Minutes later, one of the security techs met me at Lynn’s cube with a box that we quickly filled with the contents of her desk: files, CDs, DVDs, notedpads, books, etc. The other help desk analysts in adjacent cubes looked at us with silent questions on their faces.
I noticed that one of them was a new employee that had attended my security presentation in employee orientation last week, so he knew who I was. That meant rumors would spread quickly. While I never enjoyed walkouts, they reminded the staff that security incidents have consequences.
This is a multi-part series. See Internal Attacker Detected: Part 1, Internal Attacker Detected: Part 2, and Internal Attacker Detected: Part 3.
Others on my team had already imaged the old computer and had started imaging the new one across the network as soon as my meeting with Lynn began (by design, she was not told of the meeting beforehand). Both images would be sent off to the Forensics team.
Continue reading →
Like this:
Like Loading...
Filed under Case Files, Security, Security Scout
Tagged as access, admin, attacker, contractor, control, failure, hacking, internal, Mack, problem, security awareness, URL
Out-of-Office Reply Tells All
I checked my personal email account and found I had 3 out-of-office replies from people who obviously belonged to the same organization. However, I had never emailed any of them.
At first I thought they were some kind of a malware emails, but they were text only and contained no links. So I just left them in my email box and wondered about them every time I saw them. Then I figured it out.
Continue reading →
Share this:
Like this:
4 Comments
Filed under Blogging, Security, Security Scout
Tagged as anonymous, Blogging, comments, email, insider, ooo, out of office, reply, spammer