Error message

Notice: Undefined index: content in clean2014_block_view_alter() (line 631 of /var/domains/harmon.ie/www2/sites/harmon.ie/themes/clean2014/template.php).
First Place
Second Place
Third Place
Honorable Mention
Dropbox Disaster
Misbehaving in Class
Why Go Rogue?
Ex-Drama
Leaked Customer Information
Lotus Leaks
Smartphone Saving Miles
Free Government Wi-Fi?
Picture Panic!
Instant Credit Card Details
Password Whispers


First Place

A new MacBook owner was frustrated by the lack of Wi-Fi in his office and so invested in a wireless router. The router was so simple to setup – it did not require configuration of wireless or security settings! All was fine, until a few days later, the executive noticed his internet was running slower than usual. Thinking it was just his ISP he ignored it, but after a few days with no improvement he called in a security expert to assess the situation. The expert discovered that someone was sitting in on the local network and had captured, “sniffed”, all of the wireless traffic from the portable router – including all the passwords to the company’s accounting and file server, which were being sent to a server in Asia! There was no trail, and to this day our executive isn’t sure what was taken and by whom.

Second Place

Two doctors’ rogue behaviors were caused by the hospital’s faulty IT practices. Three years ago, two large hospitals with Microsoft Exchange, Active Directory and generally a command-and-control IT infrastructure made the decision to move to the cloud to better accommodate the influx of mobile devices and shifting demographics. The hospital also chose to move their personal information management systems – email, calendaring and contacts -- to Google Apps. Anyone designated as a solo administrator in Google Apps had the freedom to download any app in the Google Play store, including native Salesforce.com and Box apps which were part of the hospital’s ecosystem. Native apps are provisioned and authenticated separately against suppliers’ databases. All worked well until two doctors left the group. Their Google credentials were shut down, but Active Directory didn’t have any policies to de-provision the peripheral applications. So the doctors continued to book their travel and vacation plans through the hospital’s Concur Travel service. The expense policy didn’t require approvals from management, so the hospital’s corporate credit card was charged for two or three quarters before the CFO discovered the departing doctors’ rogue purchases. It wasn’t that they were trying to steal from the hospital. Concur Travel stored all their travel rewards programs, preferences and frequent flier miles in the system, so it was natural to log in and book travel there.

Third Place

The security team heard that there were a bunch of people using Dropbox without authorization and that they had recently been hacked. So they made an anonymous call to Dropbox. They said, “We are from a large nonprofit and we'd like to know more about how our organization has been using Dropbox”. They replied: "We have a list of 1600 user names and their email addresses, would you like that list?” What?!!! The Dropbox guys wanted to upgrade the company to the enterprise version so much that they were willing to share a customer list without even authenticating the folks on the phone!

Honorable Mention

While at a biotech company, our IT group was always struggling to provide guidance and advice to a small group of folks who provided direct support to some of our scientists. This rogue IT group one day decided to install and turn on an accelerator card in each of two buildings’ Catalyst 4500 series switches. The change went unnoticed for over three months, until one day we started getting reports of file shares missing, internet access problem, and one executive wasn’t able to access the network at all. The hard part of trying to resolve the issue was that there wasn't a "common" problem among all the users. We spent several hours troubleshooting individual network connections, while other IT folks were looking for viruses. It wasn't until one of our network guys realized the "accelerator" cards had been added to the Cisco Catalyst switches in the building that we started homing in on the problem. We couldn't understand why the accelerator cards might be a problem, but we did know that no other buildings were using them. At around 4:15 PM we decided to unplug the switches and remove the cards. After powering up the switches all the problems we'd been seeing were gone. The two real problems and lessons here are that change must be managed, and that root cause can at times seem completely unrelated to the problem symptoms.

Dropbox Disaster

A company user downloaded a sensitive high IP design document from company's SharePoint site using his mobile device while he was connected to the company's Wi-Fi network. He accidently copied and stored this sensitive document into a Dropbox location from his mobile device, sharing it with people outside of the company who shouldn't access this document.

Misbehaving in Class

Instead of using network shares with Active Directory authentication, a team in a higher education institution shared user lists (including names of students) and system logs for a particular enterprise application, budget documents, and other internal files using Dropbox, Google Drive, and personal email accounts. 

Why Go Rogue?

The Marketing Manager used Gmail to send files home to work on it. The company email only allowed 5 MB attachments and many of the PowerPoint decks were much larger than that. 

Ex-Drama

My Ex-girlfriend had answers to the "secret" questions on my iCloud and used it to reset workarounds. She used remote wipe to delete iPhone, iPad, and MBA data.

Leaked Customer Information

Sales staff in a financial services firm would frequently use box.net to send themselves customer information because the backend system wasn't fully mobile enabled. However, when sales staff would leave there was no method to retrieve customer information that walked out the door.

Lotus Leaks

I audited a big SI (>20000 people all over the planet) who were using Lotus Notes as a messaging system and ftp server as a way to exchange big files with their customers and partners. I found out two interesting rogue behaviors: - a set of engineers were re-routing their emails and calendars to their personal mobile android because Lotus Notes was only supported on BB devices provided by the company. The sales team were sharing their documents (related to RFPs) with customers through Dropbox because the RFP was slow and not user-friendly.

Smartphone Saving Miles

I audited a road construction company who provided their security workforce with cameras to take pictures of any security issue. People were supposed to take the picture, write a note about where the problem was and what the problem was. They had to drive back to the office to bring back the camera in order to share it with others and for insurance purpose they could not bring it home. Many of them bought a personal smartphone, took professional pictures (security involved) with it, took GPS positions of where the security issue was, marked on a google map image where the problem was exactly, and sent it all through their personal email to their professional email. Why? Because they didn't want the hassle of having to go back to work: they saved between 2000 and 8000 miles per year by not doing so.

Free Government Wi-Fi?

Federal employees brought Wi-Fi access points into their office – two were Cisco and two were Netgear. In each case, the secure secret password was left at the default setting – Tsunami. Directly across the street was an Embassy Suites hotel that apparently had bad Wi-Fi, and many of the hotel guests connected to the rogue boxes sitting inside the government networks. The issue was discovered when one hotel guest started poking around the federal network and triggered several security alarms.

Picture Panic!

A teacher unintentionally logged onto a school owned iOS device using their personal Apple account and unbeknownst to them Apple iCloud synced their personal photos to the school device. Needless to say there were some NSFW images that were viewed by students, with dire consequences.

Instant Credit Card Details

My client had determined that instant messaging was unsafe, and therefore unsupported, and suspected that people had started sharing work data across the public IM networks - like MSN Messenger, Yahoo and AOL. I was asked to investigate user activity, and found very quickly that sensitive customer data (including credit card and bank routing details) were being shared via these networks. We also determined that it wasn't one or two people, but almost everyone within Finance who were guilty of abusing this policy!

Password Whispers

An EU firm was getting accelerating requests from its users for personal iPads and smartphone access to company systems. IT resisted the requests for several months. Finally, it decided to open up its email systems to a “select number of executives” and it gave them the passwords. 6 weeks later, IT ran an audit on the system and found x10 the number of employees connected into the corporate back end environment. The passwords, for a few key execs, flew right around the organization like wildfire.