Four months later.
Users had been complaining for a few weeks that the Internet access had been very slow. Kyle Donovan, the sysadmin at Regal-Pens, had informed everyone that they shouldn’t listen to Internet radio during work hours. This didn’t solve the problem, but when someone in management complained, there was talk about upgrading the Internet connection so Kyle didn’t think much about the complaints.
Their Terminal Server had also been slowing down of late and Kyle felt that a working Terminal Server was more important than having a fast Internet connection. He had been troubleshooting the server without finding anything.
Kyle had spoken with a geek friend of his, and agreed with his advice:
“You have to reinstall Windows every once in a while, it gets all clogged up in the registry and stuff. I bet not even Microsoft knows what’s going on in there.”
It shouldn’t be a hardware issue, Kyle thought. Not that many people used the Terminal Server, the whole thing seemed very strange. When Kyle was defragmenting the C: drive for the fifth time he saw something odd; the C: drive had used up 31 Gb of space. Strange, Kyle laughed when he saw that the C:\Windows directory consumed 22 Gb, talk about getting clogged up.
Kyle was sure he would share a laugh with his friend over this. He began by deleting all the blue $NTUninstall$ directories but it didn’t help, so the investigation continued. Finally he found a directory named:
The name didn’t mean much to Kyle but its size was 18 Gb; at first Kyle was very puzzled. The directory held a great amount of pictures and asp files, and as he opened the first one his curiosity was replaced by an uneasy feeling in his stomach. Kyle felt the color withdrawing from his face, after seeing some more he got the taste of warm saliva in his mouth.
He didn’t make it all the way to the toilet but caught some of the puke in his hand, some of it he might have swallowed again but it didn’t stay down there for a long time anyway.
While washing his hands he realized that the pictures were still open on his screen for all to see. Panic seized him and on shaky legs he rushed back to the computer.
Kyle closed all the pictures and deleted the entire faxclient directory, his whole body was shaking. The thought that he might have been to rash crossed his mind, but it’s too late now. A long time after the incident Kyle was still worried that someone would come asking questions about the pictures that had been served on that server. He didn’t want to be accused of destroying evidence, or worse, but no one came.
After getting some coffee and calming down a small bit, Kyle hunted down his installation media for Windows and reinstalled the server. He had problems focusing and the reinstallation took the better part of the night.
During the coming week users thanked Kyle and said that what he’d done had fixed the Internet problem.
Kyle told management that the server had been hacked, but he didn’t mention the rest. Management asked how this could happen and the result was that they purchased a new firewall, which didn’t really solve anything.
The view on IT security that Kyle and his company had was a common one; we have no secrets, who would want to hack us?
Please note this is a purely fictional story, any names found here are made up. I’ve written this because I like writing, if someone reads it and enjoy it: great. If they get more conscious about security, that’s a bonus. If you have feedback or comments on the story please share them.
Links of Interest:
Computer Security Awareness videos
Security Awareness for Ma, Pa and the Corporate Clueless
[tags]security, stories, fiction, security awareness[/tags]
Nice stories. They help me cope when securitymonkey gets behind on posts 🙂 I really enjoy reading stories about security, and stories from both colors of hats have turned out to be both interesting and educational 🙂
Has Chief seen these? If not, you should definitely show him.
Great stories, and definitely now on my to-read list 🙂
Patrick Ogenstad says
It’s great that you like the site! I don’t know if Chief has seen my stories. I told him about them, but I would imagine that he gets quite a few emails. 🙂
I’ve started to write a new story with midfr0st so you should be able to read the first part in a few days.