The Frankenserver

  • ParkinT 2012-11-01 06:47
    "...Team Player"
    Oh, I get it!!!
  • Cbuttius 2012-11-01 08:07
    Ok, "November Spawned A Monster"...

    but really this article is one day late.
  • Unicorn #8157 2012-11-01 08:13
    Best. Job. Ever.
  • Kooblie 2012-11-01 08:17
    NOC... server farm... data center... Rack N... row 1... the main doors to the server room... cooling system
    Wait a second! An outfit this size has to beg for one extra IP address "for testing"?

    And if everybody up to "the executive director" is in on the secret, who are they hiding it from?
  • Sarten X 2012-11-01 08:21
    TRWTF is the server's management. The server should have been clearly labeled "special project hosting", and had proper documentation saying that is was used for "low-priority management-approved personal projects across various departments", with a note that the hardware budget for such low-priority projects is always $0, so all upgrades must be from old parts.
  • A Luser 2012-11-01 08:30
    I have a running gag with our IT department concerning a non-existent (to my knowledge anyway) "IT gaming server". This imaginary server is (of course) the most powerful one in the building. Every time any large boxes show up for IT, it's the "new processor blades for the IT Gaming Server", and every time large new wall mount displays show up, they're for the "IT Gaming Room" (also non-existent).

    Now, I have proof.

    Seriously, though, our IT guys are the best, most helpful folks I've ever worked with, and I'd totally support a gaming server for them...if I got to use it :-)
  • Abico 2012-11-01 08:39
    After yesterday's debacle, I don't think I'm going to read an article here anymore unless it's nothing but code.
  • the beholder 2012-11-01 08:40
    Unicorn #8157:
    Best. Job. Ever.
    I agree. The real WTF in this story is that this isn't more common throughout the industry.

    Although I can think of dozens better games to outfit a game server with than Counter Strike. Maybe this story was from when it was comparatively a far better choice than it is today.
  • Jack 2012-11-01 08:54
    For quite a while at work, we had a Universal Tester server.


    .. until it's PSU blew up :(
  • Abico 2012-11-01 08:59
    the beholder:
    Unicorn #8157:
    Best. Job. Ever.
    I agree. The real WTF in this story is that this isn't more common throughout the industry.

    Yeahhhh, that's it. Uncommon. That's what it is......
  • the beholder 2012-11-01 09:05
    Abico:
    the beholder:
    Unicorn #8157:
    Best. Job. Ever.
    I agree. The real WTF in this story is that this isn't more common throughout the industry.

    Yeahhhh, that's it. Uncommon. That's what it is......
    I never said it is uncommon, just not as common as it could be
  • Mcoder 2012-11-01 09:12
    Kooblie:
    And if everybody up to "the executive director" is in on the secret, who are they hiding it from?


    Underlings.

    Somebody has to work, otherwise the company'll fail.
  • ObiWayneKenobi 2012-11-01 09:22
    Sounds awesome. I agree it's a shame too many places are so stuck up as to not understand that your IT staff usually has some period of downtime, and they need something to do during that downtime that isn't "more work".

    I've even heard legends of development teams that played MMORPGs when they had finished projects and had nothing major going on.
  • Freddy Bob 2012-11-01 09:23
    "Simulations and Training"
  • Anonymous 2012-11-01 09:43
    Whew. For a while there, I was afraid they were using it for email or something!
  • Kidd 2012-11-01 09:50
    You are not really a NOC until you have a game server.
  • Mike 2012-11-01 09:57
    TRWTF is CounterStrike

    Captcha suggests populus!
  • Wyte 2012-11-01 10:04
    Makes me feel good about our company's testing rack that has a server clearly labeled "Minecraft" on the front.
  • Cbuttius 2012-11-01 10:07
    I have noticed something else about this site that has changed - for the better in my opinion.

    Although we are now in November I can still see the last few October articles on the main page.

