BestHub
Sign in
Information Security 7 min read

How a Fired Contractor Crippled Waste Management with a Simple PowerShell Script

A former IT contractor at Waste Management exploited his insider knowledge after being terminated, using a self‑written PowerShell script to reset thousands of accounts, causing a nationwide outage that cost over $860,000 and highlighted critical gaps in enterprise permission revocation processes.

IT Services Circle
IT Services Circle
IT Services Circle
How a Fired Contractor Crippled Waste Management with a Simple PowerShell Script

Incident Overview

In May 2021, a former IT contractor at Waste Management (WM) was terminated. Although the company’s manual de‑provisioning process was supposed to revoke his access immediately, the revocation was incomplete.

Attack Execution

Within minutes, the ex‑contractor used his knowledge of WM’s internal network to impersonate another contractor and obtain fresh login credentials. He then executed a custom PowerShell script that reset the passwords of approximately 2,500 user and service accounts in a single operation.

# Example of the password‑reset loop (simplified)
Get-ADUser -Filter * -SearchBase "OU=WM_Users,DC=wm,DC=com" |
ForEach-Object {
    $newPwd = ConvertTo-SecureString -String "TempPass123!" -AsPlainText -Force
    Set-ADAccountPassword -Identity $_ -NewPassword $newPwd -Reset
}

Immediate Effects

All employee and contractor workstations were forced offline.

Every login attempt failed, effectively locking out users.

Customer‑service and field‑operations systems stopped, halting business processes nationwide.

Financial and Operational Impact

The outage caused direct financial losses exceeding $862,000 (≈ ¥6.13 million). Additional costs included:

Lost productivity while thousands of employees could not log in.

Service‑delivery interruption for customers.

Labor‑intensive account recovery and system restoration, extending over days to weeks.

Forensic Evasion

After the attack, the perpetrator searched for methods to delete PowerShell event logs and succeeded in removing several entries, though not all, increasing the difficulty of forensic analysis.

Legal Outcome

The case was transferred to a U.S. federal district court. A sentencing hearing is scheduled for 30 January 2026; the defendant faces up to ten years in prison and a $250,000 fine.

Broader Security Implications

Security experts note that insider threats motivated by personal grievances are rising, especially in sectors that rely heavily on outsourced staff with elevated privileges (e.g., energy and critical infrastructure). The Department of Justice and CISA repeatedly emphasize the need for immediate, automated revocation of access for former employees and contractors.

Reference: https://www.justice.gov/usao-sdtx/pr/former-contractor-admits-hacking-employer-retaliation-termination

enterprise securityPowerShellinsider threatCISAWaste Managementaccount takeover
IT Services Circle
Written by

IT Services Circle

Delivering cutting-edge internet insights and practical learning resources. We're a passionate and principled IT media platform.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment