SUMMARY: Ed Wilson discusses a hypothetical hacker scenario, and talks about how he gains access to the network.
How does a hacker get into his / her old network.
Getting in – the easy way
One of the easiest ways for a disgruntled person to get back into their old network, is to simply log back in using whatever remote access they were granted by using their old user name and their old password. But wait, you may say, wouldn’t their old access be turned off? Wouldn’t their old user account be deleted? One would hope so. But here are some considerations:
- Most companies, have some sort of procedure for terminating employees. This procedure usually involves multiple departments including IT, HR, Payroll, Security, and maybe Legal or other departments. Depending on how effective these departments are at working together, what sort of routing system is in place, it could take a day or more for everyone to get their specific piece of the puzzle done.
- Most companies, with procedures for terminating employees, rely on some sort of manual process. Because people are involved, someone can always make a mistake. It might not even be a mistake. Perhaps one of the people in the chain is on vacation, or on maternity leave. This means that someone will be “covering” the job. When people “cover” a job, it often means they do the bare minimum required because they have a job of their own to do. It might also mean they they have not been completely trained to perform the other job.
- Most companies, really do not delete ex-employee user accounts, because ex-employees often end back as current employees. So the user account usually becomes disabled. The ex-employees data is often required by the employee who replaces the ex-employee, and therefore access to the corporate data is often transferred to the replacement. Or at least is available via request. Things like e-mail are often kept for a certain period of time in case they are required (for example as evidence in a legal matter).
Whenever there is a procedure in place, there is also a chance that procedure is not updated, or completely followed. This is why companies review procedures from time to time. But just because a procedure is reviewed, it does not mean that all flaws in a procedure are caught. This is why companies have audits. But just because a company hires auditors, it does not mean the auditors catch everything. This is why we have regulators. But just because there are regulations, it does not mean the regulations are fully understood, or even implemented. This is why we have consultants, lawyers, and courts. You get the idea. At any point in the chain, there can be a breakdown. This breakdown becomes easy access for an enterprising hacker.
Anyway, you get the idea. Hope you have a great week. Join me tomorrow when I will talk about some more difficult ways the hacker may gain access to the old network.