    I think it was a WTF to cut off like that before. It's ok in the archives, but the main page should always display a few articles.
  • Abico 2012-11-01 10:21
    the beholder:
    Abico:
    the beholder:
    Unicorn #8157:
    Best. Job. Ever.
    I agree. The real WTF in this story is that this isn't more common throughout the industry.

    Yeahhhh, that's it. Uncommon. That's what it is......
    I never said it is uncommon, just not as common as it could be

    And I'm saying, just because you don't see it doesn't mean it's not more common than you think.
  • Gary 2012-11-01 10:24
    Reminds me of two stories from my old job:

    (1) "Kumar's cube" which had a network connection outside of the firewall. An old box was plugged into it. That box ran the company's (marketing) website. And this was a $600 million company with 4,000+ employees. One of its major lines of business was in application hosting!

    (2) One employee of said application hosting business used one of the servers for his sideline - as it turns out, a porn site. I wish he had used Kumar's cube...
  • Recursive Reclusive 2012-11-01 10:33
    ObiWayneKenobi:
    Sounds awesome. I agree it's a shame too many places are so stuck up as to not understand that your IT staff usually has some period of downtime, and they need something to do during that downtime that isn't "more work".


    As I read it, the other staff was playing from home.

    Comment deletion is getting a bit out hand here. I made a comment earlier, not offensive, not spam, not "frist", but a (IMHO) humorous jab at a type in the article. Now it has been deleted and the typo corrected.

    **From Mark** IMHO, I see "typo alert" as being more of an FYI rather than an actual discourse. Not spam, not offensive at all (I admit - I can't grammar at times which is why I ask Alex/Remy to read my stuff, but hey, things get missed in the 900+ word range) and believe me, I appreciate the heads' up...it just, to me, was a quick note unrelated to the main thread, hence moderation.
  • anonymous 2012-11-01 10:48
    TRWTF is that the submitter's company refers to rack position 1 as "row 1". Don't they have multiple rows of racks?

    TRRWTF is that the submitter's company calls the top position of the rack position 1. Don't they load the rack from the bottom up?
  • phuzz 2012-11-01 10:50
    I used to work at a company that built PCs (and laptops and servers). In the corner, near the server build team were the guys who created the installs for the machines we built, and for some reason, they had their own ADSL connection for 'testing'.
    With a bit of sweet talking we got them to drop us an ethernet cable connected to said connection, and finding enough spare parts to create a spare computer is pretty easy when you're just next to a warehouse full of parts, with a slack inventory system.

    That little web connection stopped me from going mad from boredom for many a week.
  • Mark Bowytz 2012-11-01 11:13
    anonymous:
    TRWTF is that the submitter's company refers to rack position 1 as "row 1". Don't they have multiple rows of racks?

    TRRWTF is that the submitter's company calls the top position of the rack position 1. Don't they load the rack from the bottom up?


    Funny you mention - I thought the same and asked for clarification/confirmation - nope, that's how it was.
  • eVil 2012-11-01 11:13
    Abico:
    the beholder:
    Abico:
    the beholder:
    Unicorn #8157:
    Best. Job. Ever.
    I agree. The real WTF in this story is that this isn't more common throughout the industry.

    Yeahhhh, that's it. Uncommon. That's what it is......
    I never said it is uncommon, just not as common as it could be

    And I'm saying, just because you don't see it doesn't mean it's not more common than you think.


    And I keep telling you, you fly boys crack me up!
  • Floozy 2012-11-01 11:16
    Uhh... either its extremely common to have a jeff and ryan in those exact same positions and have a similar setup... or this was from my company!

    Though its probably coincidence...
  • DJ 2012-11-01 11:17
    Ahh Unreal Tournament , those were the days.. Hope they bring out a new one soon.
  • Lafcadio 2012-11-01 11:19
    We had a public game server at a company I worked for. IT management knew about it and tacitly allowed it.

