A) the user account was used without even 1 failed attempt. B) user is in that capacity but really doesn't seem to have the aptitude to pull this off. And she is the one that reported the suspicious activity??
Yes a file was uploaded for us to run through the Federal Reserve. Would have cost us $105K if the girl hadn't pointed it out. We know there were 5 external IP addresses logging into the system with valid cred's but not our employees. We know that they are all from Comcast, AT&T, and RoadRunner. Which means they are probably botnets. ----- Original Message ----- From: Jonathan Link To: NT System Admin Issues Sent: Wednesday, August 26, 2009 11:12 AM Subject: Re: Reporting user fraud A is too specific, could've been brute force or an easily guessed password in addition to malware/keylogger. Can you determine what was accessed with any degree of certainty? What regulatory agencies is your organization governed by? I'd start with that. Interestingly, did you read this Washington Post article? http://www.washingtonpost.com/wp-dyn/content/article/2009/08/24/AR2009082402272.html?nav=hcmodule&sid=ST2009082500907 (beware the wrap) I would also review banking information if this person is at all involved with bookkeeping, AP or AR functions. On Wed, Aug 26, 2009 at 10:59 AM, David W. McSpadden <[email protected]> wrote: If someone has access to your ssl website with valid username and password you assume that either 1 of 2 things have happened: A someone has a keylogger and their computer is compromised. B someone just out and out gave the information away. Is that a correct assessment? If you have the IP from the 'hacker' that accessed your website who do you report it too??? Most likely it is a bot and nothing can be done but who do you report it too none the less??? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
