Is it any coincidence that October, perhaps the spookiest month of the year, is also Cybersecurity Awareness Month? After all, cyberattacks and other security incidents can often turn into real-life nightmares. And so, in honor of this special month and the holiday it hosts, we asked our thwack community of IT professionals to share their creepiest IT security stories. This feature represents just a few of their eerie tales.
Don't be a victim like the lost souls in our stories. To protect your data center from the evil lurking around every corner, start by following these simple best practices:
- Establish and document security policies/rules.
- Restrict administrator rights on all systems if possible.
- Educate end users on phishing and social engineering scams.
- Have a set password expiration/rotation policy in place.
- Have an incident response plan in place.
- Have an arsenal of tools at your fingertips to help prevent and monitor in real-time for successful attacks, and if a breach does occur, to identify what was infected and the scope of systems affected.
- Regroup after an incident to ensure appropriate actions have been taken to mitigate risk in the future.
Creepy, crawly virus
As I walked into work one morning, I overheard some members of our security team talking about a virus that was spreading across the company and sending emails to all the contacts of those infected. They were in a heated discussion about the type of virus it was and why the antivirus software hadnt caught it.
I asked, Were in the process of taking the email servers off the network and isolating the problem to stop the threat from spreading, right? All I got in response was the sound of crickets.
I picked up my phone and called one of my guys. Three minutes later the issue was largely contained -- only 300 PCs out of 2,800 were infected. When I related the story to the security team manager, his face had a look of sheer horror. Needless to say, there were some not-so-happy faces after his team meeting later that day.
Never let a good discussion get in the way of common sense.
Lock the door!
Back in 1999, I had just been hired as a contractor for the Navy to manage a host of databases, some containing highly sensitive data. Besides the normal physical security for the base, compound and building, the systems were isolated behind four additional physical access controls within the building itself. Two of these were inside the data center proper: a perimeter cage and a soundproof enclosure. One of the systems even had its own detail of two armed Marines guarding it 24/7. I needed four different badges of varying colors to navigate the maze of gates, doors and guard stations. There were even code words.
Andthey were all open to the Internet on the default Oracle listener port, 1521.
(Image: Jason Doly/iStockphoto)
After starting a new government job, I asked the group manager for the privileged passwords for the SYSTEM and SYS accounts. She escorted me into her office, closed the door, picked up a Post-It notepad and wrote the passwords down with a soft felt-tipped pen so there was less of an impression left on the paper. Along with the top sheet, she proceeded to tear off several more to eliminate any trace of an impression left on the pad. She dramatically placed the notes in the palm of one hand and cupped the other over them. She then announced that she could show me the passwords, but I'd have to memorize them because the paper will need to go in the burn bag immediately. It was as if the lingering scent of ink might give foreign agents a clue for accessing these systems.
Now, Id just visited with the Unix admin, also a contractor, who gave me the Oracle Unix passwords. They were 20-something characters long and super-cryptic, so I prepared myself for something of equal difficulty.
She then revealed the passwords to me: MANAGER and CHANGE_ON_INSTALL.
For those not familiar with Oracle, those were the default passwords for an Oracle 9i installation. CHANGE_ON_INSTALL was a reminder that the password should, around the time of -- oh, I dont know, maybe installation -- get changed.
I told her that I needed to change them immediately, but she said I couldnt. When I asked why not, her reply was, Because the committee needs to approve it. I did it anyway and told her to fire me if she wanted to.
When ghoul-friends attack
Back in the days of Windows NT, I once discovered a particular machine was being used heavily for looking at bad sites. The username was one of our system accounts, for which the password was held only by system administrators and was never used to actually log into a server. However, it was allowed through the proxy server because it had system administrator privileges. I did a little digging and found that it wasn't running NT, but Windows 2000, and was attached to the domain.
A little more investigation revealed that the user had loaded Cain and Able and had cracked the SAM from the domain controllers. He had all 5,000 usernames and passwords for the entire network! After turning this information over, the computer was confiscated and the young man got to go have a conversation with the higher-ups. It turns out that his girlfriend was actually using the computer to surf the bad sites. That ended up being his downfall.
A week after September 11, 2001, my company got hit with the Nimda virus. It didnt take long to resolve it, but we still had manual cleanup to do. I got assigned to drive out and clean the systems that were affected at the airport where our company maintained a hanger for a few private jets. Because of 9/11, the airport was shut down. It was a complete ghost town. Very, very eerie!
IT Security Horror Stories
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.