Details, details

Credit to Author: Sharky| Date: Wed, 09 Jan 2019 03:00:00 -0800

It’s a few years after Y2K when the IT security team at this university gets a rude awakening, reports a pilot fish in the know.

“They discovered that persons unknown had hacked into a university server,” fish says. “It was being used to launch denial-of-service attacks against a victim somewhere outside the university.”

The team’s first job is finding the server — which turns out to be in the alumni office — and taking it offline.

Then they start digging into the security logs. That’s when they find out that the attackers have been making use of the server for more than a year.

And once they start checking on the IP addresses of whoever it is that has accessed the server, they discover it’s not just one or two hackers. It seems people from all over the world have been using this server to launch attacks.

And that’s when the team realizes that the server still has databases full of personal information on alumni and other university donors — including almost 150,000 Social Security numbers.

So why didn’t anyone notice that any of this was going on, or even bother to check the logs now and then in the year since it was taken over?

“Because the server was officially decommissioned months before it was breached,” sighs fish. “Turns out nobody remembered to actually turn it off and unplug it from the network.”

While you’re trying to remember what you forgot to do, think of Sharky and send me your true tale of IT life at sharky@computerworld.com. You can also comment on today’s tale at Sharky’s Google+ community, and read thousands of great old tales in the Sharkives.

Get Sharky’s outtakes from the IT Theater of the Absurd delivered directly to your Inbox. Subscribe now to the Daily Shark Newsletter.

http://www.computerworld.com/category/security/index.rss