    Until the day we banned some script kiddie asshole who turned around and DOSed us and took down network connectivity for our entire research park. Bye-bye server.
  • Harrow 2012-11-01 11:29
    ObiWayneKenobi:
    I've even heard legends of development teams that played MMORPGs when they had finished projects and had nothing major going on.
    The pioneer computer games -- Spacewar, Animal, Adventure, Zork, Rogue -- were written by development teams that had finished projects and had nothing major going on.

    -Harrow.
  • Sebastian Buchanan 2012-11-01 11:33
    Sorry but just because everyone else is in on it doesn't make it right. I would have immediately started looking for another job as well as perhaps making anonymous tip off to the police.

    That aside, how did he know it was Jeff on the other-end of the phone? It could have been a hacker impersonating Jeff and getting him to identify where the servers were so that he could create a backdoor into the building.

    It has all the elements of social engineering:
    -out of the blue call
    -someone identifying themselves as an employee who just needs a quick favor
    -jovial
    -strange request from wrong person
    -person doesn't seem to know their way round the server room
    -strange box hidden away

    Sorry but he should have at the very least demanded the request be sent in email (if he really is the email administrator that shouldn't be a problem), NOT over the phone. Phones are what hackers mainly use. The email woudl need proper authorization through digital signing to make sure it was the actual email administrator. Of course I would have been tempted to demand the admin come round in person (with security pass) for such an odd request.

    Note that if the request is fairly ordinary and common there is no problem, it's only odd requests like the above.
  • OldCoder 2012-11-01 12:03
    Sebastian Buchanan:
    Sorry but just because everyone else is in on it doesn't make it right. I would have immediately started looking for another job as well as perhaps making anonymous tip off to the police.

    That aside, how did he know it was Jeff on the other-end of the phone? It could have been a hacker impersonating Jeff and getting him to identify where the servers were so that he could create a backdoor into the building.

    It has all the elements of social engineering:
    -out of the blue call
    -someone identifying themselves as an employee who just needs a quick favor
    -jovial
    -strange request from wrong person
    -person doesn't seem to know their way round the server room
    -strange box hidden away

    Sorry but he should have at the very least demanded the request be sent in email (if he really is the email administrator that shouldn't be a problem), NOT over the phone. Phones are what hackers mainly use. The email woudl need proper authorization through digital signing to make sure it was the actual email administrator. Of course I would have been tempted to demand the admin come round in person (with security pass) for such an odd request.

    Note that if the request is fairly ordinary and common there is no problem, it's only odd requests like the above.


    Not at all. The caller knew where the rack was, knew what the server was called, knew how to guide Ryan to the rack. He obviously knew all about the box.

    Now, he might have been a disgruntled former employee, I grant you that...
  • dkallen 2012-11-01 12:15
    anonymous:
    TRWTF is that the submitter's company refers to rack position 1 as "row 1". Don't they have multiple rows of racks?

    TRRWTF is that the submitter's company calls the top position of the rack position 1. Don't they load the rack from the bottom up?


    Don't they start enumerating from 0, like all computer nerds do?
  • Ol' Bob 2012-11-01 12:28
    Y'know, if companies didn't want this sort of thing going on they'd still pay pensions, etc, so people would have a vested interest in making sure that everything hunky was appropriately dory in Corporate IT Land. Instead we get treated like so many temporarily non-displaced personnel or our jobs get shipped off to Bumsquatistan and our salaries off to the executive bonus pool at the drop of a hat. I 'spect this kind of thing happens more than we know...
  • Ol' Bob 2012-11-01 12:34
    Gary:
    Reminds me of two stories from my old job:

    (1) "Kumar's cube" which had a network connection outside of the firewall. An old box was plugged into it. That box ran the company's (marketing) website. And this was a $600 million company with 4,000+ employees. One of its major lines of business was in application hosting!


    The cobbler's children have no shoes.

    (2) One employee of said application hosting business used one of the servers for his sideline - as it turns out, a porn site. I wish he had used Kumar's cube...

    So...I guess Kumar was into that kind of thing..?

