Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Insider IT Hacker 12

Status
Not open for further replies.

zentastic

IS-IT--Management
Nov 12, 2005
10
US
I have had some concerns that a young IT employee of mine was gaining access to our servers. We had changed the admin accounts several times over the past few years to see if he can get in.

We had come across a few weird incidences where we think he gotten in but could never really prove it. All those suspicions came to light just recently. He had gone in and deleted a user account along with all her exchange mailboxes. The reason for us finding this is because I tried to email her and it bounced back. I looked on my server and the account was completely gone. I asked my network admin and she stated that she never touched the account. That left the junior IT person (who btw doesn't have any admin rights).

We had warned him before that if he would like to gain access he must ask permission from either myself or my network gal. He is studying right now to get into the IT field.

So I confronted him about it and he said he used a password cracking tool to get in. I had no choice but to write him up for his actions. He feels that he did it to help out. Am I wrong to feel this is a bad offense? How illegal is password cracking to gain access to a secure server without permission? Now I am not trusting of him, I'm sure his co-workers won't be also. I'm not sure if he planted backdoor ways into my server, if he has access to my personal accounts, has access to our human resources files, etc. How can I stop this from happening again? What password cracking tools are out there that he could have used?
 
star.gif
to lionelhill for attempting to remind everyone that we shouldn't always assume the worst about people, especially without hearing both sides of the story.




It's a magical time of year in Philadelphia. Eagles training camp marks the end of another brutal season of complaining about the Phillies.
 
He was warned not to do what he did, and he went ahead and did it anyway. Would you want somebody on your staff who deliberately ignored specific instructions to keep his job?

He was pushing the envelope, but the envelope got ripped. He has to suffer the consequences.

Feles mala! Cur cista non uteris? Stramentum novum in ea posui!

 
I agree. It's also amazing to me that, because of the opinions of a bunch of strangers on a forum website, someone has gone from being written up to losing his job.

Hope This Helps!

ECAR
ECAR Technologies

"My work is a game, a very serious game." - M.C. Escher
 
Being strangers does not make the advice any less valid. Zentastic mentioned that the employee had already been warned about gaining permission, cracking passwords is either incredibly poor common sense or malicious activity.

While the importance of data content on networks varies, the seriousness of a breach of security is never trivial. You can't afford to take chances, you're secure or you are not.


Carlsberg don't run I.T departments, but if they did they'd probably be more fun.
 
Having not heard 'junior IT guy's' side of the story, I think that the thin ice speech and a write up are appropriate. What if someone in a high position in the company asked for his help?

flapeyre said:
He was warned not to do what he did, and he went ahead and did it anyway. Would you want somebody on your staff who deliberately ignored specific instructions to keep his job?

No I wouldn't, I just would want to know the whole story before potentially ruining someone's life. I haven't heard anything that proves his actions were malicious yet.

Zentastic - even though the decision has been made to fire him it sounds like, what was the guy's reason for doing this (ie how was he trying to help?)

Thanks,

Alex

It's a magical time of year in Philadelphia. Eagles training camp marks the end of another brutal season of complaining about the Phillies.
 
If this were the first time that this employee had done this, I would agree lionhill.

But has Zentastic [and Grenage] said, this employee has already been warned once. Plus good Computer Use Policies do cover the area that you should not attempt to gain access to anything more than what you are allowed without prior consent from management. If this employee had been told by another manager to go in as an administrator and delete a user's account, then this employee should bring up "So and so told me to do that." Then Zentastic can take it up with that manager.
Since he has not mentioned anyone other than himself, when confronted, then he is taking the full blame.

I agree with Grenage..."You're either secure or not". Whats the point of limiting this employee's access if he's just going to help himself to the full access. It's not following a protocol. Why not give data entry full acess then? What about upper management? Access controls need to be set and followed, otherwise it would be like having a bunch of wild dogs in a glass store. Something is going to break.
 
(1) LadySlinger: I only half agree! The original posting said the employee had been warned he needed to go through one of the approved staff if he wanted to gain access; it didn't say he had actually tried to gain access illegally on a previous occasion (though I suppose it's highly likely he must have tried in order to get the warning; I'd have used the word "told" rather than "warned" if it were just routine information). There was much suspicion he had, but little discussion of absolute proof.

But I'm a bit worried about someone losing their job when I'm reduced to careful interpretation of a single side of the story.

