The best hackers are Russian!

matryoshka, wooden, the culture-1631194.jpg

This story is in no way disrespectful to Russians, it is a tribute to one of the Russians I have had the pleasure of working with in my past.

Several years ago in prior to my career change into vendor land, I used to be a team leader for a Server team in a large (for New Zealand) Government organisation. 

These were fun times, before laptops were provided to government IT teams as a rule(except on call) and work was almost entirely done at the office. Being at home meant no work in these simple times before smart phones really took off, I recall that I had a Sony Ericsson T68 and then P800 (a real smart phone!).

This role was the first I had experienced as a leader of a Russian server administrator, an extremely smart. motivated and passionate about work employee. Managing this Russian server admin (from now on known as G) was very time consuming and complex to start with as he needed to trust before he could be managed and therefore this required demonstrating that I knew what I was talking about before G would follow me. 

Most of the time G would do what I needed while always explaining that he was doing it for a reason that didn’t happen to involve being asked by myself to do it, though he always got the job done, and the job was done right every time!

In these dark days dealing with G sometimes felt like walking up a sand dune, where one step forward could be followed by a slide right back to the start!

G took it upon himself to manage the security for the department, G was the best you could find for performing this task and he religiously “combed” the firewall logs, looking for any port scanning or connection attempts, any activity against the departments network was as an attack on him personally and a retaliation would often be initiated immediately, not stopping until the attacker was completely defeated. 

The  early 2000s was a time when IT security meant a firewall, Anti virus solutions and email anti virus / web proxies were about the limit of protection for most organisations, in New Zealand at least.

We managed patching of applications and operating systems regularly as well as strong password policies, as L0phtCrack was used (by G regularly) to determine the weakness of user passwords, along with the obligatory visit to a users desk to tell them their password was not secure enough.

Cyber security has been around a long time!

As time moved on G decided that waiting for attacks to happen was not aggressive enough and that the best form of defence was full offence, so instead of waiting for port scans and connection attempts, G set up a honey pot inside the corporate DMZ where he ran a number of Linux servers and could actively trap and start attacking the hackers back.

Every week G would have new tales of what and who he had reverse hacked and what problems G had caused for the hacker at that time, these activities were not simply during work hours G was passionate about this important task and ‘worked’ all hours disrupting the attackers.

Then one day a BIG 4 consultancy came to visit our government department office, their task was to determine how secure we were as an organisation, we did not know at the time, but there was also another more subversive reason. 

Our IT manager informed us that we were to be helpful to the guy doing the work (an internal pen test, they had been unsuccessful with the external Pen testing due to G) and most of the team were polite to this new consultant, that is all except G. For G having someone within our office who was tasked with discovering our deepest darkest fears (vulnerabilities) was a slap to his face, insulting and worse, an attack on him personally. 

Still the team was able to let the guy start doing his job at a desk near ours, it was around lunch time when the Big 4 consultant went to the managers office and asked why he could no longer log into his machine, a Microsoft NT 4 workstation – how old am I! 

In the time since the consultant had started his work, looking for ways into the corporate network, G had started hacking back to the consultants Laptop, within 2 hours G had been able to successful connect to the laptop and stop the consultant from doing any work by effectively taking over the workstation and locking him out. 

In any other situation this would have been a win to the internal server team and the hacker would have been beat! Detecting a “malicious” device on the network and ‘killing’ it…. But in this case we had to give his machine back and allow the consultant to continue working. 

On the bright side, as G had been successful in taking over the consultants laptop in less than 2 hours he was no longer upset at this intruder determined to undermine our security procedures and practices, the professional respect between the two of them had been proven and they could now be almost “mates”. 

Unfortunately, we failed the audit by a long shot, but not because of what we had achieved with security, as an organisation we were very secure. We failed because the wind was blowing in the direction of “out sourcing” (A buzzword in the early 2000s and one that got many a CTO hired to ‘save’ money) and the resulting report was doctored, including dishonest material that supported the “out sourcing” model to increase security – another big slap on G’s face, as security was his life.  

I did get to the position of professional respect with G, it required a few months but it happened eventually. I do not know what G is upto today, I think he went on to a big Systems integrator in New Zealand as I met him several years after I left, but if he reads this then please say ‘Hi”. 

Leave a Reply

Your email address will not be published.