Staff sacked after security sees 'suspect surfer' script of shame
Compiling lists of dodgy browsing is all fun and games until the audit team comes along
Who, Me? As your Vultures are off fighting over the remains of the Christmas dinner, we've lined up a feast of a different nature: a bonus instalment of Who, Me?
This week, we hear from reader José, who wrote in to tell us how a prank led to some of his former colleagues getting their marching orders.
It was back in the late '90s, and José was working for a large investment bank, doing a variety of bits and pieces.
"During one project, I find that I have read access to the company internet proxy," he said. "As a bit of a joke, I grep it for some racy words, and lo and behold dozens of hits appear."
José mentioned this to his boss, who had a good laugh when he saw who had been visiting which site.
Then, he asked José to write a script that would search the logs for dodgy words and spit out the related sites and the usernames of the people who visited them. (No privacy concerns in '90s banking, evidently.)
The end result was wrapped up in some basic html tags and sucked into José's team's intranet site, which was password-protected, and listed as "suspect surfers".
Experimental 'insult bot' gets out of hand during unsupervised weekendREAD MORE
According to José, his boss gained much mirth from access to this dirty list.
"He would get his full English from the canteen, then sit at his desk and peruse the previous day's filthy web hits.
"As his runny egg dribbled down his chin, he punched in phone extension numbers of unlucky punters who were caught by my script," José explained.
"John – how are you old boy? Busy? It looked like you were plenty busy yesterday afternoon at 3:38pm you naughty scoundrel! Hahahaha!"
At the time, José observed, "it was all a bit of fun" – but the merriment died off quickly six-plus months later.
By then, José was working in another country and had forgotten all about his saucy script until a former team member gave him a call.
"You remember that suspect surfers page you made?" the colleague asked.
"Yeeeesss…" replied José, hesitantly.
"Turns out the Compliance and Audit team hired a white hat guy to go through our internal network and intranet for vulnerabilities… It appears the intranet team password authentication wasn't very secure."
"Well once he got on our team page, he found 'suspect surfers' – and a few closed door meetings occurred forthwith."
Luckily for José, he wasn't in any trouble – indeed, the former colleague said the team was "really happy" his script had helped build up a nine-month-long history of the so-called suspect surfers.
The bad news, though, was that José had inadvertently seen off quite a few staffers.
"I wouldn't show your face back in London anytime soon," his colleague told him.
"Seems over 40 staff got their marching orders this morning courtesy of your historical pages and some hard-nosed security staff.
"The Boss was one of them. And his boss. I wouldn't look to them for references if I were you."
Have you ever scuppered your chances of moving on with your career? Tell Who, Me? how and we might feature your confessional on this page in the future. ®
Sponsored: Becoming a Pragmatic Security Leader