    (CAPTCHA: tation - "That babe certainly causes me some 'tation!"
  • Calli Arcale 2012-11-01 12:36
    Sebastian Buchanan:
    Sorry but just because everyone else is in on it doesn't make it right. I would have immediately started looking for another job as well as perhaps making anonymous tip off to the police.


    The police? Employees (including executives) building a game server out of spare parts which never leave the property isn't a crime. It may possibly violate workplace ethics, though it depends on the workplace. Basically, it's ultimately between you and the execs, and if they're okay with it, well, there's nothing else to be done. Except look for a job with a more humorless organization.
  • Mike 2012-11-01 12:43
    So very true. Just like at the gym don't put the weight on the top of the rack until you've loaded the bottom. Otherwise "bad things happen". There has to be a NAS or other type of disk array just looking for a home :)
  • PedanticCurmudgeon 2012-11-01 12:55
    Sebastian Buchanan:
    pathetic troll attempt
    1/10. Would not flame even with someone else's keyboard.
  • Sebastian Buchanan 2012-11-01 13:00
    PedanticCurmudgeon:
    Sebastian Buchanan:
    pathetic troll attempt
    1/10. Would not flame even with someone else's keyboard.


    Wow why don't you just make up what I said? Oh wait, you did. I never said the words you attribute to me and never would. As a rule I don't insult and name-call. Therefore I would never utter the phrase "pathetic troll attempt" even if it fit. If someone WAS being an abusive troll to me I would just ignore them.

  • PedanticCurmudgeon 2012-11-01 13:05
    Sebastian Buchanan:
    If someone WAS being an abusive troll to me I would just ignore them.
    I find that highly unlikely. Your not too bright, are you?
  • Sebastian Buchanan 2012-11-01 13:06
    Calli Arcale:
    Sebastian Buchanan:
    Sorry but just because everyone else is in on it doesn't make it right. I would have immediately started looking for another job as well as perhaps making anonymous tip off to the police.


    The police? Employees (including executives) building a game server out of spare parts which never leave the property isn't a crime.


    Well it depends what country you are in surely, local laws etc. Anyway like someone else mentioned I was thinking what if the caller was a disgruntled ex-employee and so perhaps the "strange box" is some sort of incendiary device? (okay a bit over the top but you get the idea). The worst part is that if you just follow instructions over the phone there's no record of it and so you become the perpetrator of the crime. Telling the police that some mystery man called you up and told you to activate the bobm is not going to sound very convincing.
  • Anonymous Bob 2012-11-01 13:32
    You take the pension... I'll take my 401k. I don't want to be locked into a company just so I can keep my retirement. And I don't want to worry about the company imploding like Enron decades down the road.

    Ol' Bob:
    Y'know, if companies didn't want this sort of thing going on they'd still pay pensions, etc, so people would have a vested interest in making sure that everything hunky was appropriately dory in Corporate IT Land. Instead we get treated like so many temporarily non-displaced personnel or our jobs get shipped off to Bumsquatistan and our salaries off to the executive bonus pool at the drop of a hat. I 'spect this kind of thing happens more than we know...
  • Anonymous Bob 2012-11-01 13:38
    PedanticCurmudgeon:
    Your not too bright, are you?


    I love it when someone makes a grammatical mistake when saying someone else isn't too bright. Karma's a bitch.

  • F 2012-11-01 13:48
    Sebastian Buchanan:

    ...
    Telling the police that some mystery man called you up and told you to activate the bobm is not going to sound very convincing.


    Even if you can pronounce it.
  • PedanticCurmudgeon 2012-11-01 13:49
    Anonymous Bob:
    PedanticCurmudgeon:
    Your not too bright, are you?


    I love it when someone makes a grammatical mistake when saying someone else isn't too bright. Karma's a bitch.

    You must be new here.
  • F 2012-11-01 13:49
    Anonymous Bob:
    PedanticCurmudgeon:
    Your not too bright, are you?


    I love it when someone makes a grammatical mistake when saying someone else isn't too bright. Karma's a bitch.