(2) Alex: agreed, that was the example I had in mind. If a CEO asked me to do something, I'd do it, even if my line manager would regard the action as anethma. But also Ladyslinger has a point: I'd blame the CEO voiciferously when the line manager complained!

(3) security: funny this one. When some outside hacker nobbles a system, there's usually a lot of people writing that it's all the administrator's fault for having a hackable system (and I find myself taking the other viewpoint). When an insider is suspected, the opinion goes the other way...

 
I'm sorry, but "Silly and Inexperienced" doesn't justify "hacking the administrator's password" and "removing an active user's account."

*ANY* IT person would know that you don't do that.

There is no "other side" when it comes to bringing in cracking software and running it on a server.

The only time that I have *EVER* had to do that is if I was hired by a company to come in and undo damage from a disgruntled IT person who has left and refused to give up the passwords.

ECAR:

As far as being "a bunch of strangers", yes, from one perspective that may be true.

However, *this* particular stranger has 20+ years of computer career behind him, in both development and management positions.

You wouldn't have a problem asking a doctor for his opinion about a health issue just because you didn't know him personally. His credentials speak for him.

Same here. This is a consortium of professionals. (overall).

The people (including myself) who stated that this person should be fired aren't speaking out of spite. I know that if someone did that here at my company, they would be escorted out under guard. Period. Without specifically quoting company policy and procedures on this, I can tell you that this is what would happen.

The comments given by the others about walking the person out immediately didn't come lightly; everyone does things in this job that they don't care for. I cringe when I have to go "investigate" someone's computer because they've been looking at inappropriate sites or whatever. It's the bitter part that comes with this job. Have I, personally, produced the evidence that has had someone walked out of a building under guard? Yes.

*Did I hold a gun to their head and make them go to porn sites????* NO. That was their choice, and they knew the consequences. It's what I call a "CLM", or Career Limiting Move.

Hacker-boy *KNEW* that he was making a CLM as soon as he put a password crack disk in the server. Period.



Just my 2¢

"In order to start solving a problem, one must first identify its owner." --Me
--Greg
 
I agree with gbaughma. The person in question would have to be autistically naive to no know that cracking passwords was inappropriate, particularly after being told, "if he would like to gain access he must ask permission from either [zentastic] or [his] network gal".

The way I see it, lionelhill, it doesn't matter whether he is evil or not. A network administrator's job comes down to two basic functions: ensuring that users have access to the data they need and protecting that data from influences that would, either benignly or belligerently, damage that data.

The person in question performed a deliberately insubordinate act that is in and of itself unethical for an IT professional. He then compounded this by incorrectly deleting user and email accounts.

Without rancor or anger, this person must be immediately shown the door.



Want the best answers? Ask the best questions! TANSTAAFL!
 
AlexCuse:

The "whole story" is not needed. He was warned, he did it anyway, he brought a password cracker into the company, for Pete's sake. If his intentions were not malicious, then, at the very least, he ws insuborinate to his superios. End of story.

Feles mala! Cur cista non uteris? Stramentum novum in ea posui!

 
gbaughma said:
You wouldn't have a problem asking a doctor for his opinion about a health issue just because you didn't know him personally. His credentials speak for him.
I would if it was on a public website that has no verification whatsoever that anyone is truely who they say they are.

I didn't mean to imply that no one here was quailified to be giving advice. I just simply meant to point out that zentastic went from formally writting this guy up to firing him (and potentially ruining his life), based on the posts in this thread. Something about that just doesn't seem right to me.

I'm not talking about whether Jr. IT Dude was right or wrong or deserved what happened in the end, I'm talking about how his fate was basically decided by a group of semi-anonymous posters on a website, who may or may not be who or what they claim. For all any of you know, I may not be a computer professional, I may be a prison guard, or a truck driver, or an accountant, or a doctor that just enjoys computers and playing on the Internet in my spare time.

I know, I'm getting off topic, but I just wanted to clarify my earlier post.

Hope This Helps!

ECAR
ECAR Technologies

"My work is a game, a very serious game." - M.C. Escher
 
I am just saying what if his superiors superiors asked him to do it? There is a post in another forum from a guy who used a password cracker on his boss's computer and found out his boss was looking at 'inappropriate materials'. After stating that this was authorized by his boss's superiors (because his boss was gone and they needed a critical ftp site password), nobody questioned why he did it.

