This post is for information only, no screenshots. At the end of the main story, I added one of my own IT consultant stories.
This is for businesses
Copyright Scott Adams, Inc./Distributed by Universal Uclick for UFS
Source: Office Watch
A man has been jailed for two years after sabotaging a company by deleting 80% of their Microsoft 365 accounts; email, calendars, contact lists, docs, and so on. What did he do and what organizations should do to prevent a similar catastrophe.
Deepanshu Kher worked for an IT consultant firm and was deployed to work at Carlsbad Company who were migrating to Microsoft 365 hosting. Carlsbad were unhappy with Kher who eventually left both Carlsbad and the consultant firm.
He returned to India where he hacked into Carlsbad Company’s new Microsoft 365 system and deleted 1,200 of their 1,500 user accounts. That shut down the company for two days, unable to access email accounts, contacts, calendars, documents, directories plus Teams and video conferencing.
Customers and partners could not contact the company or vice-versa. There was no way to tell people what was happening and why.
It took three months and over half-a-million dollars for Carlsbad to get everything back into something like normal.
Lessons to be Learned
Details of the hack have not been disclosed but some reasonable guesses are possible with some preventative measures suggested. See end of this blog post for a link about the hack.
Revoke Accounts
When someone leaves an organization, especially admin level access, make sure their account privileges are suspended or revoked. It’s easily overlooked.
A former employee or contractor might have discovered other logins or know hacks into a system but most commonly they just login to their account.
Restoring Deleted Accounts
Microsoft’s default for deleting a mailbox or user account is a ‘soft’ deletion that’s held in a recycle bin for 30 days, with a Restore option, before full deletion. Unfortunately, there’s a second ‘hard’ option which immediately deletes the entire mailbox or user account. In some cases, hard deletion is necessary but perhaps Microsoft should make irreversible deletions a lot more difficult to access, even by administrators? Maybe require more than one admin to approve hard deletions?
Where is the Hacker Now?
Mr Kher did his nasty deed from India but that didn not stop the FBI from tracking him down and issuing an arrest warrant. When he tried to re-enter the US in January 2021 he was arrested, unaware of the outstanding warrant.
In US District Court he was found guilty of “Intentional Damage to a Protected Computer ” which carries a 10 year and $250,000 fine maximum. Kher was sentenced to two years jail, three years supervised release and ordered to pay restitution of $567,084 (the precise amount it cost Carlsbad to fix their systems).
See Justice.gov for details.
One of my Personal IT Consultant Jobs
I went to work thru a consultant agency for a manufacturing plant in the Port of Catoosa near Tulsa, Oklahoma. On my first day, around 9am, the admin person starting setting me up access to their system. Two hours later, he was still working; he did not know how to set my credentials. Also, a lady supervisor came by and gave me a foot high stack of paper and told me to go through it. I ask, “what am I looking for?”. She said, “just go through it.” Then she left. I did not do this; if she did not know what I was looking for, I sure did not know.
Around 11:am, the IT director came by and wanted to take me to lunch. His right-hand partner, he and I got into his vehicle. They did not ask me any questions on the ride to the restaurant or back to the company. During lunch, they did not even acknowledge my presence or ask me anything. They just talked to each other. So, I remained silent. I thought this was strange.
Back at the plant, he took me to several departments where I met a lot of people, names I could not remember. What I later realized, it was a “dog and pony” show. He was being pressured to do something about their IT “system”, so he talked to my consulting agency and they sent me. He expected me to fix their “system”. He knew this was an impossible task for one person; he set me up for failure.
Over the next two days, I was amazed at their “system”. Their plant was using Excel spreadsheets to run the company; I found thousands of them. I estimated 10,000 spreadsheets.
One department would enter info like name, supervisor, hours worked. Then that department would “pass” the spreadsheet to the next department where they added their own info and/or creating new Excel spreadsheets. And so it went to each department. It was a gigantic mess. I wrote him a letter saying he needed an enterprise system like SAP, IBM or Accenture. He ignored the letter. He had done his job by hiring me to be his savior.
I decided to start with the Time Keeping system. I create a database and the forms. At least, they could have something to visualize.
No one spoke to me. I tried to talk to the guys in IT, but they shut the door in my face. Very wierd.
After ten days, I came in on a Monday morning and starting working. Around 10:00am a supervisor comes by and says, “why are you hear, you were fired on Friday”. I said, “no one told me”. She left and I called my boss. They did not know either. I packed what work I had done and left.
After reading the main story above, I could have done major damage to the company by deleting thousands of Excel spreadsheets in a matter of minutes. I had full admin access. So, would I have been sentenced to jail? I do not think so because I was technically fired and no one told me or my boss. The company was to blame for their lack of communication and not revoking my credentials. So, pay attention to the above story, especially, if you are running a business.
That’s it. Please feel free to share this post! One way to share is via Twitter.
Just click the Tweet icon below. This will launch Twitter where you click its icon to post the Tweet.
Check out TechSavvy.Life for blog posts on smartphones, PCs, and Macs! You may email us at contact@techsavvy.life for comments or questions.
Tweet
I Would Like to Hear From You
Please feel free to leave a comment. I would love hearing from you. Do you have a computer or smart device tech question? I will do my best to answer your inquiry. Just send an email to contact@techsavvy.life. Please mention the device, app and version that you are using. To help us out, you can send screenshots of your data related to your question.
Tech Savvy Life 