back to article Sacked NCC Group grad trainee emailed 300 coworkers about Kali Linux VM 'playing up'

An NCC Group graduate trainee who emailed 300 coworkers to ask for help with what she deemed to be "unusual" behaviour from her Kali Linux VM; contacted the firm’s incident response team to complain about a faulty laptop; and said the machine had been "deliberately sabotaged", has had her victimisation claim thrown out by an …

  1. Waseem Alkurdi

    Would have expected this from a luser.

    But from a fscking infosec 'consultant'? HACKED YOU SAY?

    Okay, test your own defenses!

    1. Lee D Silver badge

      Re: Would have expected this from a luser.

      You'd think an infosec consultant would be able to install something to, say, monitor login accesses to her computer, or at the very least record footage on the webcam or something.

      Because it would be really hard to go to court when your own evidence basically says "Oops, that happened when I pressed Ctrl-Alt-Delete to logoff not knowing that usually means 'reboot' in Linux", or "Nobody but me ever went near the machine".

    2. LucreLout

      Re: Would have expected this from a luser.

      But from a fscking infosec 'consultant'? HACKED YOU SAY?

      Okay, test your own defenses!

      I've upvoted you because I agree with what you say, however, it may also be fair to reflect on the fact that this was a trainee infosec consultant and so the usual expectations of cabaility may not apply.

    3. Mark 85

      Re: Would have expected this from a luser.

      A certain amount of paranoia should be part of any InfoSec's personality. This does seem a bit intense and overboard on her part. Have an upvote for not testing one's own defenses as this could have part of the probationary process.

  2. Herring`

    I know it's unlikely

    But I have seen one instance of an employee messing with another employees computer in order to mess with their head. This was made easier in an environment where credentials required to just get stuff to run were widely shared.

    But Hanlon's Razor and all that.

    1. Anonymous Coward
      Anonymous Coward

      Re: I know it's unlikely

      I did this year ago with batch scripts etc. Set up a little script that'd copy itself into startup and eject the laptops CD drive every time it booted. The analyst put up with this for two years before wiping the drive and announcing he'd "fixed it".

      I did this purely out of being an immature IT tech who worked in a joke-laden environment where all of us were constantly doing random stuff like this.

      In this instance though I suspect what we have is a post grad out of their depth and using deflection to delay having to do any work. Yes it's impossible to say from what little we know but having worked with many staff over the past 25 years in IT I honestly doubt it's the organisation or anyone malicious - it's too easy to check for the type of access required to pull off this stuff.

      Laptop unlocking itself - chances are the user didn't lock it and when challenged claimed they did..

      Problems with windows - pfft it's windows.. this happens sometimes.

      Being at work for only a few days and annoying someone so much they feel they need to hack you constantly for months.. - unlikely!

      1. MrSuntan
        Thumb Up

        Re: I know it's unlikely

        "I did this year ago with batch scripts etc. Set up a little script that'd copy itself into startup and eject the laptops CD drive every time it booted. "

        I remember doing something very similar in my first IT support job to colleagues using the Back Orifice "remote access tool". Much amusement. Fun times. I then went onto a very lucrative career in penetration testing :)

    2. StripeyMiata

      Re: I know it's unlikely

      Back in the days when wireless mice were rare we stuck a USB receiver in the back of our bosses laptop and every now and again would move his mouse pointer around the screen.

      We got away with it for about 6 months.

      1. Anonymous Coward
        Anonymous Coward

        Re: I know it's unlikely

        I thought that was a mandatory activity when they first came out. We always kept a spare wifi mouse and keyboard just to wind up people who were annoying us. The surprising thing was the range where you could get some mouse movement, as we couldn't see the screen from the other end of the office it didn't even matter that not all mouse movements were received, it was enough just to drive the poor dev we were persecuting crazy. We would wait until a service desk call was placed then one of my desktop colleagues would go and 'fix' the offending pc by removing the transmitter.

      2. jcitron

        Re: I know it's unlikely

        A coworker pranked another in an office I supported with a wireless keyboard and mouse. Periodically words would be changed in emails or documents, and the victim's mouse would move randomly.

        I got a call from both the prankster and the victim and played along with it for a few months. Eventually the victim discovered the wireless dongle when he went to plug in a thumb drive.

      3. baggins84

        Re: I know it's unlikely

        Working in digital forensics a member of my team did this to a new grad. They then told him that it was his mobile phone interfering and that he should put his phone in airplane mode. The poor guy believed him and spent the next however long with his phone in airplane mode. Eventually they confessed to it. The 'victim' had a digital forensics degree. You'd have thought he know better.

