Access to system
Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Access to system

  1. #1
    Junior Member
    Join Date
    Dec 2009
    Posts
    5

    Access to system

    I have access to a system. I know the VPN password and I am in. I have local admin rights on one of the servers. I am not malicious and do not want to do anything. I just want to let the proper people, in this case the media know what is going on in this government agencies. What kinda of damage can a hacker if he got into such a system. I need this information to present it to the media. If any one can help it would be appreciated. Just an update. I was the Network Admin. The VPN password was not changed. I used a users credentials and got in to the terminal server and logged in with locally with my old admin password, how incompetent is that. So technically i have not broken in, I just walked right in. I am trying to protect the clients by exposing these incompetent people.

    Thanks
    Last edited by monty400; December 21st, 2009 at 04:15 PM.

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    A few thoughts:

    1. You have broken the law by accessing that system.

    2. You should be notifying that agency that they have a violation, not the media. See point 1.

    3. Depending on the agency, with local system access rights you could do a lot or nothing. The local system could be a honeypot with false info in it. Or it could be a very important system that has info that if made public could cause lots of lives to be lost (then point 1 could be changed to treason if you made that info public).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Junior Member
    Join Date
    Dec 2009
    Posts
    5

    Thank Msmittens

    I was the Network Admin there. I created that VPN password and it is still used. also this is a terminal box with local admin right with my old password. So it is real. A hacker can install software to capture a host of information. I am not doing this to harm anyone. I just want to point out the managerial idiots that work there.

  4. #4
    Banned
    Join Date
    Nov 2002
    Posts
    677
    Good question: would you "record" your call to the FBI to report and save the recording in case they are looking for a scapegoat? Or would you report it to a whistle-blowing site like wikileaks.com that is a community of everybody including law enforcement? Your access to the system will get lost in a sea of curiosity.

  5. #5
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Monty,

    Please forget about it.............the media neither care nor understand......in that respect they represent the public perfectly

    MsM is correct, you should inform the agency concerned. If I might be allowed to play "devil's advocate" I would look at your statement:

    I was the Network Admin there. I created that VPN password and it is still used.
    You were in a position of trust? as a juror I know nothing about computers, but I do understand trust and responsibility?????????????

    Obviously; you found this out because you "had an old shortcut on your desktop, and clicked on it by mistake?"..............

    They could live with that one because it implies that you are almost as incompetent as themselves I think that gets round a part of MsM's #1?

    Another thing you need to ask is whether you left them on "good terms" or not? If you were fired or made redundant your actions would be construed as "sour grapes"; and if you left on good terms it would be considered downright disloyalty. I am afraid it is a sort of "catch 22" situation?

    I have been in a similar situation but was not aware of it until I was asked to go back to the site and help them fix a problem.............they told me my ID and pass were still valid "because we knew we would have to call on you sooner or later, John"

    Yeah, well.............................

    EDIT:

    Couple of afterthoughts:

    1. Did you have a signed off site security policy on what to do when a member of staff left?

    2. Was having a common VPN password a good idea? Let's face it, nobody has any regard or respect for common passwords.

    I would take the view that these issues were well within the remit of the Systems Administrator rather than the management?
    Last edited by nihil; December 21st, 2009 at 06:26 PM.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  6. #6
    Junior Member
    Join Date
    Dec 2009
    Posts
    5

    Access to system

    Thanks for your input nihil. No there was not any signing off any security policy.
    Yes I was Network Admin. But as for one a Network Admin is responsible for the the security of a Network and management is also responsible to make such action is followed. When a user leaves all access from the network should be terminated. In the case of a systems guy leaving, access to the system should be completely closed; yes all password should be changed. Say I was a malicious person all I have to do is go to hacker bulletin boards and upload information. I am concern for the clients because it seems this agency is incompetent in providing adequate security for their systems thus potentially harming client information.
    Last edited by monty400; December 22nd, 2009 at 01:39 PM.

