Janitor Gets Jailed Over Data Theft

FrgMstr

FrgMstr

Just Plain Mean
Staff member
Joined
May 18, 1997
Messages
55,602
OK....yeah, you should not be stealing data drives from where you work just because you want some extra storage on your XBone. However, Andru Reed was a janitor at the Florida Department of Revenue, and the drives he stole contained "secret information about taxpayers." I am not sure that this guy should be getting charged with third degree felonies though. It seems like the jackasses at the Florida Dept. of Revenue should be feeling a little bit of pain as well, since they leave data drives with "secret information" anywhere that the janitor can steal those. "As a result of the Department of Revenue's thorough processes and procedures to monitor and maintain equipment, we were able to rapidly identify and report the property missing." Too bad they did not use all their processes and procedures to secure the data they are responsible for in the first place. Thanks cageymaru.


The four hard drives contained confidential taxpayer information. Reed indicated that he had connected the hard drives to his Xbox to download video games without knowing what was on the hard drives. At this time in the investigation, it appears that the information on the hard drives was not used or further shared, but computer forensic examinations continue.
 
Funny thing about both security and cleaning services is that, generally, nobody really wants to pay for them. The result is a lot of bottom-dollar contract bids by companies that pay their people very little, with maybe a cursory background check at best to vet them. These same people tend to get a lot more access within a facility than most others, since security will usually control access and need to patrol, etc., while cleaning services will need access to clean in most places.

It's amazing how much of a security-conscious front places will put up only to allow these people all access after-hours, but it's super common.
 
Everyone is bringing up some very good points. Hopefully this incident will raise these questions and DOR will have to answer for its dubious practices.
 
Well that's just how the cookie crumbles. You want your place running and clean you need to let in the cleaning people. But if you don't trust the cleaners you need security to watch over them. And them, and them, and them, and them, and them...
Or perhaps you should pay the first person enough so they're not tempted by a $100 HDD.
 
M76 said:
Well that's just how the cookie crumbles. You want your place running and clean you need to let in the cleaning people. But if you don't trust the cleaners you need security to watch over them. And them, and them, and them, and them, and them...
Or perhaps you should pay the first person enough so they're not tempted by a $100 HDD.
Click to expand...

Sure you can keep saying all security measures can be bypassed eventually or with enough effort etc. But thats not the point here: they didnt even *try* apparently. This wasn't just poor security practices, it was an appalling lack of care about data security.

Pay wont necessarily fix the problem. I have seen people that make 100k+ a year steal a ream of paper for their home simply because they were too cheap to pay for it themselves.

Bottom line: data should be secured and should never be left in such a place...
 
Im not seeing anything about how the drives were stolen, but i suspect these drives were not in a machine. For the times ive worked in data centers, its far too often that a set of hard drives can sit dormant on a shelf for some length of time. I just find it hard to believe that this guy cracked into a machine and took a drive out of a live machine.

Honestly, dept of revenue needs to clean up its act here. It all goes back to them in every scenario.
 
The "hard disk was for my Xbox" sounds like a flimsy excuse. I don't buy it. They wanted revenue information and wanted to steal identites.
 
I don't know that ruining this guys life is the best for him, i hope they cut him a deal that lets him have a productive life. Yes hes an idiot, yes he stole. The thought process seems like complete dumbassery hmm disks, meh they have plenty gimme gimme for my Xbox. I don't think that's the same as criminal looking for the info to sell it, besides that one would have problably installed something or cloned the drives, something like that.
 
viscountalpha said:
The "hard disk was for my Xbox" sounds like a flimsy excuse. I don't buy it. They wanted revenue information and wanted to steal identites.
Click to expand...
Well you know, thinking about 4 drives... You might be right, but i guesd evidence will tell.
 
At my old place of work, the head of facilities also had control of the security cameras. Imagine our surprise when 25 I pads went missing from the IT storage room and when we asked for the security camera footage the camera was 'broken'

The camera was also 'broken' when the President's laptop went missing from his damn office over lunchtime.
 
Florida Department of Revenue should certainly be held responsible for lax security processes, but that doesn't mean anyone should have much sympathy for Mr. Reed facing harsh felony charges here. When the car you jack has a child in the back seat you get hit for kidnapping. Same story...
 
