Cherwell IT Service Management Blog
Resources, Best Practices, and Solutions for ITSM Pros

Creative Ways to Trigger a Software Audit

Posted by
I came across this Computerworld article as I did my weekly scour of the news media, and wow, did it ever bring new meaning to “going rogue.” Companies understandably worry about employees “blowing the whistle” on unlicensed software–a practice promoted (and rewarded) by the BSA that’s become a primary tool for uncovering and combating corporate software piracy. But this column describes a much more seditious plot by an IT systems administrator, who, as far as I’m concerned, wins the prize for “Most Creative Way to Trigger a Software Audit.”

In short, a 7-year employee of a $250 million retailer located in Pennsylvania (who shall remain nameless), created and operated a bogus storefront to sell more than half a million dollars worth of Microsoft, Adobe and SAP software to his oblivious employer. The scam began to unravel when the company received a call from the BSA, informing them of licensing disparities that suggested pirated software was in use. As it turns out, Microsoft had traced the sale of illegal software back to the above-mentioned sys admin, which apparently set off the investigation in the first place. To make matters worse, this enterprising chap turned out to be the only person at the entire company who held the administrative passwords to critical systems such as the network router, firewall and switches, the corporate VPN, the email server, Windows AD and desktops, and more. Because of the obvious retaliatory damage the sys admin could bring upon the company if not confronted carefully, the firm hired a security consultant who designed an elaborate sting operation that would have made even Dragnet’s Sergeant Joe Friday proud.

In retrospect, there were a number of dubious things this guy was doing that should have raised a few eyebrows internally, if not set off a full-blown Code Red. But how could the person to whom you’re willing to entrust all your administrative passwords be the sort of guy you might just as easily find cookin’ the books for Bernie Madoff? (Yes, that’s a rhetorical question.)

Read the whole story here, along with other stories of IT professionals going rogue.