To follow on from Gareth's comments. The other really difficult issue is recovering the current system from the planted bomb. It is no different to finding your PC is infected with a bad virus. The effort needed to convince yourself you have a clean PC is significant, so much so that wiping the disk and a clean install is often the preferred option. But this was a deliberate infection in the client code. There is no tenable equivalent to reinstallation. Not after the programmer had been there for a number of years, with full admin access to the systems. Backups going back years are just as likely to be contaminated, and since he would have had responsibility for many local customisations to the systems, you would not be safe reinstalling these - which would probably leave the system in-operational anyway. After all - one of a sys-admin's core responsibilities is to manage the system, its security and backups, to allow recovery from just such a scenario. When the guy trusted with managing the recovery mechanisms is the guy that does the damage you have a big problem.

So there is then only a very time consuming audit of pretty much the entire system, and eventually settling on an acceptable probability you have eliminated the errant code. All you know is that you had a rogue sys-admin - not that he only planted only one bomb. Secondly, you don't know how competent the bomb code is - like many viruses, errors in the code can be more damaging than the intended actions. Any test versions lying about still? Any hidden code somewhere else that reinserts the bomb?

Sys-admins have an understated but vital duty of care and trust, and a required level of ethical behaviour that goes well beyond many other parts of an IT operation. I find it interesting how the vast majority of admins understand this and how it underpins part of the the ethos of the job. Most admins reading about this guy will feel a very uncomfortable sense of violation of their professional ethics. Hanging is too good.