/scary

There's a specific nightmare that CEOs of the world's biggest tech companies have at three in the morning. It's not the government knocking at the door. It's not a competitor coming out of nowhere. It's not even the market crashing. It's that engineer you fired last week. The one who still knows where the servers are. The one who still remembers the database password. And who, worst of all, now has a lot of free time on his hands. The story of Big Tech is always told as a saga of vision, money, and innovation. But underneath that shiny narrative there's another one, far less glamorous: a good chunk of what keeps these billion-dollar companies running is the loyalty of ordinary people who, on a bad day, might simply decide they don't owe anyone anything anymore. ## The Paradox of the World's Most Powerful Companies Think about it. Google has over 180,000 employees. Amazon employs nearly 1.5 million people. Meta, with all that facial recognition infrastructure and data from two billion users, needs real flesh-and-blood humans to show up every single day to keep the machine running. And humans, as we've always known, are terribly unpredictable when they feel wronged. Well, that's where the drama starts. A trillion-dollar company is, at its core, a network of trust. Trust in the product, in the investors, in the users. But mainly in its own employees. And every trust network has weak spots. Sometimes that weak spot has a name, a last name, a badge sitting in a drawer, and a denied promotion on file. What history shows us, over and over again, is that one single person in the right place, at the right time, with the wrong motivation, can cause damage that security systems worth hundreds of millions of dollars can't contain fast enough. ## The Real Guys Who Almost (or Actually) Did It Before getting into the imaginative side of things, it's worth looking at what reality has already produced. Because the real cases here are so cinematic that any screenwriter would be jealous. The most famous case in Silicon Valley involves Anthony Levandowski, a senior Google engineer who, in 2015 and 2016, spent his final months at the company working normally while simultaneously planning his exit in meticulous detail. Except it wasn't a simple exit. Before handing in his resignation, he downloaded 14,000 confidential files from Google's internal servers. Files from Waymo's self-driving car project, including specifications for their Lidar system — a technology that works like a kind of optical radar, letting the car "see" everything around it in real time. The judge on the case called it "the biggest trade secret crime I have ever seen." Levandowski pleaded guilty to one of the 33 charges against him and was sentenced to 18 months in prison. Google and Uber — which had bought his startup for $680 million knowing full well about the stolen files — settled for $245 million. All of that from one engineer, a hard drive full of files, and plenty of ambition. Then there's Martin Shkreli. Technically he didn't destroy a tech company, but he deserves an honorable mention in the hall of men who used privileged access to wreak havoc on entire systems. Shkreli was a CEO, not an employee, but the logic is the same: one person with access to strategic assets, the moment they decide the rules don't apply to them, can cause damage that spreads far beyond the company they're in. And then there's that 2018 episode that reads like a corporate thriller. Elon Musk sent an email to all Tesla employees with the subject line "Some Concerning News." In it, he revealed that an employee who had been passed over for a promotion had broken into the company's manufacturing operating system, altered production code, and exported sensitive data to unknown third parties. The guy confessed. Tesla's stock dropped 5% in the days that followed. Musk wrote, with that dramatic flair of his: "As you know, there are a long list of organizations that want Tesla to die." Except the employee wasn't an organization. He was just a very angry guy with admin access and a bruised ego. ## The Fictional Playbook: How One Pissed-Off Guy Brings Down Everything Now let me introduce you to Carlos. He's fictional, but uncomfortably familiar. Carlos is 34. Computer science degree. Six years working as an infrastructure engineer at an imaginary Big Tech company — let's call it UltraCorp. Carlos knows where the servers are. Carlos knows the passwords. Carlos knows the vulnerabilities nobody has documented yet because, well, there was never time. Carlos also knows that the manager who got promoted over him joined the company two years ago and, in Carlos's honest opinion, doesn't write cleaner code than a first-semester student. The termination email arrives on a Monday morning, the same day UltraCorp announces it's cutting 12% of its workforce for "structural optimization." The announcement is signed by a CEO who, over the past twelve months, bought an 80-meter yacht and showed up at Davos three times. Carlos gets the HR email at 9:03 AM. By 9:47 AM, while the security department is still processing the list of accesses to revoke, Carlos logs into the systems one last time. Not necessarily because he wants to. But because he still can. What he does in that window of time determines everything. In the mildest scenario, he downloads a few projects he considers "his" and sends them to his personal laptop. In the moderate scenario, he exports customer data to an external server and sells it to a competitor. In the catastrophic scenario — and this is where things get serious — Carlos, who spent six years learning every detail of UltraCorp's payment processing system, plants a piece of code somewhere nobody will look for weeks. A "logic bomb," as it's called in security circles. Basically, a script programmed to wake up 90 days later and silently, gradually corrupt database tables before deleting the backups. By the time UltraCorp figures out what's happening, tracing the cause will be nearly impossible. Carlos, by that point, is having his morning coffee at a company in Lisbon. In my