Jails without bars – hacker attack

Welcome back.
Today I want to tell a story that happened about ten years ago, of course, the names of the people involved are not real. This story is emblematic because it represents a snapshot of life that is frequent in the technological paradise of Hi-tech companies in the new millennium.
Mark was a young IT specialist hired a few months ago by Tecnosol as a network security officer. For years he had been trying to find work in a super-technological company where he could exercise his passion, his expertise, and his innate ability to handle complex situations.
Designing innovative networks and services, collaborating with super-expert colleagues, developing advanced applications, and maybe, who knows, reaching a managerial role…what dreams!
Dreams that were shattered against the wall of distrust and indifference: his superiors, responsible for the IT department, underestimated him, giving little importance to his proposals to improve the company’s server security, no matter how original they could be.
The disillusionment of the first months of work was followed by depression and boredom. The routines and tasks assigned to him were part of a gray daily life punctuated by relationships with sad people, devoid of any passion for the work they were doing, tied only to money and success in society.
The same technology, the computers he had to configure, maintain, and update, not to mention the backup services, the logs to evaluate, the accounts to create, everything was becoming damn boring and monotonous.
At that time he met and collaborated for a brief period with Michelle, a young computer science student, and an intern at Tecnosol.
Precise and determined, she did not care about working hours and promptly completed the tasks assigned to her.
She was supposed to graduate within the year, nevertheless, she devoted herself passionately to Tecnosol’s security, obviously hoping for an opportunity to be hired, which did not happen: both the company’s ownership and the IT department managers made it clear to her that she had no future in that company, so she would not be hired after the end of her internship.
Michelle and Mark had the opportunity to get to know each other outside of work only during the intervals in the company canteen. Those moments were perhaps the only ones spent in serenity, during which they exchanged technical information on open-source software and the various Linux kernels that they both knew very well and loved.
Since Michelle knew that she would soon be leaving, she exchanged her phone number and personal email with Mark.
After the end of her internship, saying goodbye to her colleagues, Tecnosol’s gates closed definitively behind Michelle, who sadly returned home with a heart full of resentment…for some weeks she had already decided to take revenge.
Michelle had maintained access to Tecnosol’s network through an administrative account assigned to her by Mark during her internship, an account from which she had activated a tunnel on a remote connection that she controlled. She had planned to use this access to penetrate the company’s network.

Hacker attack

After a month of preparation, Michelle finally attacked Tecnosol’s network with a team of other university hacker classmates and managed to violate the firewall through the tunnel.
Michelle and her team of hackers resorted to a series of software and techniques to gain access to many services of Tecnosol’s network. In particular, they used vulnerability scanning software to identify the weak points of the various servers, not to mention social engineering techniques used to persuade some employees that Michelle knew to provide information on account holders.
Once they managed to access the network, they installed a series of processes to maintain access and exfiltrate data, including network traffic sniffing software and password-cracking tools.
Michelle didn’t know that, in his free time, Mark had installed some open-source software traps, virtual machines called honey pots, created to confuse intruders and waste their time. These machines were unknown to anyone and not authorized by their owners, to defend Tecnosol’s servers.

He had prepared, by compiling and improving it himself, an intrusion detection software to detect attacks and had started to carefully monitor the network to identify unauthorized accesses.

He had set up a series of tools to block hacker access to the network, including advanced open-source firewalling software, better than the one installed by the company’s providers, and additional network isolation techniques using additional virtual networks.

Thanks to these tools, he almost immediately realized that something unusual was happening.

That’s how he was able to intercept and limit the damage caused by the attack, preventing the hackers from stealing data and real technological information related to the software developed at Tecnosol.

Meanwhile, Michelle had realized that things were not going well, that the data obtained was junk, old account data, completely useless, and that the real problem was probably Mark… She remembered the discussions in the cafeteria: he was the only competent systems administrator, capable of obstructing her.

It was then that she called him the same evening of the attack, trying to convince him to cooperate with her and help her take control of Tecnosol’s servers.

“There is no way I’m going to help you do that,” said Mark firmly. “I’m sorry you’re involved in this, but I’m here to protect the company’s data, not to help hackers steal it.”

“Mark, please, you know the company is not giving you the respect and consideration you deserve,” Michelle replied. “Don’t you realize that you’re the only one who can do something to change the situation? If you help me, we can prove to everyone that you’re an expert and that you deserve the respect of your superiors.”

Mark sighed, but his answer was decisive: “I don’t think I would get the respect of my superiors by helping you. I’m sorry, Michelle, but I can’t. I’ve been following you for a month, I’m here to do my job, not to commit illegal actions. You don’t have the right to violate Tecnosol’s privacy.”

Michelle snorted. “As you wish, Mark. But know that you’re an idiot to stay on the side of the stupid entrepreneurs who hired you. If you change your mind, you know how to contact me.”

After uttering these words, Michelle hung up the phone. Mark felt dazed and confused. He had recorded the call, and now he had all the evidence and knew who to report. He understood but couldn’t justify Michelle’s reasons, although in some ways he regretted getting her in trouble. In part, Michelle was right: Mark would never have earned the respect and consideration he deserved from his superiors.

Thanks to the tracking information and phone recordings provided by Mark, the police managed to trace the identity of Michelle and all her collaborators.

Later, Tecnosol decided to review its computer security policies and invest more in the training of its employees. All firewalls were replaced with new, much more expensive, and advanced products, as well as faster and more effective backup systems.

Mark was reprimanded for installing uncertified open-source software, for not removing Michelle’s account, and for letting so much time pass without notifying security personnel.

All his fictitious virtual machines that had effectively fooled the hackers, as well as the virtual networks he had created and the programs developed ad hoc by Mark, were removed.

Mark risked dismissal and returned sadly to his job of managing accounts, checking the new firewalls, and analyzing Tecnosol’s servers logs.

Unfortunately, It’s not a happy ending story, even today in many companies this is a reality: companies where human resources are wasted for pure profit, without any professional growth, and where the quality of life of employees is not taken into account.

Regards from the dark web.

ANOM

Author: Anom

Share This Post On

Submit a Comment