June 11, 2015 at 9:22 am
Eric M Russell (6/11/2015)
Somehow I feel we're missing a lot of the back story; does this level of anarchy really happen in the IT departments of corporate or government world? I'm guessing it's a startup.They need a dedicated sysadmin for both the server box and the database. Even if it's only one person; that's better than allowing everybody admin access. This really should be a watershed moment for the organization, and the next move for this guy should really hinge around how management chooses to respond. Personally, at this point I'd document everything I found, hand my findings over to management, and then walk away from this train wreck before it explodes.
Eric, could be time for a new position for you? If you're interested, also give management some recommendations for how they can prevent this from happening again. 😎
For best practices on asking questions, please read the following article: Forum Etiquette: How to post data/code on a forum to get the best help[/url]
June 11, 2015 at 9:24 am
ericpap (6/11/2015)
Ok guys. So this is the end of the road for this history.I manage to crack the password from ZIP files I found on user profile recycled bin. Inside them I found not only copies of all my software SQL databases, but also copies of master and model, and an entire copy of Program files included my software folder.
There is no doubt know in my mind that this was a concient attack not only to my software files (I supposse for reverse enginery purpose), but also to the company stolen data, with the intention of doing harm. And also found proof that the user try to delete his action footprints.
Today I will talk to the owners and make sure they are aware of all the security issues found. That's all I can do rigth now, and this security issues are not my responsability. Unfortunally I was involved in this problem indirectly by somebody else bad work.
Also will consult legal department for futher actions.
I whant to thank again everybody for your help and the effort in trying to help me find where the real problem was.
Eric
Great job of detective work on your part, as well. Don't forget to check on the licensing thing I mentioned.
As a bit of a sidebar, I wonder if you've simply stumbled on someone's attempt to ensure that there are immutable backups available because someone doesn't trust things or doesn't actually know how to setup backups.
--Jeff Moden
Change is inevitable... Change for the better is not.
June 11, 2015 at 9:39 am
Jeff Moden (6/11/2015)
ericpap (6/11/2015)
Ok guys. So this is the end of the road for this history.I manage to crack the password from ZIP files I found on user profile recycled bin. Inside them I found not only copies of all my software SQL databases, but also copies of master and model, and an entire copy of Program files included my software folder.
There is no doubt know in my mind that this was a concient attack not only to my software files (I supposse for reverse enginery purpose), but also to the company stolen data, with the intention of doing harm. And also found proof that the user try to delete his action footprints.
Today I will talk to the owners and make sure they are aware of all the security issues found. That's all I can do rigth now, and this security issues are not my responsability. Unfortunally I was involved in this problem indirectly by somebody else bad work.
Also will consult legal department for futher actions.
I whant to thank again everybody for your help and the effort in trying to help me find where the real problem was.
Eric
Great job of detective work on your part, as well. Don't forget to check on the licensing thing I mentioned.
As a bit of a sidebar, I wonder if you've simply stumbled on someone's attempt to ensure that there are immutable backups available because someone doesn't trust things or doesn't actually know how to setup backups.
Thank you. About if is only a backup fanatic, I also consider that option. The problema is that in the process of backup it also destroy important data. And someone that knows that it needs to stop a service to perform backup of databases must know what he is doing. I Can't think how can he accidently restore an old backup.
June 11, 2015 at 9:40 am
Alvin Ramard (6/11/2015)
Eric M Russell (6/11/2015)
Somehow I feel we're missing a lot of the back story; does this level of anarchy really happen in the IT departments of corporate or government world? I'm guessing it's a startup.They need a dedicated sysadmin for both the server box and the database. Even if it's only one person; that's better than allowing everybody admin access. This really should be a watershed moment for the organization, and the next move for this guy should really hinge around how management chooses to respond. Personally, at this point I'd document everything I found, hand my findings over to management, and then walk away from this train wreck before it explodes.
Eric, could be time for a new position for you? If you're interested, also give management some recommendations for how they can prevent this from happening again. 😎
Thank you for the advice, but as someone already mention, i don't really know if i want to be a part of this train...
