Password Friday
Posted by Chilled_IT@reddit | talesfromtechsupport | View on Reddit | 11 comments
This happened many moons ago. It is Friday around noon and people only worked until 1 or 2pm during those days. I was having a quiet day, chilling in my office all alone and getting mentally ready for the weekend. For some reason the company decided to have me as the sole admin for 40k square meters (about 750k square feet) and over 300 users at my location.
The first few months were rough but after 2-3 months, I had it figured out. Adjusted the local GPOs, implemented some scripts for the most reoccurring issues and general overall improvements. So despite the amount of users and area I had to cover, I had actually weeks where I didn't get a single support call. This was one of those days...well, until it wasn't.
Player 1: Yours truly ($Me)
Player 2: Sales lead ($SL)
My phone rings and the built-up dust on it starts to fall onto the desk. I see the caller ID and just went with my usual banter.
$Me: Welcome to the mental asylum in $location. Do you want to make use of this week's special of checking in 2 coworkers for the cost of 1?
$SL: Very funny you doofus. Look, I think I might have an issue here. One of our customers sent me a link, but nothing happens when I click it. What can be done?
Usually, I just connect remotely and have a look, but I was bored to death in my office and it felt like my walls were closing up on me. So I decided to rather walk down 2 floors, walk across our main road and climb up 1 floor to the sales team in a different building.
I arrive at the sales department in their full glory and $SL is already awaiting me.
$SL: Thank you for coming so quickly. Do you see the email?
*points at her screen with the email*
$SL: Now, when I go ahead and click the link and put in my credentials, nothing happens.
*$SL goes ahead, clicks the link and is being presented with a microsoft login. $SL goes ahead and enters email and password, but the page just reloads*
Usually, I would have stopped $SL, but I knew $SL had already done this, so there was no point. So I just quietly looked, screaming in pain inside.
$Me: Hmmm, may I sit and have a look?
$SL: Sure go ahead!
I sit down and check the email. Very generic, bla bla bla "please review" more bla, and a random link. URL is not part of our or the sender's domain. How lovely, $SL just trusted the customer's email. We were doing email campaigns back then, which included an external company sending phishing mails to our employees and notifying them if they clicked the links or even entered their credentials. $SL should have known better, but oh well. Just a password reset needed, nothing too bad.
$Me: It looks like your customer's email got hacked and they sent out this email to try to get more credentials from their contact list. Here are the parts where you could have noticed that something was fishy. But not too bad. Not much time has passed and it is just our password for emails.
Back then we had a password for logins, another one for M365 stuff, one for SAP, one for SAP concur and one for SAP Ariba. Don't ask why, we just did way before I had joined.
$SL: Oh ok. But I also tried my other passwords.
*cold sweat*
$Me: Um...what? What do you mean exactly?
$SL: You know, the passwords for SAP stuff. I even tried the affiliated usernames instead of my email.
*If I leave work now and drive to the next airport, I might be at the beach before dinner*
$Me: Why exactly did you do that?
$SL: You know, I just thought it might work
*Absolute genius! Maybe try your Credit card number & expiration date and CV number next?!*
$Me: Oh boy...ok, so we will have to reset all of those now. Sadly, I have to push this up the ladder now and inform our HQ and especially our CIO.
$SL: Oh no! Well, I guess I understand.
*some moments pass in silence*
$SL: But what about the rest of my team?
$Me: What about them?
$SL: Well, since I thought it might be a problem on my laptop only, I forwarded the email to them and had them try their logins too. Do they need to reset their passwords as well?
*There is no way someone can be this dumb. Please tell me there is a hidden camera somewhere and I am on live TV?!*
$Me: Are you joking?
*Insert The Office meme: *softly* Don't*
$SL: No, why?
*Insert The Office meme: Nooooooooooooooooooo*
$Me: Alrighty! You get a new password, you get a new password, and you get a new password!
Making light of the situation was my way of hiding my urge to slap people.
I reset the passwords I was able to reset and then called our internal support line for SAP related support. Explained the situation and I think "No, I am not joking" was used several times. Then I spoke on the voicemail of our CIO as he wasn't picking up.
Still to this day I get something like PTSD twitches when I see $SL's number appear on my phone. I was moved to one of our locations in the US as my wife who is a US citizen got homesick, so I had asked for a transfer and it was granted by our CIO. But $SL still sometimes calls to ask me how I am doing in the US. Nice person, just suffers from being oblivious and gullible.
StuBidasol@reddit
I finally had to stop reading and look away from the screen for a minute or two to collect myself when you said she forwarded it to her team to try. I don't even work in IT.
Did she at least get reprimanded?
KelemvorSparkyfox@reddit
Way Back When, I worked in a team that (among other things) was responsible for maintaining accounts on the AS/400 estate. Therefore our accounts all had the
*SECADMpermission.After a few departmental shuffles, we got a new line manager. He was known, by the other managers, as the chocolate teapot. He talked about falling for one of those scam "Hello-I-am-totally-calling-from-Microsoft" calls, and only worked out that they weren't legit when they rebooted his (personal) laptop. This was someone two grades above me, on at least twice my salary, with a security administration-adjacent role, who fell for a scam call.
So yes, people can be (and are) that dumb. Some of them moreso, and even aggressively so.
Chilled_IT@reddit (OP)
It feels like you are describing my current *boss*. Our branches in the US had no CIO to probably save money. So the CFO has the oversight over IT here. And oh boy does that CFO like to click buttons and links. In a few months those structures will be torn apart and US IT will be controlled by HQ IT. I cannot wait because that CFO is driving me bonkers.
jeffrey_f@reddit
Implement a60 day passord cycle, can't use the last 25 passwords.........When users complain, without naming names, explain why.
Chilled_IT@reddit (OP)
Those policies have been implemented by now as well. But back then I didn't have the standing yet. I was the newest addition to the team and the only admin at my location. Password policies were handled globally. If I had made changes on that, the admins at HQ would have had my head. Another 1-2 months after this something happened at one of our other companies within our Holding group. That company had their own AD, used only our SAP servers but had no admin on site. Instead they got serviced by an incompetent MSP. I cannot say anything about it in detail, but let's just say that HAFNIUM had a field day with them. Since I was the only admin with lots of Microsoft Exchange experience, I was chosen to lead the forensic analysis of what happened in joint with 2 European cybercrime organizations (country of origin, country of HQ) and 1 US agency (country of parent company).
The trust that was built during this probably propelled the CIO to support my request of transfer to the US branches. As painful as those endless weeks were (we worked on Sat and Sun too), I have to be thankful for them. Needless to say that our global password policies changed shortly after as well, even when our AD was not compromised. Management got a rough wake-up call and was open for changes.
Candid_Ad5642@reddit
Way back when ransomware was all the rage, I worked in an MSP
A user in a large financial company got an email, looked like a cold call kinda mail
With a zip file attachment, and instructions to extract the file, with a password, and then double click on the runme.exe file
And encrypted every file the user has access to
This wasn't that companys first ransomware incident, and not the last
IICNOIICYO@reddit
This just kept getting worse and worse lol
Harry_Smutter@reddit
Took the words right outta my mouth!!
Chilled_IT@reddit (OP)
The worst part was realizing on my way back home that day that those people were making about 2-3 times my salary
goodenough4govtwork@reddit
And people wonder why phishing is still a thing in the 21st century.
Chilled_IT@reddit (OP)
From my experience I can tell you, the bigger the company the dumber their idiots. Especially in (upper) management. They can be laser-focused and good at one field but so bad in other fields that you wonder how they stayed alive up to this point in their lives..