This conglomerate is structured as several smaller companies, with a big central IT organization plus individual IT groups in some of the companies, reports an IT pilot fish there.
“An IT staffer from one of the companies loaded a password cracker and proceeded to crack the Windows NT servers,” fish says. “He sent out emails bragging about how insecure NT was and giving the NT team a hard time.”
Fish isn’t on the NT team, but he and his security co-workers decide to strike back on behalf of their colleagues — and they do it through the central IT audit group, to make sure it’s all above board.
First, they supply the audit people with a list of more than 100 Unix servers, and get them to pick a server at random. Amazingly, the audit group picks the only server on the list that belongs to the company where the NT attack originated.
Fish and his cohorts proceed to crack the server wide open in front of the auditor.
“We then looked surprised when we realized whose server it was,” says fish. “They were warned for unauthorized hacking and they had to tighten their own security as well.
“We also did a quick review on our servers and tightened things, but by doing this, it took the pressure off us.
“To this day, the audit people know we set them up with the ‘random’ choice of servers, but they haven’t worked out how we did it. And we’re not telling — just in case we need them to select something randomly again.”
Pick a true tale of IT life from your own experience and send it to me at firstname.lastname@example.org. You can also subscribe to the Daily Shark Newsletter and read some great old tales in the Sharkives.