I think that the unknown individual in question deserves the same opportunity before everyone calls for his head.

For the record, I feel that most likely he was screwing around and probably should be fired, but I think it is irresponsible to recommend that someone lose their livelihood (and in this case probably most of their future career prospects) without first making sure that he was in fact not doing this in response to someone else's need that for one reason or another zentastic or 'network gal' were unable to fulfill.

Again, he probably wasn't and I am in no way trying to condone his actions.

For all I know, zentastic could be SteveHewitt's boss, trying to get back at him for disrupting the flow of 'inappropriate materials' to his screen (no offense meant zentastic, just trying to make an example of why we shouldn't rush to judgement).

As Greg said
The comments given by the others about walking the person out immediately didn't come lightly; everyone does things in this job that they don't care for.

Obviously someone's job is nothing to take lightly, and to make a decision on whether or not someone has one without knowing the whole story is certainly to take it lightly in my book.



It's a magical time of year in Philadelphia. Eagles training camp marks the end of another brutal season of complaining about the Phillies.
 
ECAR - You got me, I am a truck driver!


It's a magical time of year in Philadelphia. Eagles training camp marks the end of another brutal season of complaining about the Phillies.
 
The reason zentastic's hackerboy did what he did is not relevant. There are no mitigating circumstances, or I'm sure zentastic would have pointed that out by now. Hackerboy did it in defiance of his superiors, and without proper authorization. So you won't see me rushing to defend him.

Hackerboy ruined his own career.

Feles mala! Cur cista non uteris? Stramentum novum in ea posui!

 
ECAR said:
...his fate was basically decided by a group of semi-anonymous posters on a website, who may or may not be who or what they claim.
Not true...First, Hacker Boy decided his own fate by knowingly setting in motion a series of events that he knew was wrong, else he would have consulted his superiors prior to his (mis)behaviour. Although he had the right to choose his behaviour, he does not have the right to choose the consequences of his behaviour.


Second, Zentastic and his superiors are the ones who choose the consequences of Hacker Boy's actions...not we "semi-anonymous posters on a website, who may or may not be who or what (we) claim." Zentastic asked for advice on what should occur in response to Hacker Boy's unethical, illegal, irresponsible acts, and we gave Zentastic the sanity check that he needed. Once he saw the universal, unanimous groundswell reaction to Hacker Boy's behaviour, I believe that Zentastic saw that the organisation's response to HB's behaviour should not be simply a slap-on-the-wrist warning.

HB's actions are, at some levels, similar to a medical student sneaking into a hospital and performing an amputation on a random individual who was in the hospital to pay a medical bill, all because HB thought he "was being helpful." (Yeah, right!)

We are not a faceless lynch mob out to get HB because we don't like him...We don't even know him. And since we don't know him, we can be objective "jurors", if the "evidence" that Zentastic presented is true and accurate. HB perpetrated a serious crime that Zentastic (and his colleagues) should not be wringing their hands over.

And in the final analysis, it is Zentastic's Human Resources and other business executives that must make the decision of how to proceed. We are here simply to offer credibility to a harse sanctioning.

[santa]Mufasa
(aka Dave of Sandy, Utah, USA)
[I can provide you with low-cost, remote Database Administration services: see our website and contact me via www.dasages.com]
 
I honestly don't understand the "oh, poor baby" attitude towards Hackerboy. This kid did a bad thing. He was (we presume) fired for it. People get fired all the time for a whole lot less (or even for no reason at all; some states permit that).

If zentastic's company has a coprorate attorney, advise him/her of the situation at once. If not, retain one immediately. Any unexplained hanky-paanky on the system, and CorpAtty needs to make sure the police give him the Silver Bracelet Award.

Feles mala! Cur cista non uteris? Stramentum novum in ea posui!

 
[more facetiousness]
do you think we can get someone else fired today?
[rofl]
Both my bosses are gone for the day, so I feel pretty safe!
[/more facetiousness]


Leslie
 
You're right.... I *could* be faking, and I'm just a 20 year old kid who works at McDonald's flipping hamburgers and don't know a thing about corporate management and computers.

However, I would have been flushed out a long time ago on here as a "faker".

It is easier for an intellegent person to "play dumb" than for an unintellegent person to "play smart". ;)

(That should be someone's tagline.... )



Just my 2¢

"In order to start solving a problem, one must first identify its owner." --Me
--Greg
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top