Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Insider IT Hacker 12

Status
Not open for further replies.

zentastic

IS-IT--Management
Nov 12, 2005
10
US
I have had some concerns that a young IT employee of mine was gaining access to our servers. We had changed the admin accounts several times over the past few years to see if he can get in.

We had come across a few weird incidences where we think he gotten in but could never really prove it. All those suspicions came to light just recently. He had gone in and deleted a user account along with all her exchange mailboxes. The reason for us finding this is because I tried to email her and it bounced back. I looked on my server and the account was completely gone. I asked my network admin and she stated that she never touched the account. That left the junior IT person (who btw doesn't have any admin rights).

We had warned him before that if he would like to gain access he must ask permission from either myself or my network gal. He is studying right now to get into the IT field.

So I confronted him about it and he said he used a password cracking tool to get in. I had no choice but to write him up for his actions. He feels that he did it to help out. Am I wrong to feel this is a bad offense? How illegal is password cracking to gain access to a secure server without permission? Now I am not trusting of him, I'm sure his co-workers won't be also. I'm not sure if he planted backdoor ways into my server, if he has access to my personal accounts, has access to our human resources files, etc. How can I stop this from happening again? What password cracking tools are out there that he could have used?
 
Foamy - That just sums it all up for me.

All the time they pay my mortage, I dance to the tune they want to play..

Fee

The question should be [red]Is it worth trying to do?[/red] not [blue] Can it be done?[/blue]
 
And that sums up what I said earlier in this thread (I believe). Nobody *EVER* takes firing someone easily.

I, like most americans, am about 2 paychecks away from being homeless. Sad, but true.

When you terminate someone's employment, you're essentially telling them that they're in danger of losing their home, family, children, car, whatever. And especially if that termination is over something illegal or unethical; which will make it harder for that person to find a job again.

Those decisions *NEVER* come easily.

BUT, by the same token, the employee who's about to make a CLM (Career Limiting Move) should be considering what they're putting on the line before making a bad decision.

I have had employees in the past make honest mistakes. The *GOAL* of any reprimand in the workplace should be to have a better employee; not to be the heavy, or "make an example".

But when someone makes a conscious decision to do something that they have been *WARNED ABOUT ALREADY*, that is not a mistake; that is an act of malice. At that point you are making a few decisions. You're deciding to ignore a warning, and you're deciding to roll the dice with your job, house, etc.

Sorry, but in my book, those stakes are *WAY* too high.

Besides, I couldn't do it with a clear conscience.

I have had to "override" administrator passwords in the past, when a previous administrator left, and the owner asked me to get into the system after a disgruntled admin refused to give up the password. That is the purpose for the hacking tools. And the owner of the company would be standing there next to me as I did it. Period.



Just my 2¢

"What the captain doesn't realize is that we've secretly exchanged his dilithium crystals for new Folger's Crystals." -- My Sister
--Greg
 
I think the amusing point is that he was awarded a star, for what I can only assume were threads composed simply to bait people :)

Grenage, I will be awarding you a star for stating the obvious :)

Teash - I would be giving you a star, for making my initial defense of the infamous 'hacker boy' look more reasonable
Code:
[white](I still think it is, as I have yet to read explicit clarification that he was not asked to do it by someone higher than zentastic in the chain of command)[/white]
. But someone beat me to it. Maybe next time.

I also find it amusing that the original poster (presumably the only one who actually cares about this situation) is long gone. Smart guy ;-)

Ignorance of certain subjects is a great part of wisdom
 
<somewhat funny speculation>
And whoever that HackerBoy is, he must have been reading all you guys' posts. He could have been this same zentastic fellow who had asked this forum's opinion on the matter. He could have been wrecking havoc on their company network realizing he would be fired eventually and lose his future...and he won't accept any personal loss...

HackerBoy: "You fools, I'll make sure all of you go down with me..."
</somewhat funny speculation>
 
One can imagine him on top of a gas tank...

<Jimmy Cagney in "White Heat" mode on>

Top of the world ma, top of the world...

You'll never take me alive, coppers...

Booooooom!

<Jimmy Cagney mode off>

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top