    Muphry's Law, it's called.
  • the beholder 2012-11-01 13:50
    PedanticCurmudgeon:
    Sebastian Buchanan:
    If someone WAS being an abusive troll to me I would just ignore them.
    I find that highly unlikely. Your not too bright, are you?
    +1. It's funny watching awful trolls trying to justify crappy attempts at trolling. I found the "bomb" excuse particularly humorous.

    Anonymous Bob:
    I love it when someone makes a grammatical mistake when saying someone else isn't too bright. Karma's a bitch.
    You're new here, aren't you? Maybe you should google for that phrase spelled that way on TDWTF.
  • Nemo 2012-11-01 14:07
    F:
    Anonymous Bob:
    PedanticCurmudgeon:
    Your not too bright, are you?


    I love it when someone makes a grammatical mistake when saying someone else isn't too bright. Karma's a bitch.



    Muphry's Law, it's called.


    Actually, it's pronounced "whoosh!"
  • A Luser 2012-11-01 14:08
    Harrow:
    ObiWayneKenobi:
    I've even heard legends of development teams that played MMORPGs when they had finished projects and had nothing major going on.
    The pioneer computer games -- Spacewar, Animal, Adventure, Zork, Rogue -- were written by development teams that had finished projects and had nothing major going on.

    -Harrow.


    When I was at Data General in the early 90s we had xnetrek wars using up most of the bandwidth on the engineering (yellow cable) Ethernet.
  • A Luser 2012-11-01 14:13
    Kooblie:
    NOC... server farm... data center... Rack N... row 1... the main doors to the server room... cooling system
    Wait a second! An outfit this size has to beg for one extra IP address "for testing"?

    And if everybody up to "the executive director" is in on the secret, who are they hiding it from?


    There's always one guy in any organization, with a stick up his...who wants to ruin it for everyone. Why give him the opportunity?
  • shepd 2012-11-01 14:32
    I know of no country on the planet apart from Best Korea where a private company can't build themselves a gaming server if they want to. They don't even need to use junk. They can *gasp* use the customer's used-to-be-own money to buy brand new high end parts (after they have provided the customer with the requested service/product, of course).

    Sure, it eats into profits (although in this case very little profit, just electricity/bandwidth since the employees aren't doing anything with their time), so if you only motivation in life is money, perhaps somewhere else might make more sense for you.
  • n_slash_a 2012-11-01 14:42
    OldCoder:
    Sebastian Buchanan:
    Sorry but just because everyone else is in on it doesn't make it right. I would have immediately started looking for another job as well as perhaps making anonymous tip off to the police.

    That aside, how did he know it was Jeff on the other-end of the phone? It could have been a hacker impersonating Jeff and getting him to identify where the servers were so that he could create a backdoor into the building.

    It has all the elements of social engineering:
    -out of the blue call
    -someone identifying themselves as an employee who just needs a quick favor
    -jovial
    -strange request from wrong person
    -person doesn't seem to know their way round the server room
    -strange box hidden away

    Sorry but he should have at the very least demanded the request be sent in email (if he really is the email administrator that shouldn't be a problem), NOT over the phone. Phones are what hackers mainly use. The email woudl need proper authorization through digital signing to make sure it was the actual email administrator. Of course I would have been tempted to demand the admin come round in person (with security pass) for such an odd request.

    Note that if the request is fairly ordinary and common there is no problem, it's only odd requests like the above.


    Not at all. The caller knew where the rack was, knew what the server was called, knew how to guide Ryan to the rack. He obviously knew all about the box.

    Now, he might have been a disgruntled former employee, I grant you that...

    I disagree, most large companies (like the one in the article) have a global database you can use to look up employee's phone numbers, email, ect... If Ryan was unsure of the caller he could have just looked him up. However, the article seemed to imply that Ryan knew Jeff. Or possibly that the "emergency phone" wasn't connected to the outside world.

    That being said, one should always be alert for the type of criminal activity you are describing.
  • chubertdev 2012-11-01 14:49
    F:
    Sebastian Buchanan:

    ...
    Telling the police that some mystery man called you up and told you to activate the bobm is not going to sound very convincing.


