Re: Deserting Firewall Operator

[Tim Kowalsky <webmaster () deltecsolutions com>]

I think there are two very important question here which should be asked
before everyone starts talking about legal action...

1.  Is the former security person "harrassing" (I use the verbiage from the
original post) the system operators with messages pointing out insecurities
in the firewall config or is he making threats to attack the LAN?  (There's
a very large difference.)

2.  Was the "backdoor" put in place while the security person was still
employed and used for remote administration?  (Did he/she continue to use it
after parting ways with the employer?)
> From the sound of the email, the former contractor left in a hurry (and a
contract dispute could be a legitimate reason to do that, arguably...) so
without further information it is equally possible that this was not an
insidious attempt to keep access after the fact.

The forwarded email from the former security person does sound as if he has
serious grievances (he feels) with the company, but there isn't anything
overtly threatening about it.  If anything it sounds more like a political
attack (trying to go over the heads of those he had disagreements with and
get them in hot water.)

Unless he's done more than this, you can't threaten him with legal action...
it's not illegal to tell someone that there are security holes in their
network...  at least hopefully not most places!  =)

If on the other hand this person is actively attacking (trying to break in
and do damage to) the LAN, collect the evidence and take it to the
authorities.




> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi people,
>
> I hope I send this message to the right mailinglist. I have been
> learning everyday since I subscribed to some of the securityfocus
> mailinglists.
>
> At one of our client's company, wher I work as a network system
> engineer (not security related or responsable, thank god!!) we have a
> slight problem you might say, I hope somebody can tell me wat to do;
>
> the "free-lance" firewall operator/controller had some disagreement
> with his manager about contracts and deserted his post. But not after
> (we discoverd this only day's later) he build in a backdoor route to
> his own cablemodem IP-adres in the router and the firewall. We
> managed to disable this route immediate after we discovered it.
>
> Still he keep's harrassing our system operators (Now also responsable
> for maintaining security!!) with messages, stating that he still has
> acces to the internal LAN. He even mailed following message to the
> country manager of this company;
>
> "Hi xxxx
> It is no longer of my bizz,
> but the Three Stooges from sysadmin put some major holes in the
> configuration
> it is now very easy for people from all over the world to gain access
> to
> the companie's LAN,financial database and the websites...
> i noticed that you don't care much for security
> and lost the momentum to do much about the king of the hill politics
> around
> you.
> but there are still some people working there that should not suffer
> from
> the stupidity of the powergreedy and the lack of action from the
> none-interested.
> Have a nice day,
> his name"
>
> Wat to do, when your "guardian" turns on you?????
>
> Thank you for your response,
>
>
> Coen Bongers
> Senior Network Engineer
> E-mail: CoB () Kikke net
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
>
> iQA/AwUBOnWUT9oWyqAi/3bJEQIikwCfebzcL3IcJF1ZyvPpI/zpzzs2zR4An3Gb
> 0/XfxjnNBbUDsayEcVUklOPh
> =JLv3
> -----END PGP SIGNATURE-----