Well, yes, there *was*, on surface reading, an accusatory tone implicating premeditated terrorist tragedy perpetrated by an Indian, a foreigner, brought into broad server admin rights by work-opportunity (presumably) which is too poor to afford hiring from the unemployed locals.

I don't think that's quite what Rich Wargo made it about though. He especially didn't just make it about being "Indian". "Foreign national" was the thrust of the contribution there, but more emphasis (including his comment title) is placed on punishing, firing, ranting at the local government employees that permitted such a condition (as opposed to hating varied opportunities across borders or threatening to root out all the treacherous demons posing as Indian terrorists in this life, bombs, brimstone, etc.). Maybe he's actually saying "of course *way too many a* US citizen would ever do such a thing" by poorly working for government (which may be a *worse* thing to him than being a "foreign national" or "Indian" that ignited you).

Then maybe the word xenophobic is necessarily a little too close to technically hollowing its own meaning by automatically applying to any existent application of xenophobia as itself a mildly derogatory categorization of any categorization that is (at least) mildly derogatory. There's a rabbit-hole.

So are you a "xenophobic moron" for calling someone a "xenophobic moron"? I guess it depends how you look at it.

I'd say probably not, because you brought out a latent sub-text of the thread that is understandably hot && can be awkward to have veiled in non-inflammable gown, but I don't know if you went about it in a way that got your point across much better than just *being* the purple elephant in the room. It could go either way, if my opinion on your "xenophobic moron" score was sufficiently significant to you (or hopefully, more accurately, my explanations && justifications behind any particular scoring might be more significant to you, being about what has been communicated by you && others).

There's my 8-bits byting. L8r.

-Pip

Rich, you really think that of all things, the problem here was that he was Indian? I guess your idea of security is all about checking nationalities, since of course no US citizen would ever do such a thing, right? A xenophobic moron is what you are.

Good grief - this contractor wasn't immediately revoked of all access.. just his "permission" was pulled. Typically expected separation of duties and basic provisioning controls should've prevented this near-miss from even being a possibility- especially after revoking access. This malicious setup would’ve been very bad under normal circumstances- much worst with the entire mortgage industry tipped sideways. Hopefully management is getting after this with improved controls – how about hiring improvements for a starter – to help prevent a next-time.

This Week in Security
http://thisweekinsecurity.blogspot.com

a href="http://thisweekinsecurity.blogspot.com" This Week in Security /a

I hadn't considered the terrorist angle. The contractor probably didn't realize that as one of the largest databases of financial assets and transactions a catastrophic attack on the Fannie Mae systems would be considered a national security threat due to its economic impact. So the consequences may be much worse than if he had just attempted to nuke the computers at some small company. He could potentially do some hard time for this one. What an idiot.

Since this was indeed a key government system, this could be viewed as a premeditated terrorist act, since the bloke was fired for executing an unauthorized script in the first place. The unauthorized script he was fired for executing was probably a dry run for what he intended to do in the first place- a premeditated plan to wipe out the Servers at Freddie Mac. He's not going to make it back to India.....

Goddamn idiot government bureaucrats! Why the hell are they letting a foreign national work on key government systems?

They should fire the dickheads who allowed him into the systems in the first place. Never mind he was working for a contractor; I've been into enough situations where I had to certify my US citizenship before I'd be allowed access, no matter for whom I was working.

...think of all the money they saved on the H1B! Executives - another bonus please. More homeless americans, who cares.

There are a lot of Indians at Freddie Mac...many of them good, but more are clueless.

If this guy is smart he'll be nowhere to be found ...

Even at the small company I use to work at your network access was gone before you were. He could not have wrote and tested all those scripts in one day if so I bet the first one would have crashed with a syntax error!

I am surprised at the level of root access one person was given. Root access to 4000 production servers, including their backup, contingency and monitoring machines, is way too much. Also, a person with this level of access is exactly the type you want to lock out before they are informed of being fired. What were they thinking?

Do ya think he was a wee bit disgruntled at being fired ??

Well, he could always be employed by the US government & sent to kill servers of governments they dont like ;)

If he could code that much in a day, they should have promoted him.

But if it was pre-planned, that's a wee bit different.