Geeks Take Down Dirty C-Level Executives

This is borrowed from a website I found a while back.

Just thought it was a very interesting blog. http://it.toolbox.com/blogs/securitymonkey/geeks-take-down-dirty-clevel-executives-8976

I found this email in my inbox this morning, and had to share it with
everyone immediately. In this story, a couple of geeks find out about
some dirty activities by their C-level executives and devise a plan to
'air the dirty laundry'.While I never condone such actions, I have to
admit that this geek gets a '10' for ingenuity.

IMPORTANT
NOTICE: If you are not a regular reader of the stories and case files
on this site, you may not be aware that ANYTHING posted to my site by
myself or a reader is HIGHLY EDITED before it hits this site. The
reasons are obvious: I don't want the story tracked back to the
original poster. If this offends you that the story has been edited
(like the URL mentioned, names, places, etc), then I'm sorry. In
today's world, people are lawsuit happy. We have to protect ourselves
and our content.

That being said, please read on:



Dear Chief,

Love
the case files that you publish. While I am not much of a writer, I
wanted to share the following experience I had at a tech startup.

We
were a small tech startup with approximately 50 employees. We were all
handpicked for our special skills and we bonded together quite nicely.
When it became apparent that external and much larger companies were
interested in our technology, we started taking venture capital money
to grow and we became a 'grow and sell' company. I and every other
employee had no ownership in the company, so we were less than elated
at this news.

Our CFO was your typical suit a$$hole. He treated
everyone around him like they were beneath him, dressed in thousand
dollar suits and drove a Porsche (and resembled a certain boss on
'Office Space' - no kidding!).

I had no idea though just how
much of an a$$hole this guy was until I had to assist our mail server
administrator one night at the office.

Our mail server was a
really fast linux box running Postfix. For whatever reason, our mail
storage partition had completely filled to capacity and Postfix was
returning errors to every incoming mail message.

The mail server
administrator thought he had been DOS'd, so he wanted me nearby in the
event that an investigation was warranted. He had no idea what we were
about to find.

We quickly determined that the mail partition was
full. A quick 'du' command revealed that one particular user was at
fault for the missing disk space: the CFO.

He had tried several
times to send out a very large joke video file that was becoming
trapped by our anti-virus solution. For whatever reason, the anti-virus
solution kept sending him replies over and over again - with the
complete message attached.

As we looked through several other
suspect messages, we found messages from him to several companies that
were inquiring about buying us. These emails were his downfall.

In
several emails he outlined a plan where the company assets
(intellectual property, equipment, etc) would be sold and transferred
to the buying company. The employees "are not a transferable asset, nor
are they essential to a successful IP transition. We are prepared to
'trickle' them out in groups during the transition period". In other
emails to C-level executives at our company, he repeatedly fought off
the CEO and COO desire for compensation packages for employees that had
been around for at least one year of employment. The CFO spewed
financial nonsense and bull$hit, however he was accurate to the penny
on what each executive would receive as compensation. These guys were
going to make millions. In a few of the last emails, the CEO and COO
caved under the pressure and greed.

I was enraged. We were all
about to get fscked and pushed out the door. All of those 80-hour weeks
and repeated sacrifices meant nothing. We were about to be thrown out
on the street.

The mail admin and I put our heads together, and came up with a delicious plan.

We
felt that all of the employees should be privy to the CFO's emails.
Hell, they should all see just how much he cares about them.

The mail admin quickly made a few changes to our Postfix configuration:


In /etc/postfix/main.cf he added:

sender_bcc_maps = hash:/etc/postfix/sender_bcc_map

He then created an /etc/postfix/sender_bcc_map file that looked like this:

cfo@screwedcompany.com allemps@screwedcompany.com

And lastly, we ran "postmap /etc/postfix/sender_bcc_map" and reloaded Postfix with a "postfix reload" command.



For
those of you that aren't Postfix gurus (look at those hands!), what we
effectively did was tell the mail server to blind-carbon-copy every
email that the CFO sends out to the 'allemps' alias that we created.
The allemps alias contained no management personnel. =)

This worked out better than we could ever have possibly dreamed.

Remember
how I said we were there working late? Well as luck would have it, the
CFO was up late at home checking emails and taking care of business (so
to speak).

At 11:10PM, the CFO sent the following email, which was BCC'd to all non-management employees.

DATE: Fri, XX XXX 200X 23:10:03
TO: billing@littlepinkgirls@littlepinkgirls.com
FROM: cfo@screwedcompany.com
SUBJECT: MY ACCOUNT

This
is the second time I have written you about my account 'randyboy' being
terminated for non-payment. I have re-entered the credit card number
(XXXX-XXXX-XXXX-XXXX), the expiration date (XX-XXXX) and the CVE number
(XXX) and it still will not turn my account back on. I have been a
customer for several years, and this billing problem is ridiculous. I
demand that you activate my account or refund my $39.99 membership fee
for the past two months.


Holy crap! Our timing was unreal. Every non-management employee now knew :

1) The CFO was a long-time member of a European pr0n site that featured 17-yo girls in nudie pictures.
2) The CFO's personal credit card number, including expiration date and CVE number
3) The CFO was quite pissed about not having access to the site

He
finished off the evening by replying to a couple of companies that were
interested in acquiring us, and the emails weren't trimmed at all.
Everyone saw the entire conversation from beginning to end. Good thing
that the CFO doesn't follow our own e-mail etiquette policy, huh?

Needless
to say a flurry of emails occurred between us non-management employees
over the weekend. Neither of us admitted to being the instigators,
however we're pretty sure everyone figured out it was us.

A few
of the more senior non-management employees contacted the board of
directors and disclosed a pile of emails that contained conversations
between the CEO, COO and CFO on 'back door' compensations for making
this deal go through. They were essentially screwing the board (which
was compromised mostly of investors!), the employees and everyone else
they could find.

The board met in a private meeting, and
summarily terminated the employment of all three executives. They had
golden parachutes, netting them each a year's salary. However, the
acquisition deal didn't go through - and the board appointed new
executives that were honest and they have built us into a nice
300-employee self-sustaining company. We have profit-sharing now, and a
list of other benefits that would make most Fortune 500 companies
jealous.

I'll leave the moral of the story up to the reader.

GoldenEEL *



Wow. The power of the geek mind can be... scary.

If you enjoyed this, please DIGG the story here and share with others.

~ Chief