Taught a lesson to my idiot boss who tried to get credit and promotion for a software I made and fired me over it
I was working in a finance company last year. One day, I propose to my manager that since I have a computer programming background, I know that for that manual job XYZ, automation can be done using some new tech and it'll reduce 500 man hours per week. He also has some tech background, so he says it hasn't been done because it can't be done and behaved with condescension.
I, being bullheaded and with shit to prove (and CV to build), developed it on my own, in my own time, on my home computer, then compiled it into a binary (single executable file without code) and gave it to him. He got permission from IT department to run it on his computer and was utterly sure that it won't work and he would get to laugh at me, but it did.
Even though the software works, idiot manager took it as an insult somehow and banned me from using it, giving some inane reason that doing it manually was much more effective, which was a bummer because it was working beautifully.
Fast forward a quarter or so, my manager was hard pressed for some brownie points during appraisal, so in "Examples of showing initiative" he used my software, but without mentioning me. Some super senior manager took notice and gave him a promotion and a raise.
Now instead of being a sensible guy and coming clean to get code from me, he calls me in his cabin, behaves rudely and says that I need to submit the code for that software, I asked him why ? You had said we won't be using it ? He's like, either you submit the code or you'll be fired.
I was already fed up of being treated like shit by this shitstain, just because he was somehow jealous. So I said fuck off, I won't submit the code, I know enough law to know that you can't sue me and I resign.
I came to know later through my colleagues that this is what he must've wanted, so that he could take the entire credit himself without dispute.
Little did he know, there was a malicious code module hidden in that executable file, which checked for a 1 or 0 on a remote github repository everytime it was run, if 1 or no network, do everything as required, but if a 0 is received, that's emergency signal.
I added that little code because his behaviour was very shitty to begin with and I didn't trust him, I was planning to remove it after its official implementation, which never happened. So I went ahead and changed that 1 to 0 after I was fired, to ensure no one used it without my permission.
Although he couldn't get the code, he did have the executable file and I was also not in the company anymore, so in his arrogance, he called a meeting with his boss, his colleagues and my whole team, to show them a demo of this awesome software "he had made" (he was using it on his laptop everyday without my knowledge)
But today the 1 was 0, so as soon as he pressed Enter, nothing happened, pressed enter again, nada.
Suddenly his laptop was frozen and nothing was working anymore.
It took him a while to realize something fishy was going on and then he took out the laptop battery to switch it off. By then, all the word, excel and PowerPoint files were encrypted and the executable had erased itself out of existence.
I used the same code (without the malicious module), to get a better job at another company, where I'm much more appreciated and the job is also fun, then the whole covid thing happened and now I'm cozily working from my home, my previous colleagues of that shitty company keep telling me that they are being forced to go to office. So somehow it was the best decision I had made accidentally.
That idiot boss's promotion and raise got cancelled because he couldn't produce what he promised. He also got reprimanded for losing a lot of important company data, which he attributed to some unknown virus, which wasn't believable because no one's allowed to put anything on those office laptops without security clearance from IT deptt.
He called me one night, drunk, angry, threatening me that he knows what I did. I feigned ignorance and quoted something like shit happens to shitty people and blocked his number.
But I had to tell someone about this flawless victory over stupid, without being implicated, so here it is 😁
Hello people, thanks for all the likes and comments. I love you guys. I'm overwhelmed to say the least. 😊
There are some questions which keep coming up again and again, so I'm answering them here in the post, I tried to answer each of them in the comments individually but now I have to sleep.
Q1) Being a finance related company, they generally have stringent security measures, how could IT department allow the manager to load the program on his laptop and why didn't they check its network communication or run it through an antivirus ?
A1) This is not the kind of company a lot of people here are envisioning, yes they have security measures like blocked USB ports, firewalls etc. in place, but just so that if a client visit happens, they can qualify. Most of the employees in IT department are highly underpaid, sick of red tapeism and blame games, so if it's not a very weird request, they generally just ask for an email from project manager and load whatever software they need, especially custom ones, because they can't really verify them. Horrible practice, I know, but no one cares there. If shit happens, which is quite frequent there, everyone starts showing their email copies to everyone and it becomes a mess.
Another reason is that the financial data which these guys process is historical and hence not very sensitive, obviously they pretend to care, but even if someone stole it, it's not like some sensitive insider trading info which has very high value, maybe that's why no one cares much.