reading of these cases, what always strikes me isn't the technical sophistication. It's the timing. It's the kind of knowledge that only comes from years spent inside a company. And it's the resentment of someone who spent years building something and was discarded like a redundant line of code. ## The Causes: Why Someone Gets to That Point It would be convenient to write these cases off as "unstable employees" or "bad apples." But the data tells a different story. The most common motivation for insider sabotage isn't instability. It's a predictable mix of things that any average company has produced at some point. The denied promotion carries enormous weight here. The Tesla case I mentioned is the most public, but it's far from an exception. There's something deeply crushing about being judged as insufficient by an organization you gave years of work and loyalty to. It's not just about money. It's a statement about your worth as a person. And when that statement comes from a company where the CEO earns four thousand times your salary, the sense of injustice isn't irrational — it's almost mathematical. Right behind that come mass layoffs, especially when handled coldly. Imagine getting an email telling you to return your equipment within 48 hours after seven years at a company, while the CFO is doing stock buybacks to fatten executive bonuses. The anger that generates isn't from an unstable person. It's from someone who was treated as a cost, not as a human being. There's also another cause that comes up a lot: the feeling that your intellectual property was stolen. Engineers who spend years developing genuinely innovative systems and then watch those systems get patented in the company's name, without any acknowledgment. The question "why did I build this for them?" is one of the most corrosive thoughts that can form in a creative professional's head. And last — with growing weight in recent years — ethical disagreement. Employees who discover the company is abusing user data, deceiving customers, or building products that cause real harm. These cases produce a particular kind of adversary: someone who started out trying to do the right thing from inside the system and, after being ignored or punished, decided the system needed a push from the outside. ## 2025: Three Cases That Came Dangerously Close Back to the real world, 2025 delivered some of the most documented and unsettling cases on record about this topic. The most impactful was Coinbase. In May 2025, the crypto company discovered that outside actors had bribed multiple support employees and contractors, all based outside the United States, to extract customer data using their own legitimate access credentials. Coinbase then received an extortion email demanding payment in exchange for not making the data public. The company refused to pay and went to law enforcement. What made the case particularly alarming, according to documents filed with the SEC, was that the internal monitoring system had already flagged suspicious behavior months earlier, and the company had acted in time to limit the damage. It was one step away from being catastrophic. Also in 2025, Rippling, an HR software company, sued competitor Deel accusing it of having planted a spy employee inside its own organization. A single insider, this time recruited and paid by a rival company, potentially compromised months of internal strategy. It wasn't a sophisticated hacker. It was an employee with a badge. And more broadly: 2025 data recorded over 91,000 instances of insider recruiting and threat discussions in monitored channels, with an average of over 1,100 posts per month on Telegram, where malicious actors actively try to recruit employees from specific target companies with financial offers. That changes the question entirely. It's not just "what if a disgruntled employee decides to act on their own?" It's also "what if someone makes the right offer at the right time to anyone with privileged access?" ## The Imperfect Defense Big Tech companies aren't naive about this. They have behavioral monitoring systems, offboarding protocols, granular access controls, two-factor authentication for critical systems. The full vocabulary of internal security is there, documented, implemented, and frequently not enough. Because the problem with an insider threat is exactly that: it comes from inside. The malicious employee doesn't need to break in. They're already in. They already have the password. They already know the shortcuts. And they've already passed every security check built to stop threats from outside. In 2025, the average time to contain an insider threat after detection was 67 days. In practice, 67 days inside a modern tech company is more than enough time to compromise data at scale, plant code across multiple systems simultaneously, steal critical intellectual property, and cover your tracks convincingly enough to make any subsequent investigation very complicated. What actually protects Big Tech companies from total destruction, in most cases, isn't the technical superiority of their defense systems. It's, ironically, the same thing that makes them vulnerable in the first place: human nature. Most people, even when furious, even when feeling deeply wronged, don't act. They weigh the consequences. They have a family. They have plans. The Carlos I described earlier exists in potential at virtually every tech company in the world. But most of the time, the real Carlos goes home, vents to his girlfriend, and updates his LinkedIn. The disturbing question isn't how often this happens. It's how often it could have happened and didn't — by a much smaller margin than any company would like to admit. --- Big Tech companies are vulnerable in the same way every concentrated power structure is vulnerable: through the people who build and sustain it from within. And as long as the business model keeps treating talent like disposable inputs, that equation will keep producing, every now and then, a very angry Carlos with admin access and ninety days ahead of him. Good luck with the offboarding.