    Even if you can pronounce it.


    someone set us up the bobm
  • Jason 2012-11-01 15:22
    Just because the top slot is labelled "1" doesn't mean it's filled first. The rack can still be filled bottom up; the frankenserver had to be at the top, however, because it was being hidden by the false frontage of the cooling unit that is at the top.
  • PedanticCurmudgeon 2012-11-01 15:25
    chubertdev:
    F:
    Sebastian Buchanan:

    ...
    Telling the police that some mystery man called you up and told you to activate the bobm is not going to sound very convincing.


    Even if you can pronounce it.


    someone set us up the bobm
    all your baes are belong to us
  • Michael 2012-11-01 17:01
    Nothing seems to have changed over the years. I used to work in Investment Banking IT over 12 years ago and one day I followed one of the infrastructure guys into the engine room. I spotted a rack with a label on it saying "Big 1". I asked what machine that is and my colleague replied "Oh, don't tell anyone, this is where we have the mp3-collection.". The perks of the infrastructure department: massive pipe and control over the firewalls. Those were the days.
  • anon 2012-11-01 17:27
    anonymous:
    TRWTF is that the submitter's company refers to rack position 1 as "row 1". Don't they have multiple rows of racks?

    TRRWTF is that the submitter's company calls the top position of the rack position 1. Don't they load the rack from the bottom up?


    That was probably all made up by the anonymization. The gist is "there was a weird server where it wasn't supposed to be."
  • Swampcritter 2012-11-01 18:47
    Reminds me of the days working at a FedEx data center.

    Nearly 1,500 Solaris SunFire servers and this one little 'Linux' server who was running inside the shell of one. Contained on this box was one QuakeWorld Team Fortress (MEGA-TF) environment with hundreds of maps. All of the SAs, managers, network and development teams, at different FedEx sites would engage in a huge PvP war and it was up to the NOC team members to keep an eye on the box to make sure all was well.

    I miss those days.
  • Bad guy 2012-11-01 22:43
    I remember that when we leave one of my previous company, we had a server named "Warcraft".

    No, that's not a game server... It's a standby-production one that holds all kinds of important function like secondary email server, secondary fax server, secondary web server that would be automatically failoverred when the main one is defunc.

    Dunno if there would be clueless staff who dump it because of that name... afterall the whole IT team left in one go and we just left some paper documents and we have no way to know whether the new comers have spent time to read them.
  • Gibbon1 2012-11-02 01:11
    Wyte:
    Makes me feel good about our company's testing rack that has a server clearly labeled "Minecraft" on the front.


    Well that's one way to make sure the monkeys leave the automated build server alone.
  • ysth 2012-11-02 04:47
    PedanticCurmudgeon:
    Your not too bright, are you?

    His not too bright *what*?
  • dkf 2012-11-02 05:03
    Anonymous Bob:
    You take the pension... I'll take my 401k.
    Actually, it'll be Wall Street that takes both of them. Watch and seeā€¦
  • Nagesh 2012-11-02 07:01
    PedanticCurmudgeon:
    Sebastian Buchanan:
    If someone WAS being an abusive troll to me I would just ignore them.
    I find that highly unlikely. Your not too bright, are you?


    You're! Even bad English speaker like Nagesh know this.
  • DWalker59 2012-11-02 11:04
    I'm glad he found his notebook and pen unmuted.
  • jay 2012-11-02 13:49
    So some employees took some obsolete spare parts and assembled a computer from them, which they then use to play computer games from home.

    As ethically questionable actions go, this seems pretty low on the list. The parts would presumably have been thrown away anyway, so it's not like they're stealing something that the company wanted to keep. Indeed, they haven't removed the parts from the building, so if there was a need for them for some actual company work, they could just dismantle the game machine to pull the parts. If they're accessing it from home, that's presumably non-work hours. So where's the ethical violation? That they took up a few cubic feet in the server room for their game machine? I guess they're using some bandwidth, maybe that ends up costing the company something.

