An article in yesterday’s New York Times examines the threat that “rogue” sysadmins pose to governments and corporations.
(But what if all sysadmins are rogue sysadmins, deep down? What if that’s how they got to be sysadmins in the first place? Just a thought.)
A few notable quotes from the Times article:
Edward J. Snowden, the former National Security Agency contractor who leaked details about American surveillance, personifies a debate at the heart of technology systems in government and industry: can the I.T. staff be trusted?
“The scariest threat is the systems administrator,” said Eric Chiu, president of Hytrust, a computer security company. “The system administrator has godlike access to systems they manage.”
“This is a dirty little secret that’s being revealed,” said Robert Bigman, a former chief information security officer at the Central Intelligence Agency. “When you log on with a root account, it doesn’t know if you’re staff employee or a contract employee. It just knows you’re root. You’re known as a superuser. You have all privileges.“