Insider IT Hacker 12

[zentastic]

I have had some concerns that a young IT employee of mine was gaining access to our servers. We had changed the admin accounts several times over the past few years to see if he can get in.

We had come across a few weird incidences where we think he gotten in but could never really prove it. All those suspicions came to light just recently. He had gone in and deleted a user account along with all her exchange mailboxes. The reason for us finding this is because I tried to email her and it bounced back. I looked on my server and the account was completely gone. I asked my network admin and she stated that she never touched the account. That left the junior IT person (who btw doesn't have any admin rights).

We had warned him before that if he would like to gain access he must ask permission from either myself or my network gal. He is studying right now to get into the IT field.

So I confronted him about it and he said he used a password cracking tool to get in. I had no choice but to write him up for his actions. He feels that he did it to help out. Am I wrong to feel this is a bad offense? How illegal is password cracking to gain access to a secure server without permission? Now I am not trusting of him, I'm sure his co-workers won't be also. I'm not sure if he planted backdoor ways into my server, if he has access to my personal accounts, has access to our human resources files, etc. How can I stop this from happening again? What password cracking tools are out there that he could have used?

 

[Tarwn]

quote SantaMufasa]WDITOT? IMNHRTGATTTTM.[/quote]
What do I think of that? I might not have ... Tek-Tips... Today's Monday

 

[strongm]

>WDITOT? IMNHRTGATTTTM

Why Didn't I Think Of That? I Must/Might Not Have Realised That ... erm ... hmmm ...

 

[LadySlinger]

>>WDITOT? IMNHRTGATTTTM

Why Didn't I think of that? I May Not Have Read The Girl Admin Thoughts Through Tek Tips Monitoring?

 

[lionelhill]

... Oops, so this thread was generated by the US government to test my moral fibre? Failed again. I'm doomed, doomed...

(<guilt-ridden> I'm not defending Hacker's actions, just trying to argue it's dangerous to conclude you're Right without looking at both sides of an argument. </guilt-over>

 

[damber]

WDITOT? IMNHRTGATTTTM.

Why Didn't I think Of that ?
I Must Not Have Realised That Given All This Terrific Tek-Tip Madness.



A smile is worth a thousand kind words. So smile, it's easy!

 

[damber]

or maybe..

WDITOT?
Why Didn't I Try Ordering Tacos ?
IMNHRTGATTTTM.
Idiots Must Never Have Read That Good Article Text That Tek-Tippers Mentioned.



A smile is worth a thousand kind words. So smile, it's easy!

 

[SantaMufasa]

A

to LadySlinger and a

to damber for coming oh-so-close to the interpretation of the original acronyms. (I posted the meaning yesterday, but apparently, our Fearless Leader of this forum disapproved of the totally benign meanings and removed the post. I'd be fascinated to know why before risking the same fate by posting it again.<puzzled>)

Mufasa
(aka Dave of Sandy, Utah, USA)
[I can provide you with low-cost, remote Database Administration services: see our website and contact me via www.dasages.com]

 

[strongm]

Bah - they were both building off my analysis ...

 

[lionelhill]

WDITOT?
Why Didn't I Try Ordering Tacos ?
WDITOT!
We Did: Indigestion Turned Out Terrible

 

[mikeydidit]

I think the real shame in this is, that he (and a lot of others like him) have a talent that has just been wasted. You get to many shots in life to make a living doing what you like to do. A lot of times it seems we work doing what we can make the best living doing and not necessarily have a passion for.

I really think this was just a kid with a talent that made very wrong decisions.

"You don't stop playing because you get old. You get old because you stopped playing."

 

[sleipnir214]

I think the real shame in this is, that he (and a lot of others like him) have a talent that has just been wasted.

I really think this was just a kid with a talent that made very wrong decisions.

I am reminded of a joke...

A senior executive took out to lunch one of his subordinates and during the meal their conversation turned to success in business. The conversation when something like:

Junior Exec: Sir, to what do you attribute your success?
Senior Exec: Good decisions.

JE: And to what, sir, do you attribute your good decisions?
SE: Experience.

JE: And to what, if you don't mind my asking, do you attribute your experience?
SE: Bad decisions.



If anyone has wasted HackerBoy's talent, it is HackerBoy himself. And if HackerBoy chooses self-indulgence of an unwillingness to follow instruction over professional development and success in his chosen field, then that choice is his to make.

However, in the adult world every choice every one of us makes has consequences. Maybe, and only just maybe, getting fired will shove HackerBoy down the road of growing up. He'd better hope it does, because if he doesn't start down that road soon, HackerBoy will either find himself completely unemployable in the IT field or in jail.



Want the best answers? Ask the best questions! TANSTAAFL!

 

[rosieb]

It's simple, as part of the IT function we can do almost anything on our systems. We can crack passwords, we can alter records, we can see any data, and we can avoid audit logs. Sometimes we do have to do these as part of our legitimate work.

Many managers/directors don't appreciate exactly what their IT departments are capable of. They think we can't see their data. But we can. But if we're professional, we don't.

So we have to be utterly beyond reproach. Trust in IT has to be absolute. If someone breaks that trust, they should be out. We are "Caesar's wife".

Most organisations, unionised or not, have rules which allow for instant dismissal on the grounds of gross misconduct. And any unauthorised access to systems is gross misconduct.

This person appears to have broken this trust, if so, there is absolutely no excuse. Maybe they'll learn from this.