Trying to understand the charge of "offenses against intellectual property" for stealing 4 external hard drives. Was some copyrighted software harmed by the theft? Can sort of understand "offenses against users of computer systems" if the drives were connected to the workstations or expected to be readily available for use. Wonder what would have been wrong with a good old basic theft of state property charge?

For those wondering about security, a lot of state agencies are mandated to use services that hire some type of "disadvantaged" employees. Might be handicapped, former inmates, etc. And yes, it is often by the lowest bidder for a contract. And for janitorial services to to their job, they pretty much have to have the run of the place.
 
Dead Parrot said:
Trying to understand the charge of "offenses against intellectual property" for stealing 4 external hard drives. Was some copyrighted software harmed by the theft? Can sort of understand "offenses against users of computer systems" if the drives were connected to the workstations or expected to be readily available for use. Wonder what would have been wrong with a good old basic theft of state property charge?

For those wondering about security, a lot of state agencies are mandated to use services that hire some type of "disadvantaged" employees. Might be handicapped, former inmates, etc. And yes, it is often by the lowest bidder for a contract. And for janitorial services to to their job, they pretty much have to have the run of the place.
Click to expand...
You really conflate "the handicapped" with "former inmates"? Wow. I'm no lefty snowflake but that's pretty messed up.
 
Most States Department of Revenue systems and procedures are way out of date. I know a few as of late 2017 that still had XP machines and accessed the internet. I'm actually shocked they don't have more problems than they actually do.
 
Hey just about everyone takes things from work, most of what I've taken was snacks from the break room, and he happened to take some hard drives
 
lol, well maybe he has a 500gb xbox one that can only hold 8 games. If MS and Sony weren't so cheap none of this would have ever happened ;-)
 
Rahh said:
Most States Department of Revenue systems and procedures are way out of date. I know a few as of late 2017 that still had XP machines and accessed the internet. I'm actually shocked they don't have more problems than they actually do.
Click to expand...
Taxes are just that boring!
 
Simple solution just hire robots. Think about a Mars colony, who would volunteer to go to Mars to be a janitor? They'll have to have robots by then. Of course an even simpler solution would be to lock up the data...but you know that's just too boring and ordinary and inconvenient.
 
kju1 said:
I am more disturbed by the fact that they apparently think its ok to drop this kind of data onto someones workstation. I would expect a janitor to have access to the areas where the workstation are. The data center not so much...
Click to expand...
I get the feeling that was a stretch to hit him with some heftier charges. It probably had a Florida Department of Revenue letterhead template on it.
 
Not defending the janitor, but damn, they are not doing a good job of safe guarding data. This is rampant. The drives should be both more secure and encrypted. No excuses.
 
they should get him for just theft, not data theft.

It'd be like a car thief stealing a car that has drugs in it. He didn't know the drugs were in it, he just wanted to steal the car.
 
scojer said:
they should get him for just theft, not data theft.

It'd be like a car thief stealing a car that has drugs in it. He didn't know the drugs were in it, he just wanted to steal the car.
Click to expand...
There ya go, that's an idea. Next time the cops want to put those "bait cars" out there, put like some illegal guns, a kilo of cocaine, and some dead hooker body parts in the trunk, so when they steal the car send them to jail for life!
 
scojer said:
they should get him for just theft, not data theft.

It'd be like a car thief stealing a car that has drugs in it. He didn't know the drugs were in it, he just wanted to steal the car.
Click to expand...

If you steal a car with a toddler in the back seat you’re going to prison for kidnapping.
 
  • Like
Reactions: WhoMe
like this
sfsuphysics said:
There ya go, that's an idea. Next time the cops want to put those "bait cars" out there, put like some illegal guns, a kilo of cocaine, and some dead hooker body parts in the trunk, so when they steal the car send them to jail for life!
Click to expand...
Been having a shitty day, but this made me laugh.
 
How much do you want to bet these drives were "stored" on a rolling cart in a hallway because nobody in IT had time to degauss today?
 
Abhaxus said:
If you steal a car with a toddler in the back seat you’re going to prison for kidnapping.
Click to expand...
Last time i looked at a HDD, I couldn't see the bits of information that were stored on the drive (where you could see and likely hear the child in the car). It's also not directly harming anyone byond basic larceny taking the drive. To scale the analogy properly would be something like of you steal a car with a corpse in the trunk you are not likely going to be charged with the murder (unless there is also some crappy police work to go with it).
 
