
Sacked IT guy annihilates 23 of his ex-employer’s AWS servers - kaboro
https://www.mirror.co.uk/news/uk-news/computer-geek-nicknamed-speedy-accused-13893130
======
ccnafr
Source: [https://www.mirror.co.uk/news/uk-news/computer-geek-
nickname...](https://www.mirror.co.uk/news/uk-news/computer-geek-nicknamed-
speedy-accused-13893130)

Sophos is just re-hashing the DM report. I hate blog spam.

~~~
dang
Ok, we changed to that from
[http://nakedsecurity.sophos.com/2019/03/22/sacked-it-guy-
ann...](http://nakedsecurity.sophos.com/2019/03/22/sacked-it-guy-
annihilates-23-of-his-ex-employers-aws-servers/), in keeping with the
guidelines' call for original sources
([https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)).

------
LinuxBender
AWS have services to back up your data. Anything that a human or automation
can touch can be obliterated instantly. This includes your live, staging and
disaster recovery sites.

Important data must be backed up where humans and automation can't remove it.
A vaulting policy / data retention policy is also useful.

~~~
PHGamer
does aws actually have that. everythings an API on aws right? so couldnt
someone just send the delete backup command to whatever backup service aws
has?

~~~
toomuchtodo
You send your backups to another AWS account, that has distinct access
credentials another responsible party holds (separation of duties), and
policies that inhibit the backup source account from deleting or modifying the
backups in the target account.

You should practice restores. You should be able to stand your infra back up
from anywhere with an Internet connection.

~~~
autotune
Data protection account is a good idea, but if your main IT person is
malicious before such an account gets implemented it won’t matter.

~~~
toomuchtodo
Trust but verify. Having a third party audit and provide findings (if you’re
not technically capable as an owner) is cheaper than going out of business.

------
malux85
No 2FA? Totally Incompetent.

~~~
jpomykala
He just used his account ¯\\_(ツ)\\_/¯