Regarding firewall restrictions, they are also quite lax, like I mentioned in the comments, they keep blocking websites when they realize people are wasting time on them, common time waster banned websites being FB, Instagram, Reddit, most porn sites, most games sites etc. There have been instances when people have been able to open a porn site if it's quite new, once it's known, it's blocked promptly. Obviously websites like Stack overflow, GitHub, Bitbucket are not blocked, because they don't see them as time wasters, and someone somewhere keeps requesting access to them for productive work.
They did run the program through a basic antivirus, it didn't show up as suspicious and there can be a lot of reasons for it, primary being, shitty antivirus, I keep checking it on my comp and it's not detected there either, maybe because the code doesn't seem familiar enough to it, maybe because I used Golang, maybe because they just suck, I don't know and I am not an expert in antiviruses but the ones I've tried in VM are Quickheal, McAfee and Norton and all three of them don't show anything. That company was using Quickheal.
Q2: Why did you have to encrypt the files, why couldn't you just leave it at self-destruction, it's a felony, it's a crime ?
A2: Yes guys I know it's a crime. And sadly I don't really have a fancy excuse for this, I was just plain cocky and angry. I felt I wouldn't get caught and that guy was up my ass from a long time. I instinctively knew he would do some weird shit when I'd hand it over to him, so I wanted to teach him a lesson (*IF* he did some shit). If he would've implemented it, I would've replaced it with the non-exploit version and no one would've known. If he would've given me a sane reason not to implement it, that also would've been fine. Even if he wouldn't have fired me (= coerced resignation), I might not have triggered it from outside because of the risks, but when he stooped so low as to claim it as his own while getting rid of me, I lost all sense of self preservation, left the company and just let it go kaboom, I knew that it'd only encrypt the docs "he" was working on and nothing more than that and the general protocol is to just format the affected laptop afterwards, no one really bothers there to trace the source or to notify authorities, random malware/virus cases have happened there before. Also, due to my personal history with that guy, I kinda knew what he would do and what he wouldn't.
Having said that, a lot of shit could've gone sideways and although I was super careful at each step, it could've turned into a horrible nightmare. Anyone getting inspired by this, DO NOT DO THIS PLEASE.
Q3: How do you know what happened in that meeting ?
A3: My ex-colleagues told me everything over drinks later, they are unaware of my involvement
Q4: Can you get caught due to your GitHub repo, as they can trace the homing signal to that ?
A4: It's an anonymous repo made with a fake email ID, it just consists some garbage generic looking HTML text with a Y/N hidden in it. I never log in or access it directly and though unlikely, even if Github saw its access logs, it'd never trace back to my actual IP
Q5: Sometimes you say you were fired and sometimes you say you resigned ?
A5: I was asked to resign, I didn't have any choice, it's equivalent to getting fired. I chose to resign peacefully because I already had my eyes on another company which needed me, I did not want this black mark on my CV and did not want to keep working by telling on this guy to the seniors and creating an even hostile work environment. The job was not worth it anyway.
Q6: How long did you take to make it ?
A6: 3-4 months
Q7: What tech stack did you use ?
A7: Golang for coding, linux as OS, some external libs but mostly stdlib provided everything I needed. Compiled into a single statically linked binary targeted for Windows 10
Q8: Why couldn't you just sell it and get rich ?
A8: It's not that easy, it'd have taken years of convincing, security compliance and things I generally wasn't in a mood to get into. Getting a job in another company and then implementing it there was easier, got a good package because of it. I'm building up on it so that I can start my own consulting firm in a few years when I have some senior perspective of tech + finance
Q9: Final aftermath of the manager ?
A9: He was given an offer of promotion and raise, contingent on implementation of this software, which never happened so the offer got cancelled and he had to go through a lot of embarrassment. The reprimands I talked about were mostly because some client meetings got delayed due to the missing excel and ppt files that he had to make again over next 2 weeks, I guess he must've had some versions of backups in mail, I came to know that he was able to reproduce them again eventually.
Q10: Can it ever be traced back to you ?
A10: Since I manually copied the file on my manager's USB drive, then he himself went and got the approval for its installation on his laptop saying that he was the file owner and responsible for it and then he himself executed it, in the process encrypting/deleting only his own files, I don't come in the picture at all. Even if tomorrow he tells the truth to everyone, there's nothing that points to me, I've erased its existence from my side, all I have to say "I don't know what the fuck this guy's talking about"
That's it guys, I hope you enjoyed the story, in case you think it's fake, well too bad, sometimes reality is stranger than fiction.
submitted by Unhappy_Taste
Anti-Virus Software Recommendations?
What anti-virus software do you like to use and why? Just want to know about different recommendations. I only know about Norton but a lot of people seem to think it's not that good and I'm not sure why?
submitted by empanadarr