Twin brothers wipe 96 government databases minutes after being fired

Original Article ↗ Hacker News Discussion ↗

Firing, Access Revocation, and Office Belongings

  • Many argue credentials for highly privileged staff should be cut before or exactly during the termination meeting; failing to do so is called incompetent.
  • Others worry this norm leads to dehumanizing layoffs where people are abruptly locked out of everything, even email, with no chance to say goodbye or grab contacts.
  • Side discussion on losing personal items at the office: some now avoid leaving anything valuable at work; others see that level of paranoia as depressing.

Plaintext Passwords and Basic Security Failures

  • Storing user passwords in plaintext for a federal system is widely condemned as gross negligence.
  • Several share anecdotes of systems (including civic and open‑source projects) that still store or email plaintext passwords, and of management resisting reset‑flow best practices.
  • Commenters ask how such a contractor could pass SOC2 or similar audits; others note audits often only check that you follow some policy, not that the policy is sound.

Access Controls, Least Privilege, and Backups

  • The ability for one admin to drop ~96 production databases in an hour is seen as evidence of missing least‑privilege, change controls, and two‑person approval on destructive operations.
  • People question whether infosec leadership existed at all.
  • There were backups, but the episode highlights that many orgs either lack backups or don’t test them.

AI Tools, Tool Neutrality, and Legacy IT

  • The brother asking an AI how to clear logs after deletions is viewed as both farcical and alarming.
  • Debate over whether AI “supercharges” vandalism versus being just another neutral tool like Stack Overflow or a hammer.
  • Some note DHS‑related systems apparently running on very old Windows Server versions, seeing this as emblematic of government’s tendency to pay for extended support instead of modernizing.

Background Checks, Criminal Records, and Second Chances

  • Many are stunned that individuals with prior computer‑related felonies gained such deep access to sensitive government databases.
  • Discussion of “Ban the Box” rules in D.C., which limit pre‑offer criminal checks; some say employers still could have checked post‑offer and denied for legitimate risk reasons.
  • Split views: some see this as a failure to appropriately ring‑fence ex‑offenders from high‑risk roles; others argue that “second chances” inherently involve some risk and blanket bans are unjust.

Offboarding, Ethics, and Workplace Culture

  • Multiple people recount experiences where they could have sabotaged systems but chose not to, arguing that hiring for ethics matters as much as technical controls.
  • Others counter that security design must assume some insiders will be unethical; controls and offboarding flows should not rely on individual virtue.