    I'd put this on the same level as, "Two employees spent 20 minutes chatting about sports instead of working" or "Employee used company-owned pen and piece of paper from company-owned notepad to make a shopping list".

    If my boss happens to read this, let me emphasize that I am speaking purely hypothetically here. Personally, I would never dream of taking a company-paid-for paper clip home, or of spending working time reading thedailywtf.com.
  • jay 2012-11-02 14:06
    Sebastian Buchanan:
    Sorry but just because everyone else is in on it doesn't make it right. I would have immediately started looking for another job as well as perhaps making anonymous tip off to the police.

    That aside, how did he know it was Jeff on the other-end of the phone? It could have been a hacker impersonating Jeff and getting him to identify where the servers were so that he could create a backdoor into the building.

    It has all the elements of social engineering:
    -out of the blue call
    -someone identifying themselves as an employee who just needs a quick favor
    -jovial
    -strange request from wrong person
    -person doesn't seem to know their way round the server room
    -strange box hidden away

    Sorry but he should have at the very least demanded the request be sent in email (if he really is the email administrator that shouldn't be a problem), NOT over the phone. Phones are what hackers mainly use. The email woudl need proper authorization through digital signing to make sure it was the actual email administrator. Of course I would have been tempted to demand the admin come round in person (with security pass) for such an odd request.

    Note that if the request is fairly ordinary and common there is no problem, it's only odd requests like the above.


    Well, you're assuming that he didn't recognize the caller's voice. Or, I suppose, that voices over the phone are distorted enough that someone could be impersonating a known employee.

    But even assuming he was in a proper security mindset and was suspicious, how would it help a hacker for him to reboot a server? I can certainly see being suspicious of requests that could readily lead to a crime. Like, if someone calls and says he forgot his password and please reset his password and tell him the new value, I'd be very cautious about complying with such a request even if I thought I recognized the person's voice. Or if someone asked me to take a piece of valuable equipment outside and meet him in the parking lot with it so he can take it home, I'd be reluctant to do that unless there was some established company practice for borrowing equipment, etc.

    I suppose anything odd COULD be part of a crime. But anything routine-sounding could be part of a crime, too. Indeed, if I was going to steal from my employer or vandalize company property for some reason, I would think I'd go to a little effort to make everything look routine, precisely so that I did not attract attention.

    For that matter, if you do something calmly and confidantly enough, few people would be suspicious. I recall once I was banging away on my computer as usual when a stranger walked up and told me that the company was upgrading all the computers. So he loaded a number of our computers on a cart and wheeled them out. My only question at the time was what I was supposed to do about the data on my hard drive, to which he replied that they would be copying everything on our hard drives to the new computers. After he left it occurred to me: How do I know this guy actually works here and that he isn't a thief who just stole half a dozen computers, and we all helped load them on a cart so he could carry them out! Of course he came back an hour or so later with the new computers, it was all legit. But why did we just take that for granted?
  • Dann of Thursday 2012-11-02 15:37
    Sebastian Buchanan:
    PedanticCurmudgeon:
    Sebastian Buchanan:
    pathetic troll attempt
    1/10. Would not flame even with someone else's keyboard.


    Wow why don't you just make up what I said? Oh wait, you did. I never said the words you attribute to me and never would. As a rule I don't insult and name-call. Therefore I would never utter the phrase "pathetic troll attempt" even if it fit. If someone WAS being an abusive troll to me I would just ignore them.



    This is the funniest troll I have ever read, no lie. It almost got me for a second. It's just so delightfully meta!
  • F 2012-11-03 11:48
    jay:
    Sebastian Buchanan:

    [...]
    It has all the elements of social engineering:
    -out of the blue call
    -someone identifying themselves as an employee who just needs a quick favor
    -jovial
    -strange request from wrong person
    -person doesn't seem to know their way round the server room
    -strange box hidden away
    [...]


    Well, you're assuming that he didn't recognize the caller's voice. Or, I suppose, that voices over the phone are distorted enough that someone could be impersonating a known employee.