I used to work with a guy who had been a DBA at a top-3 oil company. Their janitor was busted after he used a sheet of blank - but signed! - checks that somehow got stuck behind the locked box that fed the printer. He cashed 6-7 checks for ~$2k each, correctly figuring that the company would never miss so little. True, but the accountant immediately caught it at the end of month, because "That pipeline division never writes a check under $2 million."
 
Abhaxus said:
If you steal a car with a toddler in the back seat you’re going to prison for kidnapping.
Click to expand...

A car thief can see a toddler - unless it's in the trunk.

sfsuphysics said:
There ya go, that's an idea. Next time the cops want to put those "bait cars" out there, put like some illegal guns, a kilo of cocaine, and some dead hooker body parts in the trunk, so when they steal the car send them to jail for life!
Click to expand...

Lol, yes.
 
IcePickFreak said:
I get the feeling that was a stretch to hit him with some heftier charges. It probably had a Florida Department of Revenue letterhead template on it.
Click to expand...

I got the impression that "confidential taxpayer information" is a bit more than an official letterhead template...

scojer said:
A car thief can see a toddler - unless it's in the trunk..
Click to expand...

And even if its in the trunk the thief would get charged with kidnapping...

PhotoBobBarker said:
Last time i looked at a HDD, I couldn't see the bits of information that were stored on the drive (where you could see and likely hear the child in the car). It's also not directly harming anyone byond basic larceny taking the drive. To scale the analogy properly would be something like of you steal a car with a corpse in the trunk you are not likely going to be charged with the murder (unless there is also some crappy police work to go with it).
Click to expand...

I would be willing to bet you would most definitely be charged, maybe not convicted. But to get back to the topic - taking the HDD doesnt mean he didnt access the data and use it for personal gain. The article says they believe he didn't but how in the world do they know that if he overwrote it with xbone games? Answer: They dont.
 
Aix. said:
It's amazing how much of a security-conscious front places will put up only to allow these people all access after-hours, but it's super common
Click to expand...

one place i worked had the server room so locked down, some IT people could not even get in there, but the janitor.. complete access to empty a couple trash cans. I finally convinced them to put the trash cans outside the door to be emptied after hours and keep the janitor out. complete breach of security

i was thought of though as an idiot and why all the fuss over a trash can...

*SIGH*
 
kju1 said:
Excuse me? I am going off their statements, what are YOU going off of?
Click to expand...

Bath salts?

upload_2018-4-19_10-5-15.png
 
katanaD said:
one place i worked had the server room so locked down, some IT people could not even get in there, but the janitor.. complete access to empty a couple trash cans. I finally convinced them to put the trash cans outside the door to be emptied after hours and keep the janitor out. complete breach of security

i was thought of though as an idiot and why all the fuss over a trash can...

*SIGH*
Click to expand...

I definitely see that point, and agree that the typical janitor probably doesn't need to go in there. However the flip side of these conversations usually end up with if no one can get in there, who actually puts out a fire or let's the fire department in when there is smoke rolling out from under the door? It's difficult to lock up an entire room, but certainly you need to put sensitive material inside of something else that can be locked. So in this case simply tossing the HDDs into a cabinet would have prevented them from wandering off. I've seen where people start going down the road where you restrict access into areas, and pretty soon every area has it's own sets of keys and it's a complete mess to actually get anything accomplished.
 
If you've ever tried to use their website you would understand how this was allowed to happen.
 
bman212121 said:
I definitely see that point, and agree that the typical janitor probably doesn't need to go in there. However the flip side of these conversations usually end up with if no one can get in there, who actually puts out a fire or let's the fire department in when there is smoke rolling out from under the door? It's difficult to lock up an entire room, but certainly you need to put sensitive material inside of something else that can be locked. So in this case simply tossing the HDDs into a cabinet would have prevented them from wandering off. I've seen where people start going down the road where you restrict access into areas, and pretty soon every area has it's own sets of keys and it's a complete mess to actually get anything accomplished.
Click to expand...
automated fire suppression? Our server room gives people inside some set amount of time (30 or 45 seconds) to run or slap a big red button before it kicks in.
 
This sounds almost like a game of Town of Salem. Now we just need the jailor to execute this janitor.
 
You must log in or register to reply here.
Back
Top