    3. Len
      Devil

      Re: I know it's unlikely

      One of my proudest pranks is from the late 90's. The whole office was using Eudora as an email client. There was a 'ping' sound that Eudora would play every time you received an email. The sound was stored in a file called newmail.wav or something along those lines.

      I took the full version of Frank Zappa's Peaches En Regalia, downsampled it to an 8 bit mono wav file to make it not too resource heavy and replaced the original newmail.wav with my version. Now, every time he would receive a new email, he would be treated to the full minutes long track. Every. Single. Time.

      1. jelabarre59

        Re: I know it's unlikely

        Now, every time he would receive a new email, he would be treated to the full minutes long track. Every. Single. Time.

        Now you just have their browser automatically load up the caramelldansen 10 hour swedish loop video.

    4. swm

      Re: I know it's unlikely

      I once hired a co-op and one day she came to me and said that there was something wrong with her X-terminal. I went and looked and saw a small rectangle in the upper left corner of the screen. Every 30 seconds a flying saucer would be launched from this box and chase down the cursor. When it caught the cursor, it would drag the cursor back to its base. You could evade the flying saucer because it was slow but until it succeeded in dragging the cursor back to its base the flying saucer continued to harass you.

      I laughed and looked around and spotted some smirking co-ops - I told them to to turn off their fun prank. The X protocols weren't very secure in those days.

      1. Ilsa Loving

        Re: I know it's unlikely

        At our university we had a lab of xterms, and they were properly secured. However, sometimes people would walk away and leave their terminals unlocked. Occasionally someone would go there and add the necessary commands to disable security, and then when the victim came back and started working again, suddenly their cursor would get attacked by a large herd of kittens because someone fork-bombed neko on their terminal.

        Fun times!

    5. Dr Dan Holdsworth

      Re: I know it's unlikely

      To be honest, this sounds like a small amount of prankster stuff, and quite a lot more Dell hardware being a bit crap. Add in a luser who is paranoid and hey presto, said luser goes into ultra-defensive mode and tries to attack the employer for not having protected her.

      A more mentally robust person would have either tried to discover the prankster and returned the favour, or else simply fired off pranks randomly in the hope of hitting the original joker by accident. Do enough of this and the entire group will get a local reputation as a bunch of "work hard, play harder" lunatics whom nobody wants to mess around with.

      I am however surprised that the base OS was Windows for all of this. Yes, it is the corporate OS of choice, but surely a security consultant would want to start off by securing the hardware and base OS and about the only thing that'll do that is an old-school Linux such as RHEL or similar. The thing here is that the firewall can be very precisely controlled, and SELinux can also be used (although mainly to generate grey hairs on the head of the operator).

      If the base Linux OS worked OK, then I would blame the Kali Linux underlying it. I don't have much experience with Kali Linux, but I would imagine that it isn't going to be very stable if used aggressively; but surely then this is the point of using virtual instances of Linux? Set up a stable VM, snapshot it and play around with the snapshot, then when something goes wrong you reinstate the known-good original.

      1. Anonymous Coward
        Anonymous Coward

        'Security' people using MSDOS is simply mad.

        The company should be considering whether they might just give up pretending and admit they know nothing about security.

        Microsoft software is the virus. If you have to investigate it, you need to use something vaguely reliable, like linux.

        1. Snorlax Silver badge
          Facepalm

          Re: 'Security' people using MSDOS is simply mad.

          "'Security' people using MSDOS is simply mad."

          MSDOS?

          1. Adrian 4

            Re: 'Security' people using MSDOS is simply mad.

            Read TFA.

            Apparently they run Kali in a VM under a tarted-up version of MSDOS known as Windows.

            Weird way to do it. You'd have thought they'd put the VMs in the stable system and make the unstable office-tools virus-bait system a guest, but no.

            1. jelabarre59

              Re: 'Security' people using MSDOS is simply mad.

              Weird way to do it. You'd have thought they'd put the VMs in the stable system and make the unstable office-tools virus-bait system a guest, but no.

              What better way to learn about application/OS insecurity than to be forced to use an insecure OS?

    6. Anonymous Coward
      Anonymous Coward

      Re: I know it's unlikely

      I have to agree; there's suggestion of "gaslighting" (named after a 1943's B&W movie) - a practice of inducing temporary mental breakdown - the allegation of a DVD drawer opening randomly can be the act of another using a network command suggesting deliberate interference was at play.

      As a student in a company of highly trained security professionals she had no chance against lay judgement in this domain. I therefore disagree with comments here suggesting she can equip herself with evidence capturing tech (I would do it as an experienced professional and have instructed it in my professional capacity) but it would breach her employment if caught installing devices to prove her case. Any software products may have interfered with her research results.

