Hours later when n3m0 left the server room, he felt like a plague bearer. Almost everything in the server room had been infested; the sysadmins would still believe they were in control. They needed to be secure in that belief for the time being. n3m0 didn’t want anything to happen while he still worked there. After leaving his employment, n3m0 would be glad to enlighten the network guys and show they who was in control.
He had copied several gigabytes of corporate information, along with the customer database, to Peter’s desktop. Now all he had to do was to transfer it to his external USB drive. It was far too late, or early, to go home. Even if he had the time he would have to use his access card to leave the building and that kind of log entry was unacceptable. Fortunately n3m0 had brought extra clothes in his rucksack, so he changed into “tomorrow’s” clothes. Can’t do much about the smell though, n3m0 thought as he unplugged the USB drive and shut down the computer. Again he headed for the storage room and settled in to sleep.
An hour and forty minutes later he woke up as he heard people talking outside the room. He gathered his things, when the conversation died out he headed for a toilet. His mirror reflection told him he had made a good call going there first, his hair was pointing everywhere. I could star in a zombie movie!
He tried to fix his hair as best he could and headed for his workstation. n3m0 spent the day trying not to fall asleep, he would hand Jennifer his resignation tomorrow. Not having a clue what Exibice offered in terms of employee exit policy he didn’t want to risk being escorted out by security guards, at least not when he had the USB drive in his rucksack.
The second reason he wanted to stay was that he wanted to see if anyone had noticed his nocturnal activities. During lunch n3m0 saw several of the network staff who were smiling and chatting away. They don’t have a clue.
n3m0 crashed in his bed when he came home and slept until morning. He woke up starving, he didn’t have any kind of food at home. As he was going to quit his job today he didn’t feel a pressing need to show up in time. He stopped by McDonalds on the way.
“Good luck in the future, clear your desk and leave.” n3m0 hadn’t expected tears from Jenifer, but perhaps more than ten words.
[tags]security, security fiction, fiction, insider threat, disgruntled employee, physical security[/tags]
LonerVamp says
As I read this, the question comes up, “What if this employee worked where you do, would you detect this or notice it? Who would do it, just any employee that normally wouldn’t have special privilege?” Kinda puts security into perspective, as many stories like this do (hopefully).
Patrick Ogenstad says
Excellent, making people think is one of my objectives 🙂
If we start with the first question, this would depend on a few circumstances. First though, if it comes to this stage it’s Game Over, we don’t have a network anymore and have to start from scratch.
When it comes to this specific case in order to answer your question I would have to know what n3m0 did during the hours he spent in the server room. What n3m0 did was really a sledgehammer approach; it left all kind of footprints in different logs. If a server had crashed randomly twice during the night I would have investigated it, since I’ve created the fictional character n3m0 I can say that yes I would have noticed that something was seriously wrong.
If there had been a more skilled attacker it would depend on which of my customers’ networks had been targeted. With central monitoring and log servers this would sound all kinds of alarms. With the logs kept on the computer I would just be guessing, I might not even know if the server had been restarted.
As soon as the server has been compromised we can’t trust it anymore, it will lie to us (and keep a straight face too). My trusty old PowerEdge would lie to its mother if an attacker told it to.
As for the second question, hopefully no one would be so cruel to “my” network(s) 🙂 It comes down to the trust you put to the employees and then their motivation to do so. Skill only enters into it if the attacker is working alone. n3m0 or someone else could have pulled this off without any kind of knowledge about computers, he would just need a cell phone and a friend.
What are your thoughts?