    But even assuming he was in a proper security mindset and was suspicious, how would it help a hacker for him to reboot a server?
    [...]


    Social engineering requires taking account of the possibility that you won't succeed at first try. If your initial request is, say, to have the admin password reset, then a failed attempt gives the whole game away. So ask for something else first, and when that request is granted you know you've got your victim hooked.

    Rebooting the server is the first request. His willingness to do it shows he believes the hacker's false identity. The hacker, having successfully requested a more significant task, can then go on to request an apparently less significant one - such as resetting his "forgotten" password.
  • DavidTC 2012-11-04 11:07
    Rebooting the server is the first request. His willingness to do it shows he believes the hacker's false identity. The hacker, having successfully requested a more significant task, can then go on to request an apparently less significant one - such as resetting his "forgotten" password.

    First, you will notice reading the story that Jeff did not 'identify himself as an employee'. He didn't identify himself at all, so presumably, it was someone that Ryan identified from voice, and thus presumably was someone calling that he worked with all the time. So pretending that this could have been some hacker calling up is absurd...Ryan knew damn well who it was.

    Second, Ryan was the graveyard shift in charge of the server room, which meant rebooting servers was his job. This wasn't someone calling up asking for something outside of Ryan's scope, or some request to do something weird...Ryan is _supposed_ to sit there and take 'out of the blue' calls (from recognized people) to reboot servers that have fallen over.

    Now, he'd been asked to reboot a server that did not, apparently, officially exist, and was well hidden. Which was very odd, but it was a server in the server room, and thus entirely under the scope of his job.

    The only caveat is the the _email_ guy is asking him to reboot a server that, as far as he knows, isn't an email server. Of course, it could _be_ a email server, he has no idea. He _does_ know it can't be one of the critical servers.

    At this point, Ryan _either_ has some crazy conspiracy theory that requires some very important server being hidden physically and documentation-wise, which rebooting will somehow break, and the trusted email admin is actively attacking the company with his unwitting help, leaving a very obvious trail back to the email admin (As opposed to him walking into the server room and breaking CORPSRV1818 secretly, or just sabotaging, duh, the _email_.)...or there's simply some random unimportant server in a very odd place that Ryan doesn't know about which has stopped working.(1) One of those is only the choice of people with paranoia delusions.

    1) Which doesn't mean he shouldn't attempt to figure out what the server is for afterwards...perhaps Jeff is running some sort of illegal server and someone should be informed. It's just that it obviously isn't any sort of social engineering, and the mere act of rebooting it will not harm anything, _and_ is within the scope of Ryan's job. (After all, if it was a mission critical server that should not be rebooted, it should be _documented_.) So he was entirely correct to say 'Uh, what was it I just rebooted?' and worry about whether or not this was authorized until he learned that, apparently, it was 'unauthorized' via the very top levels of the company. (Which, yes, is stupid, but that is unrelated to any worries about a social engineering attack.)
  • Bill C. 2012-11-04 18:00
    No wonder their pathetic attempts at social engineering fall down flat. When real social engineers see a mail server they use a femail client. And vice versa.
  • Rex 2012-11-04 22:04
    Reminds me of the time my team upgraded a certain nation's Air Defense operations centre many, many years ago. It was the first time their system had an intranet (instead of point-to-point async connections), several days before commissioning and 'go-live' we found that the techs had installed Wolfenstein and were running it during the nightshift. Needless to say, that got deleted fairly quickly!
  • Richard 2012-11-05 12:31
    TRRRWTF is that they called it position _1_. By any decent indexing system, it should be _0_.
  • Anonymous 2012-11-05 19:10
    Haha, we call ours the "collaboration server".
  • bob nelson 2012-11-08 13:28
    mmmm... quake
    while we did always have netquake and qw servers at my jobs in the past, my favorite was the public facing qw server we had running at my high school.
  • That guy 2013-01-25 16:43
    He says in Rack N, row 1.