      Essentially mentoring failed her as did her employer: she should have left the company (grossly unfair as that is), in my experience (professionally and as a former victim myself) one must know when to walk away, learn from experience and understand that what doesn't kill you makes you stronger.

      I believe NCC shares fault and didn't protect their employee from herself and her environment.

      The Register headlining the fact she emailed 300 employees is further vilification of a victim to increase readership.

  3. Voland's right hand Silver badge

    Neither

    "could be caused by either faulty hardware, the unreliable installation of software, or software conflicts,"

    Neither. Just standard issue with new DELL laptops circa 2016. The new Intel CPUs Dell put in at the time were triggering latent races in a lot of different software.

    We had a race in our java based stuff which I could never ever trigger on anything else and was not triggered for years on anything from a small single core to multi-core monsters either bare metal or virtualized. The new 2016 edition HELL laptops were triggering it with 50% probability.

    I bet that some piece of software she was using had a similar latent race.

    She is born to be a security professional by the look of it though. She immediately blamed it on an intrusion. Paranoia reigns supreme...

    1. Michael H.F. Wilkinson Silver badge

      Re: Neither

      Would that be security professional or security consultant? In my book the former actually diagnose and deal with real issues, whereas the latter know the right buzzwords, and get paid more if they can increase the hours they can declare whenever they scream intrusion!!!!. I suspect the plaintiff would be ideal for the latter category.

      The alternative explanation would be that someone in system and networks at admin level is called Simon

    2. ibmalone

      Re: Neither

      Neither. Just standard issue with new DELL laptops circa 2016. The new Intel CPUs Dell put in at the time were triggering latent races in a lot of different software.

      That actually sounds like quite a useful thing to have around for testing :)

      (if a pretty irritating thing for anything else)

  4. DropBear

    To be fair, I have zero confidence "motherboard failure" was anything other than a default "we have no idea what your problem is" response, and I have to agree "reinstall Windows" is a completely inappropriate "solution" to any problem, let alone against self-unlocking (if that really happened). I'm not saying her claims have merit (and she probably did indeed handle everything as poorly as possible), but the whole thing sounds much more fishy than NCC tries to make it look. I'm not convinced there wasn't _something_ going on we have no idea about.

    1. Anonymous Coward
      Anonymous Coward

      Pentesters manage the security of their own machines to an extent. She probably told IT that she thought her machine was infected, so they said "well you should probably nuke it and start again, then." The IT helpdesk are not security savvy and usually know less than the consultants calling them for help.

    2. Waseem Alkurdi

      and I have to agree "reinstall Windows" is a completely inappropriate "solution" to any problem, let alone against self-unlocking

      If the machine was compromised, a Windows reinstall *is* a good start.

      1. kirk_augustin@yahoo.com

        No its not. Reinstalling windows will not at all take care of any root virus, corrupted registry, malware device driver, etc. In fact, it won't really do anything. You have to reformat the drive and reload an image of the bios and bootup you want to start with. Even CMOS can easily have been reflashed, depending on the type of machine.

        Obviously the company was not helping her at all, and it was all their responisibility.

        They should have just given her an entirely different machine that was from a stock image.

        There is no way she could have fixed things on her own.

        The company was totally and completely negligent.

        1. Waseem Alkurdi

          Reinstalling windows will not at all take care of any root virus, corrupted registry, malware device driver, etc.

          Are you sure you are qualified to operate a computer?

          And what the heck is a fucking root virus?

          1. ds6 Silver badge
            Boffin

            Warning: Technobabble

            "There is no way she could have fixed things on her own."

            Based on her conduct, yes, there's no way in high hell she could have fixed it.

            I mean, she would have to reflash the CMOS battery to uncorrupt the bootup registry and translocate the root virus to null space outside of the BIOS SRAM, and that is a very difficult process that only IT can solve. Shame on them for not helping a poor defenseless lady about the perils of a root virus in her malware device driver!

    3. hellwig

      re: "reinstall Windows"

      I have to agree "reinstall Windows" is a completely inappropriate "solution" to any problem,

      Phone tech support for Alienware (before they were Dell) once told me to reinstall windows to try to fix the horrible squeeling noise my CD-drive was making whenever I burned a disk. I straight up asked for a different support person, wasn't even going to entertain that crap when all I really needed was a replacement drive sent to me.

  5. Adrian 4

    hardware problem ?

    Individual, specific files being deleted is a 'hardware problem' ?

    Yes, that sounds like help desk advice all right.

    Did she turn it off and on again ?

    It would be interesting to know the real facts. Unfortunately neither the protagonists nor the reporter seem to have much interest in providing them.

