Day 7: 13:15
Too many, John Atkins, systems engineer for Pacific Shipping Incorporated thought while he browsed his logs. He was at first intrigued by the large amount of failed logins on one of his monitoring servers. It wasn’t easy to pinpoint the source of the alerts as the logs contained a lot of information, most of which were only relevant in a specific context and in this context was mostly clutter. After he had applied a series of filters, he was still left with a lot failed attempts, but what worried him the most were not the failed one’s: they were the one’s that had succeeded.
Day 7: 13:55
Peter Seeren walked in into their office. Peter and John shared the office. Each having two desks bordering one another and thus making a huge desk. Each contained three screens connected to two computers. Peter also had a laptop.
“You look like you need a coffee.” Peter said.
“I think we have problem.” John said.
“These attempts to log in on our monitoring servers.”
If this statement had come from any other than John, Peter might have said something like: “Are you sure?” Or, “Aren’t they from this or that.” Instead he sat down and said, “How big a problem?”
“A big one.”
Day 7: 14:15
“Yes?” William Balking picked up the phone.
“William. This is John Atkins.”
“John. How can I help you?” William asked.
“Can you run a virus scan on some systems?”
“As soon as possible.”
“As soon as possible? During production times?”
“That might impact the production, you know?”
“Yes, I know.”
William was silent for a moment,”We better have some high up people approving this, otherwise we got hell to pay if it blows up in our face.”
“Yes. I arrange you that approval.”
“I get to work then. Do you have a list of the systems.”
“It is in the mail.”
“William opened the mail. Forty five systems. Not that many..” William scanned the list, then whistled loudly. ”Those are not just any systems..”
Day 7: 15:35
Security Officer Harry Townsend was a very thin, slender bald man in his late fifties. He sat down with the two system engineers: the short broad shouldered John, a silent serious man with short black hair and the taller younger Peter, with brown hair. All three were clean shaven.
The two men gave the security officer a summary of their findings.
“So what do you think is happening?” Harry asked.
“The infected systems are running programs that try and log in to other systems. And they are succeeding.” John said, “And it is not a virus. We checked those systems.”
“So what should be done about it?” Harry asked.
“We can disable the accounts.” Peter said, “but this might cause systems to fail.”
“Can we disable specific accounts?”
“We can, but they are the important accounts.” John said, “The one’s that make things run.”
“What can we do without actually disabling them?”
“We can change the passwords of the administrators. Those don’t directly involve the operations of the systems.”
“At least not on ours.” Peter said.
Harry nodded,”Ours. As in the central ones. Those we maintain ourselves.”
“And the ones we don’t run directly?”
“We have not looked at yet. We can’t.” John said.
“Unless the chief security officer gives the command.”
“Or we inform the local staff?” Peter said.
“Have we any evidence they are affected?”
“No.” John shook his head.
“This can cause a panic. We should be sure.” Harry said, then continued,”We do the central ones and I will ask the chief security officer. I expect he will have a meeting with management about this.”
Day 8: 10:35
“I have been asked to do as much as possible without causing panic.” Harry said.
The two engineers John and Peter looked at each other briefly.
“I have been asked to ascertain the threat and as such I got the permission to hire an outside agency.”
“Maybe we can see about what we can do at the moment. Like disabling some accounts. We can hold a meeting with engineers team.”
“That is a good idea, but only with one or two. Arrange it with your manager.”
When the two administrators had left Harry picked up the phone and started to call that outside agency. He was calling the best even though the company would have to pay a hefty price for it.
Day 10: 12:20
“A hacker.” Harry said and he placed his hands flat on the security incident rapport on his desk. It had big letters across it: confidential. He looked at the man in the Armani suit who had laid it before him that morning. His name was Richard Thompson. John and Peter had joined them, as had William had being the one responsible for anti-virus system and Mark Cramer, who was the main network engineer. They all had read their copies of the rapport.
“Yes. It’s a hacker.. he or she gained access to a computer using an email about ten days ago. It was disguised as a business mail. The receiver opened the mail, double clicked the attachment and that set up a connection to the hacker.” the young man with sleek neatly combed hair, wearing the Armani suit with silk tie said. He had a small briefcase with him and read the rapport the five security company engineers had made for him. They had descended on Pacific Shipping Incorporated like birds of prey and started to uproot everything..
“But…our mail has got checkers for that.” William said, “Our anti-virus programs check for harmful programs in the email.”
“Indeed.. but this was not done by internal mail. It was done via webmail from a third party.” Thompson said.
“The block against that was removed by order of Berling, former CEO. He kept in touch with people via third party mail. He was supported in that by the board.”
“You mean Berling, the one that now works for Sea Containers United?” Peter said.