Rosie
"Don't try to improve one thing by 100%, try to improve 100 things by 1%

 

[LadySlinger]

We were talking about this or actually along these lines last night in class.

The #1 threat for the enterprises is not outside sources, but inside sources, mainly employees. The IT dept places firewalls, anti-virus servers, and much more as a defensive wall for the "castle". But then you place someone that is suppose to be trustworthy, and loyal, behind that wall without any background checks and such to run your network, have full access throughout the network as well as the building and yet managers that hire do not investigate or take the time to consider "Is this person trustworthy?". Instead they go with a "gut" feeling and hire that person, stuff them in a corner with little light and pay them a liveable wage.

 

[gbaughma]

You know, I was just having this discussion (again) the other day.

I work as an IT Supervisor; I also consult for a couple of banks. One person asked me "That means you can see the accounts?" "I suppose, if I wanted to..." I replied. He says "So you could see how much I have in my account?" Well, I knew where he was going with this. My response was "Look. To me, it's data. All I care about is that the data is protected, backed up, and accessable to the people who need access to it. It doesn't matter if it's bank accounts, medical records, or an MP3 collection; it's all data. My job is to make sure the data is safe. That's all."

Also reminded of a joke... hehe

This employee walks up to the IT supervisor and says "Hey, my password isn't working..." to which the IT sup replies "Damn... that wasn't supposed to happen until 1 o'clock!"

(and yes, I've used that line on a couple of people here at work when their accounts have gotten locked... hehe... I've been reading too much BOFH....)



Just my 2¢

"In order to start solving a problem, one must first identify its owner." --Me
--Greg

http://parallel.tzo.com

 

[KornGeek]

I personally don't feel the Junior IT person's side of the story is necessary in this case. He admitted to having used a password-cracker to gain access to an administrator's account. From where I stand this is evidence of a severe lack of either ethics or common sense. Such an extreme lack of either should be grounds for immediate dismall before it leads to further problems.

If a man is driving a car and running red lights and stop signs and exceeding the speed limit and this causes him to run over a family, he should be locked up for his offence.

It doesn't matter what his reasoning was. Whether he simply didn't feel the rules applied to him, or if he thought it was no big deal, or if he had good intentions such as hurrying over to comfort a friend who was diagnosed with a terminal illness, his side of the story is not a factor. Bottom line is he committed a serious error and needs to face the consequences, severe though they may be.
</my 2 cents>

 

[rexxhead]

Coming late to the discussion, I don't know if anyone has suggested that in a 'union shop' where it's difficult to fire someone, it's often still possible to get the District Attorney to handle the matter if what the hacker did was a crime.

"No, we didn't fire your member; we simply alerted the authorities that he had committed a crime. That's OK, isn't it?"

Give them the opportunity to say "no"...


Frank Clarke
Tampa Area REXX Programmers' Alliance
REXX Language Assn Listmaster

 

[shannanl]

I am the network administrator at a hospital and I can assure you that if any of my I.T. guys were caught cracking passwords they would be terminated, no questions asked. You can't have people in those positions that you do not trust.

 

[teash]

You guys are ruthless!! Fire him? Hell, why stop there? Have his parents put to death!!! Hijack his grandma and hold her for ransom!!! Make him pay!!!! Let him feel the pain you were put through!!

I am sorry, but all you "admins" out there seem to be "holier than thou" and have never done anything wrong! Perhaps it's because you have never been caught!!!!

I'd just let him know that this type of behavior is not tolerated and that he was caught! And in the future.... his grandma will be auctioned off on ebay!

Seriously, he didn't ruin anything. Why ruin his life?

 

[Grenage]

When your banking details and/or personal information is available on a company's network, would you want some rogue admin running around it?


Carlsberg don't run I.T departments, but if they did they'd probably be more fun.

 

[gbaughma]

I am sorry, but all you "admins" out there seem to be "holier than thou" and have never done anything wrong! Perhaps it's because you have never been caught!!!!

Ummm... excuse me. If a person that I hired was hacking passwords, and I didn't take STRICT ACTION in accordance with our company policies (which would, in that case, be immediate termination of employment) *I* would be held personally responsible and fired as well.

I deal with HIPAA regulations, DOC Regulations, and in my consulting business, GLBA regulations.

Let me tell you what Hacker-boy would have had access to had he done that on MY network, and perhaps you'll feel a little more strongly.

If that had happened on MY network(s)
o Banking data, including balances, credit reports, collections information
o HR Data, including *EVERYTHING* that would possibly be needed to fradulently get a credit card in someone else's name.
o Conviction information for juveniles
o Payroll data
o Home phone numbers/addresses/so forth
o Reprimand information, documentation of verbal warnings, written warnings, etc.
o Investigation information
o Medical Records
o Diagnosis

Now, I don't know what kind of business Zentastic is in, but I know that in *MY* field, hacker-boy would potentially be breaking some FEDERAL LAWS.

Ruthless? I don't think so.

Protecting personal information, health information, banking information, and so forth? YES. ABSOLUTELY.

Think about hacker-boy working at your bank. Or hospital. Or clinic.

Personally, if it were up to me, he'd have a firing as well as a good-old-fashioned horsewhipping coming.



Just my 2¢

"When I die, I want people to say 'There was a wise man' instead of 'Finally, his mouth is shut!'" --Me
--Greg

http://parallel.tzo.com