E05 - A Windy Day

FEB 10, 202120 MIN
Tales from the Ops Side

E05 - A Windy Day

FEB 10, 202120 MIN

Description

Most companies don’t discover they have been hacked until months later. But imagine catching a hacker red-handed? Your course of action would be very different.
 
Instead of dealing with the aftermath, your focus would be on urgently identifying the source and then blocking the hack.
 
This is exactly what stack.io CEO and Founder Hany Fahim did when dealing with his first hack, back when he was a young Systems Administrator.

Yes, this episode tells a tale from some years ago. So long ago that our host Hany was using a Blackberry and struggled to remember the course of events. This slight memory haze introduces a humorous interlude in the episode, with current-day Hany and his younger self in a quibble about the true course of events.

The hack started with an internal search tool used company-wide to retrieve important information. Its speed had slowed to a crawl. Hany investigated and discovered a huge backlog of searches. The culprit? The task at the head of the queue was trying to back-up the database.

Hany terminated the task only to have it pop-up again minutes later. He traced the request to a web server, then sent an email to the hardware team and to the entire company about the issue. The situation was resolved, or so he thought.

Suddenly, monitoring alarms started sounding from a highly secured back-up system deep inside the data centre. The hack was coming from inside the office! Hany had the hardware team track it - directly to a vice president’s office. Knowing the VP was on vacation, Hany went into his office and discovered the hackers were remotely logging into the VP’s terminal and using it to back-up the company database. Hany unplugged the computer. It turned out that this was only the beginning.

We won’t give the entire story away here . . . otherwise, that would spoil the episode for you!

Hany notes that humans, not machines, are generally the weak-link when it comes to security. Similar to this tale, the recent SolarWinds hack in December 2020, which breached many Fortune 500 companies and US government agencies (including Homeland Security and the National Nuclear Security Administration), were also connected to human error, rather than the machines.

Connect with Hany at his company stack.io and LinkedIn.
 
Don't forget to leave us a review and subscribe to our channel to keep up with the latest episodes!