June 11, 2015 at 9:43 am
ericpap (6/11/2015)
Alvin Ramard (6/11/2015)
Eric M Russell (6/11/2015)
Somehow I feel we're missing a lot of the back story; does this level of anarchy really happen in the IT departments of corporate or government world? I'm guessing it's a startup.They need a dedicated sysadmin for both the server box and the database. Even if it's only one person; that's better than allowing everybody admin access. This really should be a watershed moment for the organization, and the next move for this guy should really hinge around how management chooses to respond. Personally, at this point I'd document everything I found, hand my findings over to management, and then walk away from this train wreck before it explodes.
Eric, could be time for a new position for you? If you're interested, also give management some recommendations for how they can prevent this from happening again. 😎
Thank you for the advice, but as someone already mention, i don't really know if i want to be a part of this train...
You're welcome. I can understand how this might not be the preferred train.
For best practices on asking questions, please read the following article: Forum Etiquette: How to post data/code on a forum to get the best help[/url]
June 11, 2015 at 9:46 am
Jeff Moden (6/11/2015)
ericpap (6/11/2015)
Ok guys. So this is the end of the road for this history.I manage to crack the password from ZIP files I found on user profile recycled bin. Inside them I found not only copies of all my software SQL databases, but also copies of master and model, and an entire copy of Program files included my software folder.
There is no doubt know in my mind that this was a concient attack not only to my software files (I supposse for reverse enginery purpose), but also to the company stolen data, with the intention of doing harm. And also found proof that the user try to delete his action footprints.
Today I will talk to the owners and make sure they are aware of all the security issues found. That's all I can do rigth now, and this security issues are not my responsability. Unfortunally I was involved in this problem indirectly by somebody else bad work.
Also will consult legal department for futher actions.
I whant to thank again everybody for your help and the effort in trying to help me find where the real problem was.
Eric
Great job of detective work on your part, as well. Don't forget to check on the licensing thing I mentioned.
As a bit of a sidebar, I wonder if you've simply stumbled on someone's attempt to ensure that there are immutable backups available because someone doesn't trust things or doesn't actually know how to setup backups.
Heh... to be sure, I didn't say the person was smart or good. He's not even a good hacker (if that's what it turns out to be) because he left such a trail of breadcrumbs.
--Jeff Moden
Change is inevitable... Change for the better is not.
June 11, 2015 at 9:48 am
Eric M Russell (6/11/2015)
Somehow I feel we're missing a lot of the back story; does this level of anarchy really happen in the IT departments of corporate or government world? I'm guessing it's a startup.They need a dedicated sysadmin for both the server box and the database. Even if it's only one person; that's better than allowing everybody admin access. This really should be a watershed moment for the organization, and the next move for this guy should really hinge around how management chooses to respond. Personally, at this point I'd document everything I found, hand my findings over to management, and then walk away from this train wreck before it explodes.
Thank you for your comment. Well i have to tell you that, at least in my contry small firms (some even family firms) does have this kind of nigthmare, and believe me, much much worse one.
Recently, I work in software developement for one very big Galvanized firm, that sell literal millons by month. And all the organization information was in a lot of Excel files that everyone edit, send by mail. Can you believe that? I can't stop thinking "how do they survive till today!"
Thansk
June 11, 2015 at 10:01 am
ericpap (6/11/2015)
Eric M Russell (6/11/2015)
Somehow I feel we're missing a lot of the back story; does this level of anarchy really happen in the IT departments of corporate or government world? I'm guessing it's a startup.They need a dedicated sysadmin for both the server box and the database. Even if it's only one person; that's better than allowing everybody admin access. This really should be a watershed moment for the organization, and the next move for this guy should really hinge around how management chooses to respond. Personally, at this point I'd document everything I found, hand my findings over to management, and then walk away from this train wreck before it explodes.
Thank you for your comment. Well i have to tell you that, at least in my contry small firms (some even family firms) does have this kind of nigthmare, and believe me, much much worse one.
Recently, I work in software developement for one very big Galvanized firm, that sell literal millons by month. And all the organization information was in a lot of Excel files that everyone edit, send by mail. Can you believe that? I can't stop thinking "how do they survive till today!"
Thansk
If they exchange their Excel sheets via email, then that might be their only saving grace, at least they have an extensive (if rudamentary) version control and backup process in place when needed. However, the reconcilliation and restore process would be a nightmare. 🙂
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
Viewing 8 posts - 61 through 67 (of 67 total)
You must be logged in to reply to this topic. Login to reply