Cyber-attacks and other security incidents can often turn into real-life nightmares. With Halloween just around the corner, what better time for SolarWinds to ask its thwack community of IT professionals to share their scariest and most horrific IT security stories.
So to get you in the mood for the spooky weekend ahead, here are four frightening security stories guaranteed to make your IT manager’s skin crawl:
1. Viruses lurk in the dark
As I walked into work one morning, I overheard some of our security team talking about a virus that was spreading across the company and sending emails to all the contacts of those infected. All they could talk about was the type of virus it was and why the antivirus software hadn’t caught it. So, I asked: “We’re in the process of taking the email servers off the network and isolating the problem to stop the threat from spreading, right?”
All I got in response was the sound of crickets.
I picked up my phone and called one of my guys. Three minutes later the issue was largely contained – only 300 infected PCs out of 2,800. When I relayed all this to the security team manager, his face had a look of shear horror. Needless to say, there were some not so happy faces after his team meeting later that day.
Never let a good discussion get in the way of common sense.
2. Just try to escape
Back in 1999, I had just been hired as a contractor for the Navy to manage a host of databases, some containing highly sensitive data. Besides the normal physical security for the base, compound and building, the systems were isolated behind four additional physical access controls within the building itself. Two of these were inside the data centre proper: a perimeter cage and a soundproof enclosure. One of the systems even had its own detail of two armed Marines guarding it 24/7. I needed four different badges of varying colours to navigate the maze of gates, doors and guard stations. There were even code words.
And…they were all open to the internet on the default Oracle listener port, 1521.
3. Petrifying passwords
After starting a new government job, I asked the group manager for the privileged passwords for the SYSTEM and SYS accounts. She escorted me into her office, closed the door, picked up a Post-It notepad and wrote the passwords down with a soft felt-tipped pen so there was less of an impression left on the paper. With that top sheet, she proceeded to tear off several more to eliminate any trace of an impression left on the pad. She dramatically placed the sheets in the palm of one hand and cupped the other over them. She then announced that she could show me the passwords, but I’d have to memorise them because the sheets will need to go in the ‘burn bag’ immediately. It was as if the lingering scent of ink might give foreign agents a clue for accessing these systems.
Now, I’d just visited with the Unix admin, also a contractor, who gave me the Oracle Unix passwords. They were 20-something characters long and super-cryptic, so I prepared myself for something of equal difficulty.
She then revealed the passwords to me: MANAGER and CHANGE_ON_INSTALL
For those not familiar with Oracle, those were the default passwords for an Oracle 9i installation. CHANGE_ON_INSTALL was a reminder that the password should, around the time of, oh, I don’t know, maybe installation, get changed.
I told her that I needed to change them immediately, but she said I couldn’t. I asked why not, and her reply was, “Because the committee needs to approve it.”
I did it anyway and told her to fire me if she wanted.
4. Mistaken identity
Back in the days of Windows NT, I once discovered a particular machine was being used heavily for looking at ‘bad sites’. The username was one of our system accounts, for which the password was held only by system administrators and was never used to actually log into a server. However, it was allowed through the proxy server because it had system administrator privileges.
I did a little digging and found that it wasn’t running NT, but Windows 2000 and was attached to the domain! A little more digging revealed that the user had loaded Cain and Able and had cracked the SAM from the domain controllers. He had all 5,000 usernames and passwords for the entire network!
After turning this information over, the computer was confiscated and the young man got to go have a conversation with the higher ups. It turns out it was his girlfriend who was using the computer for surfing the ‘bad sites’ that ended up being his downfall.
If you have any spooky security stories, terrifying retail tales or bazaar business anecdotes, let us know in the comment section below.
Image source: Shutterstock