    1. Spazturtle Silver badge

      Re: hardware problem ?

      "Individual, specific files being deleted is a 'hardware problem' ?"

      That sounds exactly like what a faulty HDD or SSD does. Bad RAM or a faulty SATA controller can also cause write holes.

      If individual files are vanishing after some basic software troubleshooting I would start testing the hardware.

      1. Adrian 4

        Re: hardware problem ?

        Bad sectors (or their equivalent) don't lose files cleanly. They create read errors, invalid filesystems, automatic bad-block replacement strategies etc. If you think the files are just written to the disc like parcels in a sack, you need to do some background reading.

    2. Jon 37

      Re: hardware problem ?

      The specific files that were deleted were her malware folder. (She was an IT Security worker, so had legitimate reasons for having samples of known malware).

      That sounds like she had anti-virus installed and it did a scheduled scan. If she didn't configure the anti-virus to exclude the folder of known malware, then the anti-virus would do what it was designed to do and delete the malware.

      1. Anonymous Coward
        Anonymous Coward

        Re: hardware problem ?

        And then... there is the extreme overreaction by most malware tools when it finds out you are using something like the Nirsoft tools.You learn the hard way to create a nice directory for all your real sysadmin tools and whitelist it in your malware checkers. Don't forget to do so on the stick(s) or drive(s) that you keep your master copies on.

        1. jcitron

          Re: hardware problem ?

          Yup. Excellent advice which I had to remember to do after I reimaged my laptop. Like most days in my life I get interrupted a gazillion times, came back and put in my tools thumb drive, then watched as my AV software decided I had naughty bits on it and wiped the stick for me.

      2. kirk_augustin@yahoo.com

        Re: hardware problem ?

        Not without leaving a track record.

        The whole point of anti-virus is they want to advertise on how useful they were in eliminating threats.

        They NEVER delete anything without bragging about it.

  6. Anonymous Coward
    Anonymous Coward

    The issue with Kali turned out to be the way she locked her laptop. Whilst the Kali VM was in focus, she would press Ctrl+Alt+Del and then *click* on Lock this computer from the full screen menu. Of course Ctrl+Alt+Del was still sent to the Kali VM, which triggered a timer for a reboot.

    1. defiler

      Done that on a live server before. Immediately followed by the words "aww shit."

      Luckily it was a web server, was back up within a minute, and there were no complaints. It gave me a stern reminder to watch what the hell I'm doing, though!

  7. Chris Evans

    Article unclear!

    In this context what does "protected disclosures' and 'suffered detriments" mean?

    1. granfalloon

      Re: Article unclear!

      In this context it relates to an employee's right not to suffer detriment (i.e. to be victimised by their employer) because they have made a 'protected' disclosure within the meaning of the Public Interest Disclosure Act (1998 as variously amended) - put simply 'whistle-blowing'. What actually constitutes a 'protected disclosure' is quite complex.

    2. Robert Carnegie Silver badge

      Re: Article unclear!

      "Protected disclosure" means whistle-blowing, going public, on the company or colleagues misbehaving. Or laptops, possibly. "Demerits" means being punished for whistle-blowing. HTH

    3. LucreLout

      Re: Article unclear!

      In this context what does "protected disclosures' and 'suffered detriments" mean?

      Protected disclosure is a legal term with specific meaning, as is suffered detriments. I'll not paraphrase the facts as IANAL and may lead you astray. Terms may be found below:

      https://uk.practicallaw.thomsonreuters.com/8-200-3427

      https://legal-dictionary.thefreedictionary.com/detriment

      Hope that helps.

    4. Doctor Syntax Silver badge

      Re: Article unclear!

      If you go pack to the article, just after the mention of "protected disclosures' and 'suffered detriments" there are a couple of links labelled "here" and "here". Follow those and it will be explained.

  8. Giovani Tapini

    they should have simply swapped out the laptop

    If it was a prank, bullying may have had some credibility... It does not sound like that was the case though. I know that helldesks often try to keep people offline for a day or so while they replace a drive which can make people rage temporarily.

    If indeed she was supposed to be working on security related stuff they probably should be assuming the device has been compromised anyway, not just faffing with re-installs.

    Sounds like a combination of helldesk processes being flawed along with a grumpy trainee

    1. Waseem Alkurdi

      Re: they should have simply swapped out the laptop

      they probably should be assuming the device has been compromised anyway,

      It's (presumably) compromised. Now what? Throw it away?

      Sensible reaction is to reinstall the OS, reflash a known good EFI firmware, then audit the device for any strange network behavior.

