Part 2 of the Real-Life IT Horror Stories Series
By Phill Shade
Editor’s note: In celebration of Halloween, we’ve asked a few of our instructors to share some of the horror stories from their own consulting careers. This four-part series includes tales of espionage, employee sabotage and website theft. Read on if you dare.
About three years ago while in a galaxy, unfortunately all too nearby, I was working as a consultant for a small design company when I came across the nightmare of all nightmares: industrial espionage.
I was contacted by another consultant who had been analyzing the client’s network to optimize performance. While the first engineer was able to address several routine network issues, he had requested assistance in analyzing a possible data breach.
The Problem: Design Theft
Arriving on-site, the initial brief revealed that the company designed the distinctive cases used by major vendors to house their products. The issue was that their designs were showing up in illegal markets, sometimes before they were even in production.
Several days’ worth of investigation using Wireshark, GeoIP and graphical traceroute utilities showed an internal connection originating in the company’s design servers and reaching to St. Petersburg, Russia.
Capturing the Culprit
To confirm this observation, we created several fake designs and uploaded them to the server in question. We then attached Wireshark to a hub and connected the server back to the network switch. A capture filter was set inside Wireshark and set to the IP address of the server.
Within a matter of only a few hours, using Wireshark, we were able to observe a stealth connection originating in St. Petersburg and connecting into an open port on the design server. What followed wasn’t that much of a surprise as we watched the very designs we had loaded into the server copied and transferred back to Russia. We had our villain!
We saved all of our evidence, created a quick report and prepared our presentation before leaving for the day. The next day dawned and we met with our client contact to reveal our evidence and supporting documentation.
Initially, the presentation appeared to go well as we laid out our evidence, explained our methodology and concluded with a series of logical recommendations such as securing the network with a series of firewalls, implementing logging of transactions and basic data encryption.
It All Starts to Go Wrong
What ensued still lingers in my mind to this day for its colossal arrogance and blind adherence to a single view of things with all evidence to the contrary. Rather than accepting our findings and thanking us, the client instead stated:
“That can’t be true; you’re reading it wrong!”
To say I was surprised at this response was the understatement of the week. When I gathered my thoughts and asked why, the next shock ensued:
“Our network can’t possibly be compromised since we only use Mac computers and they are safe from hacking!” the client uttered with blind belief in modern advertising.
When we dared to ask what sort of security software or hardware they used to protect the network and infrastructure, we received nearly the same answer.
So hoping for the best, we presented our presentation to the department head, then the CTO and finally the CEO. Each piece of evidence, the Wireshark capture files, the GeoIP information and the traceroute results as well as the IANA address resolution was covered; only to be met with the same statement that there had to be a mistake and there was no need to follow any of the recommendations as this would make operating the network to difficult.
The Client Isn’t Always Right
Completely at a loss for words all we could do was present the invoice for services rendered and make our somewhat chagrined departure. Keeping a watch on the company revealed they were out of business in another year or so. I learned that sometimes all you can do is capture the culprit, present the evidence and hope for the best.
Do you have any stories of your own? If so, please share below or on Twitter and make sure you use #ITHorrorStories.
Related Post
When Your Website Goes Dark: Tales of DNS Malfunctions