 employees. We were all handpicked for our special skills and we bonded together quite nicely. When it became apparent that external and much larger companies were interested in our technology, we started taking venture capital money to grow and we became a 'grow and sell' company. I and every other employee had no ownership in the company, so we were less than elated at this news.

Our CFO was your typical suit asshole. He treated everyone around him like they were beneath him, dressed in thousand dollar suits and drove a Porsche (and resembled a certain boss on 'Office Space' - no kidding!).

I had no idea though just how much of an asshole this guy was until I had to assist our mail server administrator one night at the office.

Our mail server was a really fast linux box running Postfix. For whatever reason, our mail storage partition had completely filled to capacity and Postfix was returning errors to every incoming mail message.

The mail server administrator thought he had been DOS'd, so he wanted me nearby in the event that an investigation was warranted. He had no idea what we were about to find.

We quickly determined that the mail partition was full. A quick 'du' command revealed that one particular user was at fault for the missing disk space: the CFO.

He had tried several times to send out a very large joke video file that was becoming trapped by our anti-virus solution. For whatever reason, the anti-virus solution kept sending him replies over and over again - with the complete message attached.

As we looked through several other suspect messages, we found messages from him to several companies that were inquiring about buying us. These emails were his downfall.

In several emails he outlined a plan where the company assets (intellectual property, equipment, etc) would be sold and transferred to the buying company. The employees "are not a transferable asset, nor are they essential to a successful IP transition. We are prepared to 'trickle' them out in groups during the transition period". In other emails to C-level executives at our company, he repeatedly fought off the CEO and COO desire for compensation packages for employees that had been around for at least one year of employment. The CFO spewed financial nonsense and bull$hit, however he was accurate to the penny on what each executive would receive as compensation. These guys were going to make millions. In a few of the last emails, the CEO and COO caved under the pressure and greed.

I was enraged. We were all about to get fucked and pushed out the door. All of those 80-hour weeks and repeated sacrifices meant nothing. We were about to be thrown out on the street.

The mail admin and I put our heads together, and came up with a delicious plan.

We felt that all of the employees should be privy to the CFO's emails. Hell, they should all see just how much he cares about them.

The mail admin quickly made a few changes to our Postfix configuration:

In /etc/postfix/main.cf he added:

sender_bcc_maps = hash:/etc/postfix/sender_bcc_map

He then created an /etc/postfix/sender_bcc_map file that looked like this:

[email protected] [email protected]

And lastly, we ran "postmap /etc/postfix/sender_bcc_map" and reloaded Postfix with a "postfix reload" command.

For those of you that aren't Postfix gurus (look at those hands!), what we effectively did was tell the mail server to blind-carbon-copy every email that the CFO sends out to the 'allemps' alias that we created. The allemps alias contained no management personnel. =)

This worked out better than we could ever have possibly dreamed.

Remember how I said we were there working late? Well as luck would have it, the CFO was up late at home checking emails and taking care of business (so to speak).

At 11:10PM, the CFO sent the following email, which was BCC'd to all non-management employees.

DATE: Fri, XX XXX 200X 23:10:03

TO: [email protected]@littlepinkgirls.com

FROM: [email protected]

SUBJECT: MY ACCOUNT


This is the second time I have written you about my account 'randyboy' being terminated for non-payment. I have re-entered the credit card number (XXXX-XXXX-XXXX-XXXX), the expiration date (XX-XXXX) and the CVE number (XXX) and it still will not turn my account back on. I have been a customer for several years, and this billing problem is ridiculous. I demand that you activate my account or refund my $39.99 membership fee for the past two months.

Holy crap! Our timing was unreal. Every non-management employee now knew :

1) The CFO was a long-time member of a European pr0n site that featured 17-yo girls in nudie pictures.

2) The CFO's personal credit card number, including expiration date and CVE number

3) The CFO was quite pissed about not having access to the site

He finished off the evening by replying to a couple of companies that were interested in acquiring us, and the emails weren't trimmed at all. Everyone saw the entire conversation from beginning to end. Good thing that the CFO doesn't follow our own e-mail etiquette policy, huh?

Needless to say a flurry of emails occurred between us non-management employees over the weekend. Neither of us admitted to being the instigators, however we're pretty sure everyone figured out it was us.

A few of the more senior non-management employees contacted the board of directors and disclosed a pile of emails that contained conversations between the CEO, COO and CFO on 'back door' compensations for making this deal go through. They were essentially screwing the board (which was compromised mostly of investors!), the employees and everyone else they could find.

The board met in a private meeting, and summarily terminated the employment of all three executives. They had golden parachutes, netting them each a year's salary. However, the acquisition deal didn't go through - and the board appointed new executives that were honest and they have built us into a nice 300-employee self-sustaining company. We have profit-sharing now, and a list of other benefits that would make most Fortune 500 companies jealous.

I'll leave the moral of the story up to the reader.

GoldenEEL *

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...