      1. kirk_augustin@yahoo.com

        Re: they should have simply swapped out the laptop

        Of course they don't have to throw away the laptop, but they should not be expecting a trainee to have access to the boot image they use as standard start up, and she would not have a copy of Windows, the necessary device drivers, the UEFI (it has not been EFI for over a decade) image, etc.

        Clearly it is ITs responsibility, NOT an intern.

        1. Waseem Alkurdi

          Re: they should have simply swapped out the laptop

          A trainee in IT. Had I been working in IT, I would expect the company laptop's image to be provided as standard with the laptop itself, or at least make it available to all IT employees.

          Not without disadvantages though, but important IMO.

    2. Bitsminer Silver badge

      Re: they should have simply swapped out the laptop

      Er, s/laptop/lusr/g

      FTFY

      (Turns out they did after all).

  9. mark l 2 Silver badge

    From my experience of working on a large helpdesk the suggestion of "Have you tried reinstalling Windows?" was the go to option some techs used when they wanted to get the person of the phone because either, the support person had no idea what the problem was, or because they knew it would take a few hours to reinstall Windows and by the time they phoned back their shift would have ended and it would be someone else dealing with it.

    Other similar time wasting options were telling the person to run chkdsk or defrag and then call back when it had finished.

  10. Anonymous Coward
    Anonymous Coward

    I have had odd things happening on my laptop since the first week.

    That could be *any* Windows user .....

  11. Rob

    Sounds like...

    ... she knew that as soon as she produced anything in that role the gig would be up and they would know she was a fraud.

    The hole looks like it kept getting bigger and bigger until she ended up in a tribunal as there was nowhere else to go with the lie.

    The alternative is that she was just plain bats$@t crazy.

    1. kirk_augustin@yahoo.com

      Re: Sounds like...

      That is just stupid.

      No company should be expecting people to work on laptops instead of desktops anyway, and when something goes wrong with a computer, it should NEVER be up to the new trainee to fix it.

      That is the responsibility of IT.

      The fact IT refused, means it is the fault of the company.

      1. TechDrone

        Re: Sounds like...

        If you're messing around with Kali then you should have some clue about OS matters and be able to at least research problems. If you're a graduate trainee then you really should be able use google. Or maybe even use the index at a back of a manual if they teach such old skool skills these days.

        And I don't know about you but I would not expect somebody destined for a consulting role to be lugging a desktop PC around - that really would be grounds for complaints about unreasonable behaviour.

  12. Snarf Junky

    Probably sits at home...

    ...with a hat made from tin foil to stop the mind probes.

    1. Paul Crawford Silver badge
      Gimp

      Re: Probably sits at home...

      Mind probes? That is not the sort of probing I suffer from at home =>

  13. hellwig

    Shares Dissapearing, Software Uninstalling, Authentication Issues...

    So, I see they're running McAfee.

  14. PieHoleDepravity

    How this person got past HR would no doubt have come up. Shame we didn't get to hear that.

    1. Anonymous Coward
      Anonymous Coward

      Easy: HR ended up being on the Board! And being on the board, they need a budget to match their position and to get that budget, one needs to have Processes.

      Thus we have this huge recruitment pipelines these days with Recruitment Consultants, DiSC tests (voodoo @150 EUR a pop in licensing fees), The Video Presentation with "AI" digesting facial expressions*, Local HR reading CV's with nothing they'd understand in there ...

      After maybe 3 months, Then "we" get to see maybe 5 candidates, and since "we" (since the whole circus goes on our PCC-code) have now invested about 15 kEUR in those 5 dregs-o-the-barrel it is kinda hard to say "None of the Above, do it Again!".

      In the bad old days, *we* would read the CV's and interview someone, then maybe after a few months they turn out to be no good, we would fire them again. Doing that was easier because of course with less "preparatory work" it is acceptable to make a mistake or two as one as one corrects it

      *) I suspect many of the good candidates drop out at the Video Thing because they are fed up being dragged around by now and there are other jobs to have.

      1. Alien8n

        Board HR

        I find Board level HR people tend to not know their responsibilities. Had one job where they were making redundancies, Cue the following:

        Called in and told we were all at risk of redundancy.

        Told if I didn't take job B then job A would be redundant.

        Started looking for another job.

        Started job B.

        3 weeks later offered a job elsewhere.

        Handed notice in, and informed them that under the ACAS Handling regulations I was entitled to redundancy.

        HR refuses, saying I was never under redundancy.

        Legal advice received (just happens one friend of the family was a specialist in company law and the other is an Old Bailey judge).

        HR still stonewalling.

        Factory Director and HR Director overheard on shop floor:

        "He's saying he'll take it to tribunal."

        "He'll never do it, ignore him and he'll go away."

        At which point a friend of mine chimed in with "you really don't know him very well do you."