“Yes and before us he worked for a few other big companies, switching jobs every few years as is normal for people at that level. It was unhandy for him to have his mail transferred from one company mail system to another when he switched jobs.” William said, “So he approved an order to have those blocks removed.”
“But how can that hacker gain access… we got firewalls?” Harry said.
“I read here that they only work from the outside in, but this program worked the other way around.” Thompson said, “It was made to setup a connection.
“Blocking internet traffic from the inside out was considered inconvenient. We never got the approval to do that. I think is was director of the business that thought it harmed the ease with which to do business.” Harry said.
“But the antivirus system…”, Peter said.
“It’s not an virus. Just a small program that makes a connection to the outside.”
“But the system that ran it. I mean when it is stopped and restarted, it would have killed the program.”
“Not necessarily. For one, it could have restarted itself. For another, the system was never restarted by the user.” Thompson said.
“Because of cost savings the company delayed replacing the computers and those old one’s became very slow to shutdown and startup. It could take like twenty or thirty minutes. People stopped doing that to save time.” Harry said.
“We know that.” the engineers nodded.
“So gentlemen. The situation Pacific Shipping Incorporated is in is dire. This hacker has hacked his way into crucial systems.” Thompson said.
The others took this news with a grim silence.
“And the only way out of this is to change all passwords at once, rebuilt those systems that have been compromised and implement lock down security and maintain it.” Thompson said.
“Were local systems infected too?” Peter asked.
“We don’t know.” Thompson said. “We did not check their systems.”
“There has not been any formal statement yet.” the security officer said. “So I have no leverage.”
“So.. We don’t know?” Peter said.
The men sitting around the table looked at each other. The engineers, with the exception of Peter, had worked a long time in the company. They knew what was going to happen.
“We could of course give you an extensive advice of what can be done to implement the required security.” Thompson said with a vague smile.
Harry nodded at that,”It is one of the follow up actions. Learn from the lessons learned.”
Thompson eyed the security officer. The room was silent.
“Lessons learned.” Peter said. “And will we implement those?”
“That is for management to decide.” Harry said while he placed his hands together making the fingers touch the one one the other hand.
Peter looked at the faces. The smiling one of the external consultant. The unreadable one of the old security officer and those of his co-workers who looked at him with that knowing glint in their eyes.
“We could implement some changes in the new systems, so over time it gets implemented everywhere when systems are replaced.” John said.
“And how about implementing them with local systems?”
“They won’t let us touch them. We need higher management to give the go ahead. We need to convince everyone with this rapport..” Peter demanded.
“It is a confidential rapport.”, the security officer said. “I understand from the chief security officer that it will be reclassified as highly confidential.”
“What does that mean?” Peter wondered out loud..
“That only a selected group of people can read it.” Mark said, “Only for a special group of people.” He lifted both hands to symbolise the double marks.
“So we can’t use it to convince the local people.” William underscored.
“Not unless higher management allows use of this.” Mark added and held up the rapport.
“Which they won’t.” William said. “Since they would have to admit to some painful errors.”
“We can off course make a risk assessment rapport.” Thompson said. “One that exactly advises what errors to amend and how.”
“But wouldn’t people know about it, with the password changes, rebuilds and such?” Peter asked.
“Maybe they do, but the strangest things happen in companies, so everyone accepts it as another strange fluke of the nerds and after a while people forget. Or want to forget.” Thompson said.
“Make that rapport. We try and implement what we can.” The security officer said.
Day 10: 12:55
“It is a pity. We could have used that rapport to proof we need to tighten security. Now we get a rapport suggesting the same thing, but there is no urgent reason to implement them.” Peter said to John when they had returned to their room.
“Maybe if production was seriously affected something would happen.”
“Perhaps..but we don’t want that to happen.” John said.
“It is like telling people we need a fire-brigade when you need a fire to convince them .”
“Something like that.”
“But now everything is hushed up. The rapport will never get out.”
“Perhaps.” John said. “But people talk. We don’t live on an island.”
Day 11: 17:15 Dave’s Pub
“Have one on me, John.” Charles Dorn smiled at Atkins and handed him a glass of beer, cold with small drops to the outside. The music played Jailhouse Rock loudly. The only other person was the bartender James, who was cleaning glasses.
“A beer..Wasn’t it all tea for you. And to go wild: coffee.”
“You know I don’t want to make a habit out of it.”
“So how are things with you people up in the Ivory Tower.” Charles said with a grin. ”Or does the beer speak for you?”
“You still see the others? Friday afternoon?”
“Of course. They all drop in at times. Every Friday afternoon. We have a drink and a chat.Nothing serious, really.”
“Well, Charles, we had this problem…” John Atkins whispered.