Is it even possible to do this in a way that can’t be tracked back to you? Unless you’re a Hollywood hacker that will rig something up to literally burn down the building the server the malicious code is contained on, there will always be some fingerprints left behind in the software. And there will almost always be a relatively short list of possible suspects. Even at large companies, there won’t ever be more than a handful of people with the skills, motive, and access needed to pull something like this off. Oh, the company’s entire database suddenly and mysteriously deleted itself? I wonder who caused that, maybe the disgruntled sysadmin we just fired? There really aren’t that many suspects in situations like this. And once you’re a suspect, they can get a warrant, seize all your computers, and scour them to dig up even more evidence against you. Hell, even just documentation of ill will against your old employer would be evidence in court. You better hope you really left no trace, otherwise you will be found out very quickly.
And really even in the best case scenario you still end up under heavy investigation, get all your computers seized, probably lose your new job, etc. Even if they can’t pin it on you, if you are the only one with the means, motive, and opportunity? They’ll tear your life upside down for years trying to prove it. Even if you are so good you can literally do it with no trace, no evidence in the code at all? It still won’t prevent your life from being torn apart. It will just keep you out of jail at best.
It would be easy depending on your company’s git practices. Complicated git workflows can leave room for you to slip stuff in unnoticed or misattributed. I mean, it still has to pass a review, but a lot of the devs I work with don’t review that closely. Could just assign a lazy dev to the review and increase your odds of getting it through.
He 100% didn’t think this would result in criminal charges. A lot of people don’t think through the “how will this company with lawyers react to my petty nonsense?” when doing stuff like this.
If he was smart he would not of done this in the first place
Is it even possible to do this in a way that can’t be tracked back to you? Unless you’re a Hollywood hacker that will rig something up to literally burn down the building the server the malicious code is contained on, there will always be some fingerprints left behind in the software. And there will almost always be a relatively short list of possible suspects. Even at large companies, there won’t ever be more than a handful of people with the skills, motive, and access needed to pull something like this off. Oh, the company’s entire database suddenly and mysteriously deleted itself? I wonder who caused that, maybe the disgruntled sysadmin we just fired? There really aren’t that many suspects in situations like this. And once you’re a suspect, they can get a warrant, seize all your computers, and scour them to dig up even more evidence against you. Hell, even just documentation of ill will against your old employer would be evidence in court. You better hope you really left no trace, otherwise you will be found out very quickly.
And really even in the best case scenario you still end up under heavy investigation, get all your computers seized, probably lose your new job, etc. Even if they can’t pin it on you, if you are the only one with the means, motive, and opportunity? They’ll tear your life upside down for years trying to prove it. Even if you are so good you can literally do it with no trace, no evidence in the code at all? It still won’t prevent your life from being torn apart. It will just keep you out of jail at best.
It would be easy depending on your company’s git practices. Complicated git workflows can leave room for you to slip stuff in unnoticed or misattributed. I mean, it still has to pass a review, but a lot of the devs I work with don’t review that closely. Could just assign a lazy dev to the review and increase your odds of getting it through.
They are one of the developers. The code is full of everyones fingerprints.
He 100% didn’t think this would result in criminal charges. A lot of people don’t think through the “how will this company with lawyers react to my petty nonsense?” when doing stuff like this.