        2 weeks later I had a cheque for my redundancy payment in my hand. Bastards still refused to pay the full amount, apparently the "bonus" was only for floor staff and not office staff. They put a clause in the redundancy payment stating that the payment was null and void if discussed with any other member of staff. Totally illegal, but enough to stop any of the other engineers admitting what they got. I got the last laugh though, as I was now officially redundant it meant I was no longer liable for any training fees. As the training fees were more than the redundancy I took that as a win.

        Seems a lot of HR drones forget that part of their job is to also protect the employees from the company. As soon as they reach the Board they seem willing to break the law providing it means their bonus at the end of the year is protected.

  15. Version 1.0 Silver badge

    Clearly a messup

    But it's not clear where - if she'd been working for me then I'd have asked her to stop emailing everyone and I'd have given her a new laptop with the suggestion that she tries a new installation and see if the problem reoccurs. Offhand I'm wondering if this was a VM conflict somewhere, but it sounds like nobody at the company was very interested in figuring it out - that's the scary point, could be every machine at NCC Group is hacked.

    1. kirk_augustin@yahoo.com

      Re: Clearly a messup

      Exactly.

      Everyone at the whole company did have in interest in ensuring the company was not compromised, but it was the responsibility of her boss and IT to at least ensure she had a good machine to work with.

      Things should have been dealt with very early on.

      The fact no one helped her, makes them all suspect.

    2. Intractable Potsherd

      Re: Clearly a messup

      I agree. On the basis of the report here, the employer doesn't sound very supportive, and, to my mind, the Tribunal should have picked up on that. I can see an appeal being lodged fairly quickly.

      1. Intractable Potsherd

        Re: Clearly a messup

        Replying to my own post - I've just read the case report, and the employer is clearly in breach of the Equality Act with respect to disability.

        In a properly supportive environment, Ms Hoang sounds like the sort of diligent, methodical, and tenacious person who would do really well in infosec - I wish her well for the future.

  16. Anonymous Coward
    Anonymous Coward

    problems "could be caused by either

    Plain English: fuck off, first warning.

    p.s. Welcome to the wonderful world of REAL workplace, v. photoshopped images of immaculate males/females feigning attention and intelligent thoughts, while leaning over their shiny-shiny, in the likewise photoshopped "office environment".

  17. Anonymous Coward
    Anonymous Coward

    IT helpdesk's suggestion of reinstalling Windows

    er... WHAT?!

  18. Anonymous Coward
    Anonymous Coward

    computers develop hardware faults

    in which case... DIY - first course of action in a corp environment :)

  19. Anonymous Coward
    Anonymous Coward

    It's not really about the laptop.

    I've read the court judgement, all 32 pages of it.

    I am not a psychologist, but I'm guessing that the poor woman has Asperger's syndrome, and her whole experience at the company was one long, slow meltdown triggered by something that happened right at the start. It may or may not have been the laptop not being ready on day one; it may have been the noisy office and/or the cold air conditioning (see page 12, section 34) which caused her to 'decide to move seats' - indicating that she'd complained and been ignored or not taken seriously by her manager, and had decided to act unilaterally.

    Stuff like this is usually just a minor irritation to a neurotypical, but a classic trigger for an aspie. Whatever it was, it all just ballooned from there out of control, ending up at a tribunal with her manager as the focal point of blame.

    You'd think a tech company - particularly one in the business of infosec - would know enough about autism to spot the aspie at interview stage, and at least be able to understand the triggers and manage them (note: I didn't say 'give in to them').

    1. canthinkofagoodname

      Re: It's not really about the laptop.

      Interesting point, particularly when a good portion (my experience, don't have any data to support claim) of folk working in IT (security or otherwise), if not clinically diagnosed, do show at least some of the behavioral characteristics of someone on the spectrum.

      I think assuming NCC would know is a bit of a stretch though. In my last job we had a team of high functioning autists come to work with us; goal of the group who organised it was to help people who are on the spectrum to find and keep work (good cause IMO). Before the group came to the workplace though we had their 'handlers', for lack of a better term, come in to brief us on some of the unique challenges that people on the spectrum, and the people who manage them face.

      Turns out that individual managers, and the companies they work for, not knowing how to identify and successfully manage / utilise people on the spectrum is fairly common. That stretches beyond IT though too. I dare say most courses or management programs don't have dedicated learning outcomes for managing people on the spectrum, and if people in management/HR/Recruitment positions have no training or experience in identifying or managing people like that, can't really blame them for getting it wrong either.

      As you said, we don't know if this woman has aspergers or some other "on the spectrum" condition, but if she does and NCC didn't manage her well, that would be a fairly typical sort of story.