  7. #7
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Hi Monty,

    The lack of a documented security policy is certainly a major shortcoming, however, I doubt if the management even realise the need for such a thing. In my experience they tend to rely on their IT professionals to take the lead in that area.

    I agree that when an employee leaves then their user account should be closed, and if you are going to fire someone you should do that before telling them, and escort them off the premises. I have known cases where ex-employees have wreaked havoc before their account was closed.

    I guess it is not unusual for common passwords not to be changed when someone leaves, but this is for applications that can only be accessed if you have a valid account and access to a local network machine. Stuff like pricelists, inventory specifications and the like. Because these accounts don't have data entry or modification rights this approach is usually considered satisfactory.

    Your guys certainly don't understand VPN, but would you expect non-IT people to do so?

    I guess the real issue is that even if you can get to the server, what can you do from there? Would it expose any sensitive information?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  8. #8
    Junior Member
    Join Date
    Dec 2009
    Posts
    5

    Thanks Nihil

    There is no information on that server its a terminal server but has access to the main database that is web based; software could be loaded, such as hacking software to capture passwords and so on. I just cannot comprehend why these guys would leave such a security hole. If I were malicious and gave this information to a hacker and they were good it would be lights out then client information would be at risk. You are right that I should inform them of it but I would love to report this.

  9. #9
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Hi Monty,

    I don't know what it's like with you, but over here the media would only be really interested if an actual breach or data loss had taken place. Other than that they tend to have the same level of IT security knowledge that your guys seem to

    I just cannot comprehend why these guys would leave such a security hole.
    That bit is easy..............they just don't realise? As I mentioned, jointly used or common passwords are frequently not respected.

    If they had a documented security policy with supporting processes and procedures and had failed to follow them you might get more mileage, but they don't, so they haven't broken any rules (apart from common sense)

    Once again I would urge you not to go to the media:

    1. Whistle blowing can be career limiting.
    2. As you were the Network Administrator you were probably a bit too close to the coalface for comfort? Unless, of course, you pointed out the lack of a security policy and procedures and were ignored?

    I must admit that I find it rather strange that a government agency of all things doesn't have a policy in this area. We have had a few security breaches over here (UK) but they have generally been because staff failed to follow clearly defined procedures.

    Are you sure that gaining access to the terminal server would allow someone to install software? All the ones I have ever used wouldn't let me unless I logged in as administrator.

    Also, how secure is the VPN link...........presumably you then log in to applications and databases?..............isn't that encrypted and you would need a valid user ID and password?

    Finally, is the client information held in plaintext or is it encrypted?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  10. #10
    Junior Member
    Join Date
    Dec 2009
    Posts
    5

    Hey nihil

    Yes I have local administrator rights on the server. I login with administrator and the old password I used. Yes you have access to the database with a user name and password of course. Like I mentioned a hacker could have a field day with this. I could just imagine the damage that could be done. I know whistle blowing may effect me more then this is worth. I should just let it go and move on, the place was totally dysfunctional and I am glad they handed me my severance.

    Thanks Nihil for your advise.

Similar Threads

  1. can't rid my computer of Spoton
    By rpgraff in forum Spyware / Adware
    Replies: 16
    Last Post: August 24th, 2004, 08:01 AM
  2. OpenVMS Fundamentals Chapter 1
    By agent.idle in forum Other Tutorials Forum
    Replies: 0
    Last Post: March 12th, 2004, 05:39 PM
  3. Denial of Service
    By M@rin3 Snip3r in forum AntiOnline's General Chit Chat
    Replies: 6
    Last Post: September 24th, 2003, 03:59 AM
  4. CMOS commands
    By qwerty_smith in forum Other Tutorials Forum
    Replies: 7
    Last Post: September 23rd, 2002, 06:29 PM
  5. The Worlds Longest Thread!
    By Noble Hamlet in forum AntiOnline's General Chit Chat
    Replies: 1100
    Last Post: March 17th, 2002, 08:38 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides