Google up Randal Schwartz. Caution: clickhole.
He was a consultant/sysadmin for Intel, and he did 3 things which he thought his employer would support, and was astonished to find that not only did his employer not support, but actively had him prosecuted for doing it. Ouch.
1. He ran a reverse-proxy on two machines so he could check in on them from home.
2. He used the crack program to find weak passwords.
3. He found a weak password, and used it to log into a system, which he copied the /etc/shadow file from to look for additional weak passwords.
https://www.giac.org/paper/gsec/4039/intel-v-randal-l-schwar...
https://web.archive.org/web/20160216204357/http://www.lightl...
He didn't try and hide his activities, and didn't do anything else untoward, it was literally just these things which most people wouldn't bat an eyelid at. These days, it is completely normal for a company to provide VPNs for their employees, and completely normal to continually scan for unexpected user accounts or weak passwords. But... because he didn't explain this to higher-ups and get their buy-in, they prosecuted him instead of thanking him.
It is kinda sus when they do it at home without consent.
In this case, backdoor code was offered to and accepted by xz maintainers.
It is a little different but a thing that you might have missed in the quick read is that one of the things he was accused of was installing and using a backdoor.