    2. Anonymous Coward
      Anonymous Coward

      Re: It's not really about the laptop.

      "You'd think a tech company - particularly one in the business of infosec - would know enough about autism to spot the aspie at interview stage, and at least be able to understand the triggers and manage them (note: I didn't say 'give in to them')."

      You are 100% spot on.

      I work with a text book Asperger's genius - effing incredible brain in one of the smartest people I have ever met. Once we had worked out what the "problem" was, then recognised what his triggers were and how to avoid them, life became instantly easier for everybody.

      Now work is so much less stressful for him and everyone else.

      You are also spot on about "giving in". ;-)

    3. Hazmoid

      Re: It's not really about the laptop.

      Thank you for recognising the problems to be had by people on the spectrum. My son is a great example of an ASD person who is very good at the technical stuff but can lose it at the smallest irritation. Many managers have so many calls on their time that using kid gloves to handle one special person can be overwhelming, even if they do have some training. There are many undiagnosed ASD people out there, who are usually written off as unusual or quirky, but usually they fit right in with all us other misfits in the IT department.

    4. kirk_augustin@yahoo.com

      Re: It's not really about the laptop.

      That is stupid.

      Of course it is about the laptop.

      No one can work on a malfunctioning machine.

      Happens frequently, and the solutions are routine.

      The fact the whole company refused to take any responsibility is insane.

      There is no way a trainee can deal with bad hardware themselves.

  20. kirk_augustin@yahoo.com

    The ruling was obviously really, really stupid.

    While it is possible for a laptop motherboard to go bad like this, it is not only extremely rare, the company is at fault for only providing a single laptop in the first place.

    Laptops are notoriously unreliable compared to a desktop,and it is incredibly cruel to for an intern to work on a single defective machine.

    It should have been trivial for the IT department to notice the hardware failure and to suggest a different machine, at least providing a loaner.

    I have never heard of any company being so incompetent and insensitive.

    To terminate a person over them not being able to work in defective hardware, is just sadistic to the extreme.

  21. Norman Nescio Silver badge

    Replacement laptop

    NCC sounds large enough for them to have the strategy/policy of suspected hardware problems being dealt with by issuing a replacement laptop from the pool of spare laptops held by IT with a fresh new image on its hard drive / SSD. If the problem is resolved, it was hardware. If the problem continues, you have eliminated the hardware (unless, of course it is a common cpu / other hardware bug that only this user's workload triggers).

    In my case, when in the past I was subject to the rigours of IT support, if this ever happened, it would be a real pain, as I had opted out of IT support (which was possible with manager's approval) - so *any* problem reported to IT would result in an offer of a re-imaged laptop or nothing. It meant I could set up my own machine as I saw fit (within limits), but had to support myself, and I was as good at searching on the Internet as IT were for whatever Microsoft patch or registry setting or arcane software configuration needed to be set . In fact, I had a considerably greater incentive to find the fix to avoid a hardware swap-out and a re-imaged system.

    It meant I put my own DRAM into 'my' laptop, considerably improving performance, and replaced the fan (which required complete disassembly of the machine) when the original gave up the ghost. Thankfully, the BIOS wasn't locked, so I could boot off a USB stick and run up Linux (this was before the ubiquity of workable VMs), and PortableApps were a godsend* - I could debork, using OpenOffice (the LibreOffice fork hadn't happened then), the vast Word documents generated by my colleagues which would corrupt themselves shortly before the deadline of issuing an RFP response.

    It's sad that it is not easy to get quickly to the root cause of many problems associated with Microsoft software, but I can well understand that it is not worth an IT department's time to do a full forensic diagnosis for each and every odd user experience. It is far, far easier to offer a drive re-image, or a PC swapout, and usually faster than a fault-finding session if you have a pile of spare PCs ready to go. You can then spend the time on the users that come back with the same problem after a hardware and software swap-out, or servers, where a drive re-image is more complicated due to needing to re-set-up complex application software.

    *I have no connection other than being a satisfied user. YMMV. Use of such things might be forbidden by your IT / Data Security policy.

  22. Anonymous Coward
    Anonymous Coward

    Support for technical / Infosec team members

    One of the challenges of managing technical teams is that the corporate support teams known less than your team members. Pursuing the Service Desk route is just a waste of time, getting a new laptop of the same model installing all the same software to the same configuration will likely result in the same outcome a week later.

    When you do get the complex issues like this there are normally a couple of guru's in the team who need to be recruited to help.

    Unfortunately these are also normally the prickliest, scariest team members who interns and grad trainees are just too scared to approach directly. They also don't respond well to being directed to help new starters as they feel it's a waste of their skills and they often believe that letting Darwin thin out the newbies is a good idea.

