In every IT shop someone has to be in charge of the system including all accounts, passwords, data, and security, which is endemic to IT systems and has always been the case. System administrators who have access to special user accounts are often call Super Users, because somebody has to have access to maintain operating systems including fixing security and data problems. For exampe, in unix and linux systems these Super Users have access to the root, which as its name implies is the fundamental core of the operating system and on which all applications rely.
The New York Times reported that Robert Bigman, a former chief information security officer at the Central Intelligence Agency made this comment:
This is a dirty little secret that’s being revealed,..When you log on with a root account, it doesn’t know if you’re staff employee or a contract employee. It just knows you’re root. You’re known as a superuser. You have all privileges.
Clearly the recent NSA Leak about Prism has put a focus on system administrators like this is some sort of surprise, but this fundamental to the management of IT systems.
The New York Times cited other of high profile rogue system administrator acts:
At a New Jersey pharmaceutical firm in early 2011, a former I.T. administrator gained access to the company’s system, deleted several files — including those that tracked customer orders — and froze the firm’s operations for several days, causing $800,000 in damages. Prosecutors called it a revenge attack after the company, Shionogi, announced layoffs. The administrator, Jason Cornish, pleaded guilty in August 2011.
And in 2008, a network administrator for the city of San Francisco named Terry Childs found out that he was about to be laid off and modified the city’s network in such a way that only he held the password. He refused to hand it over for 12 days, effectively disabling everything from the mayor’s e-mail to the city’s payroll records.
The big question is whether anything will change to the power and authority of Super Users?