Several years ago, we had a young man working in our Network Operations Center. He had previously been employed by one of our local ISPs. Apparently he had spent months accessing the ISPs online application which provided him the ability to clear billing and adjust bandwidth for cable modem customers. He had been clearing billing statements and increasing cable modem speeds for his friends and family for months. It was kind of an embarrassing situation when they traced the access back to our company, especially since we're one of the ISPs largest business customers.
On Fri, Mar 19, 2010 at 7:53 AM, Kim Longenbaugh <[email protected]>wrote: > Based on those criteria, we would have to fire our board of directors…. > > > ------------------------------ > > *From:* John Hornbuckle [mailto:[email protected]] > *Sent:* Friday, March 19, 2010 10:42 AM > > *To:* NT System Admin Issues > *Subject:* RE: Made me chuckle > > > > The coworker gets in trouble. He either voluntarily gave out his password, > or left it written down somewhere that the guy who left could find, or > picked one that was easy to guess. > > > > > > > > John > > > > *From:* Wilhelm, Scott [mailto:[email protected]] > *Sent:* Friday, March 19, 2010 11:41 AM > *To:* NT System Admin Issues > *Subject:* RE: Made me chuckle > > > > In that case, would it be reasonable to reset everyone’s passwords whenever > someone leaves the company to prevent something like this from happening, or > does the coworker get in trouble as well? > > > > Would definitely be a sticky issue. > > > > *From:* John Hornbuckle [mailto:[email protected]] > *Sent:* Friday, March 19, 2010 11:34 AM > *To:* NT System Admin Issues > *Subject:* RE: Made me chuckle > > > > Yeah, we’ve been discussing this one in an IT security class I’m taking in > grad school. Lots of things went wrong here. Apparently the fired guy had a > former coworker’s password. > > > > And in addition to screwing with the cars, he did other things like placing > thousands of dollars in orders under the company’s name. > > > > > > > > John Hornbuckle > > MIS Department > > Taylor County School District > > www.taylor.k12.fl.us > > > > > > > > *From:* Mike French [mailto:[email protected]] > *Sent:* Friday, March 19, 2010 11:34 AM > *To:* NT System Admin Issues > *Subject:* OT: Made me chuckle > > > > 46. March 17, Wired – (Texas) Hacker disables more than 100 cars remotely. > More than 100 drivers in Austin, Texas found their cars disabled or the > horns honking out of control, after an intruder ran amok in a web-based > vehicle-immobilization system normally used to get the attention of > consumers delinquent in their auto payments. Police with Austin’s High Tech > Crime Unit on March 17 arrested a 20-year-old who was a former Texas Auto > Center employee who was laid off last month, and allegedly sought revenge by > bricking the cars sold from the dealership’s four Austin-area lots. The > dealership used a system called Webtech Plus as an alternative to > repossessing vehicles that haven’t been paid for. Operated by > Cleveland-based Pay Technologies, the system lets car dealers install a > small black box under vehicle dashboards that responds to commands issued > through a central website, and relayed over a wireless pager network. The > dealer can disable a car’s ignition system, or trigger the horn to begin > honking, as a reminder that a payment is due. The system will not stop a > running vehicle. Texas Auto Center began fielding complaints from baffled > customers the last week in February, many of whom wound up missing work, > calling tow trucks or disconnecting their batteries to stop the honking. The > troubles stopped five days later, when Texas Auto Center reset the Webtech > Plus passwords for all its employee accounts, says the manager of Texas Auto > Center. Then police obtained access logs from Pay Technologies, and traced > the saboteur’s IP address to the suspect’s AT&T internet service, according > to a police affidavit filed in the case. Source: > http://www.wired.com/threatlevel/2010/03/hacker-brickscars/? > utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+wired/index > +(Wired:+Index+3+(Top+Stories+2)) > > > > > > *Mike French > **Network Engineer > **~**EQUITY BANK <http://www.theequitybank.com/>* > Office: 214.231.4565 > [email protected] > > *"Evidently excellence in security by some ** > security-centric vendors is defined as being the head of the class in a > room filled with children without a propensity to learn." - Anonymous* > > > > > > > > > > > > > > > > NOTICE: Florida has a broad public records law. Most written communications > to or from this entity are public records that will be disclosed to the > public and the media upon request. E-mail communications may be subject to > public disclosure. > > > > > > > > > > > > > > NOTICE: Florida has a broad public records law. Most written communications > to or from this entity are public records that will be disclosed to the > public and the media upon request. E-mail communications may be subject to > public disclosure. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