    I used to finds that I would have to sit down with the guru over a beer / coffee to get them warmed up then take the trainee somewhere safe to explain that they had to approach the guru direct but that help and a learning experience would be theirs for the taking. that also included how to approach this particular person, most want the trainee to sit in worship while the foo is exercised but whilst some want and expect questions other require silent adoration. Even then sometimes things would end in tears, especially on the few occasions where a trainee dumped the 'broken' laptop' on the guru's desk and went home.

    The draw back to this approach is that it take time and needs a personal relationship between the manager, tech guru and grad trainee, if they are new to the organisation ans sit in a grad pool rather than the team this can be extremely difficult to manage.

    1. Helldesk Dogsbody

      Re: Support for technical / Infosec team members

      Yes and no. Pursuing the Service Desk route as a first point of contact is always the "correct" response in a corporate environment. Why? It gets the matter on record, date and time stamped and in the system. There will always be exceptions to the rule but it still needs to be the default action. At that point a properly run Service Desk will manage the call and chase up either the tech team or customer as required. Please note my use of the words "properly run" here. That's the ideal but we know it isn't often the reality.

      As a former Service Desk then support team bod I had more than my share of new starters, they aren't a waste of time or even begrudged that often. Just the ones where you receive notification at 4 PM on Friday that they start 9 AM Monday. Oddly enough this was most often from those who ought to know better, e.g. IT. As long as the actual requirements are detailed properly it's a non issue, the end user was required to sign off on the build after the first 14 days to confirm that they had what was required and anything extra in that time was just added in.

      Part of the established process was to educate the new user on initial contact protocol, everything goes through the Service Desk without exception. It might get copied in to a tech if it was via email but that wasn't guaranteed to be seen by said tech if an incident ocurred, it also ensured that the call would be picked up by someone should the tech be unavailable. I just used to point out that I usually had 2K+ emails daily, the odds of one being missed were rather high so to always raise a ticket or cc our Service Desk to make sure tickets were created and updated correctly.

  23. Iamthedoc

    Sounds familiar

    I've recently had to investigate / respond to a 135 page grievance raised by someone who sounded similar to this person.

    When I asked him what result he was actually wanting, the reply was that we should sack all colleagues he did not like (ie. most of them)

  24. elvisimprsntr

    A classic prank to play on someone who forgets to screen lock their computer before walking away was to:

    1. Take a screen cap of the desktop

    2. Replace the background image with the screen cap

    3. Move all the desktop icons off screen and hide the task bar.

    Then wait for the comedy to ensue when the individual exclaims none of the menus/icons worked. It was even more hilarious when even IT was stumped.

    1. Anonymous Coward
      Anonymous Coward

      I fell victim of this during an internship one summer. It was more humiliating than anything else, especially given that the perpetrator was my then line manager, a prize "appendage" who couldn't complete literally a single sentence without some kind of foul language or being unnecessarily rude.

      I was there for six months and he was personally responsible for two resignations in that time. Recently looked him up on LinkedIn and he's still there while literally everyone else I sat with - 15-20 people - now work elsewhere.

  25. freecode99

    old tricks

    Worked at an antivrius company back in the 90's and we would send the newbie the file "rabbit.exe" to test to see if they would open it. It would turn up the speaker and shout "Hey everybody, look at me! I looking at porn over here!" Much amusement was had at the expense of the quickly learning colleague. We also had an online patrol searching through the news groups back in the day for new viruses, worms and trojans. Used to tell them they had a rough time looking at porn all night.

  26. rmstock

    Oracle VirtualBox

    The same NCC trainee should be given the opportunity to do the exercise again using a VBox image , the favorite version of Kali Linux used by Pro's from Eastern Europe, Middle and Far East :

    Kali Vbox downloads : https://i.imgur.com/NvIn5FA.png

    Kali iso downloads : https://i.imgur.com/XVK9DEk.png

  27. Electric Panda

    The VM issues sound like misconfiguration and technical incompetence, something which she could easily have sorted out by asking around and taking the advice she was given. The other laptop issues might well have been related to iffy hardware; again, something NCC should - and apparently did - make some effort to resolve.

    It just sounds to me like she was considered a combination of "trouble" and "lost cause". She wasn't playing ball with the graduate scheme and its expectations, she wasn't meeting the required standards, she was perhaps being insubordinate and less than professional. None of this bodes well for a potential "security consultant" whom, like all other consultants, need to be able to work well with people and perform to a high standard and produce high quality deliverables for their clients. And all of this can easily lead to exasperation on the part of other staff who would then, for want of a better expression, just give up on her.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like