Feeds

BOFH: Lock shock

I have never seen this man before in my life. Nor this one

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Episode 12

“No, I’m pretty sure you don’t work for the company,” the PFY says, tapping away furiously on his keyboard.

“What’s up?” I ask, as the PFY mutes the phone while the bloke on the other end has some form of protracted verbal seizure.

“That idiot from accounts who wanted us to pick up the bill for his home broadband has got a note from his boss authorising it and saying it should be charged back to our cost centre.”

“So you told him to get stuffed, right?”

“Sure did. So then he got his boss on the phone...”

“And you told him to get stuffed too, right?”

“Yep, and then he got his boss on the phone...”

“And you told him to get stuffed as well, right?”

“You bet. And then he got our boss on the phone...”

“And you definitely told him to get stuffed, right?”

“I did. And then he started going on about how if I didn’t watch myself I wouldn’t be working for the company much longer.”

“Which is where I came in?”

“Exactly!”

“So what’ve you done – deleted his records from HR, Salaries, Security, the Website, the Phone system, Active Directory and updated his swipe card details to read ‘Stolen’?”

“All but the phone system – because it’d drop the call.”

“There’s no time like the present!” I say.

A few clicks and a few seconds of processing delay later the caller details on the PFY’s phone revert to UNKNOWN just before the call drops...

Half a minute later the PFY and I have a few chuckles as we hear a swipe card being repeatedly denied at the entrance to Mission Control. A furious hammering starts moments later, followed by a long silence.

“Wait for it...” I say, nodding at the PFY’s phone.

>ring<

“Hello,” the PFY says, in answer to a call from the bloke in the office next to the Boss.

“What the hell have you done to my swipe card?” the Boss yells – with the tell-tale echo of hands-free mode from the other end.

“Looks like the Boss is looking to make an example of someone,” I murmur to the PFY.

“That makes two of us,” the PFY murmurs back, before adopting a louder tone. “Who is this?”

“You know very well who this is – and if you don’t enable my card immediately...”

“I’m sorry, I don’t recognise you.”

“You won’t recognise me from the unemployment line,” the Boss snarls.

“I’m sorry; I don’t know who you are or where you’re ringing from.”

“I’m ringing from Dave’s office.”

“Dave?”

“Dave Greenwood.”

“There’s no Dave Greenwood working for this company,” the PFY replies as he taps away furiously at the keyboard, just before the phone goes dead again.

“Ooh – don’t forget to delete the scanned images of their employment contract – and their home directories - from the SAN!” I blurt.

“Check!” the PFY says.

>ring<

“Sharon who now >clickety<?” the PFY asks as the phone goes dead once more.

And about then it starts to dawn on the IT masses outside Mission Control that this is serious...

With only two days remaining till payday – and given the slovenly nature of the company’s HR processing – even if the staff member could prove that they were really working for the company and that their deletion was some form of data error there is NO WAY they’ll be getting any money in this month and mortgages, etc, will probably go unpaid...

Off in the distance the PFY and I hear several doors slam and lock as people act to protect their pay packets from the Boss’ minus touch...

A few minutes later the phone rings once more.

“You can’t possibly think you’re going to get away with this,” the Head of HR burbles smugly down the phone line at us – calling from yet another hands-free phone in the Security offices, no doubt called down there by the three ex-members of IT staff.

“Sorry – it’s Simon here – Steven’s out of the office running a few errands," I say, while simultaneously texting the PFY “What can’t he get away with again?”.

“You don’t seriously think that you can simply delete someone out of the system and suddenly the company will treat them as persona non grata!”

“Really?” I ask, “I think our HR system is a fairly authoritative source for information on who is and isn’t a staff member – and I think our Head of HR would agree.”

“I don’t think he would...”

“I do. In fact I’ll check this with him shortly.”

“You’re talking to him now...”

“No, I’m talking to someone at security. James, the real Head of HR is bound to agree with me.”

“James is the assistant head of HR.”

“Really? That’s not what it says in the HR database.”

There’s nothing quite like the sound of a penny dropping from a great height. A penny with the image of the person who jealousy craves your job on the obverse face. That’s the tragedy of a powerful job – there’s generally a queue of envious figures behind it, all waiting patiently...

“You’ll never get away with it! I have printed documents – my employment contract, my health insurance documents, my annual leave forms!”

“Health Insurance, hmmm – thanks for pointing that one out. >clickety< Yes, I think you’re right, printed documents do have an air of authority to them. Unless of course they were perhaps kept in the lockable bottom drawer of the desk unit that you get issued with - if you were in fact employed by the company – a lock with a single master key that only my assistant has. On him. Right now. The one which will be in his pocket even as he starts that small fire in a metal rubbish bin up on the roof...”

“You’ll never get away with this!”

“I think I already have. And if I haven’t I’m sure there are people waiting to be promoted into the positions of those that I don’t completely see eye to eye with. Now if you don’t mind I’ll have to ring off now. I need to call security and tell them about the imposters in the building. They’ve been looking for a chance to see how the dogs react...”

Beginner's guide to SSL certificates

More from The Register

next story
Docker's app containers are coming to Windows Server, says Microsoft
MS chases app deployment speeds already enjoyed by Linux devs
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
'Urika': Cray unveils new 1,500-core big data crunching monster
6TB of DRAM, 38TB of SSD flash and 120TB of disk storage
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
SDI wars: WTF is software defined infrastructure?
This time we play for ALL the marbles
Windows 10: Forget Cloudobile, put Security and Privacy First
But - dammit - It would be insane to say 'don't collect, because NSA'
Oracle hires former SAP exec for cloudy push
'We know Larry said cloud was gibberish, and insane, and idiotic, but...'
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.