Fired for Google Hacking
If Google hacking is not part of a security engineers toolbox, then quickly learn how to Google hack. The bad part is that if you are Google hacking your own company, make sure you have permission to do this, and that the whole thing has been cleared by the boss. If not, you might just get canned for taking the initiative and trying to do something interesting while waiting for the next great attack on your company or web site.
A reader reports that he was fired for Google hacking his own company to see what was in the major search engines. The only problem, he didn’t clear the whole thing with his boss first, and the boss was less than pleased to find out that he had been “hacking the company” while at work and on his off time without permission or knowledge of management.
While he did find things, the repercussions of his work ended up that he was accused of hacking the company, and quickly lead out the door.
People who are in the security field are probably shaking their heads right now going, but he was doing his job. And yes, he was doing his job, and he did find things that should not have been on the public facing servers, as well as links that lead back inside the company that did not work when actually tried. The links however did provide some interesting information on how the companies internal web network was set up. In all by reporting it, he did his job, and might be saving the company some serious embarrassment.
He knows what he did wrong though, and this is primarily boss and company dependent, his boss was ticked off because the security person did not check to see if it would be ok first. So when the boss was presented with a report, a pile of company confidential information and the rest of it mid Friday afternoon when most everyone has gone home for the weekend, the boss was in a bad position to try to do something about it. The other thing that he talked about was that his boss is a control freak, and likes to know what each of his employees are doing. So much so that when employees are talking to someone in the company or outside the company the boss wants to be on the CC line of every e-mail. That is the bosses way of checking up on folks and making sure that they are doing something.
Rather than going off on the security engineers own tangent, he knows he should have cleared it with the boss, but didn’t. Call it the thrill of the moment, and wanting to do good for the company.
So depending on what you are doing and what your boss is like, you might want to make sure that if you are busy Google hacking your company, that someone knows what you are doing, and have permission to do so. In the mean time, our reader is busy trying to find a new job this weekend, and wondering what exactly the former company is going to say about this performance, and what he did for a living.
Sometimes it is a good thing that all employers can really do is verify that the employee worked at the company. The tricky part will be the standard question “Is the employee eligible for rehire”.
Discussion Area - Leave a Comment