Let's hold an emergency meeting and invite no one of relevance! Tech Support

---

• Let's hold an emergency meeting and invite no one of relevance!
• "You stole the GOLD CHIP and now our computer is slow!"
• A tale of power fail
• Igor doesn't talk to the clients
• Poor Norman
• My high school netbooks
• Pete And Repeat Send An Encrypted Email

Let's hold an emergency meeting and invite no one of relevance! Posted: 30 Nov 2018 02:58 PM PST I'm not tech support but sometimes work issues when our support desk is behind. Today I stepped up to help on a ticket from a particularly high maintenance customer with whom I am all too familiar. I just finished a completely unproductive "URGENT EMERGENCY" meeting with them. Despite the many years that I have worked in technology, I am continually horrified to find people with job titles such as system administrator, business analyst, project manager, etc. who routinely fail to do basic troubleshooting or can't follow simple instructions. The ticket that they had submitted was decently written. It wasn't enough to provide a full picture but gave me an idea of where to start. I replied: "Please verify the following settings in your production environment. Setting 1 Setting 2 Setting 3 Setting 4" And they responded: "No, we are still having problems. Can you join us on a conference bridge? We need to get this solved immediately." When I joined the conference call I discovered that they had invited the entire world to participate, and I know that at least half of those people have some systems related or project-related title. They had not, however, invited to the meeting anyone who had enough administrative power to validate in their production environment the four settings that I had asked them to check. Commence a shitshow of a meeting that lasted close to an hour and a half and featured me repeatedly saying "can you find someone who can check this?" I finally put a stop to the meeting by politely telling our customer that we will not be able to help them until they get someone involved who has the necessary level of system permissions to perform the troubleshooting tasks I asked them to do in my very first response. It's almost happy hour here. Thank goodness for that, at least. submitted by /u/DeadMoneyDrew [link] [comments]

"You stole the GOLD CHIP and now our computer is slow!" Posted: 30 Nov 2018 02:31 AM PST You guys liked my last story of tech support bliss from the, almost pre-historic, 90s era. Another story on TFTS, about a less than competent user, reminded me of this... It's another one about providing IT Consulting for a tier 1 auto parts maker. This would have happened in late 1996 or 1997. Sorry, it's a bit of a saga. There's a funny/absurd payoff at the end, with a little dash of mystery, too. Teaser at the top and TL;DR at the bottom. Teaser: Irrational client employee is irrational. Background: The Big 3 car manufacturers each had electronic systems to publish their parts orders and forecasts for each day/week, for the following few months (parts orders would vary due to differing quantities of options and trim packages ordered by the dealerships). The "Materials" department at my client was responsible for accessing each auto maker's system on a regular basis (it was at least once a week but probably more--I don't want to guess), electronically acknowledge the updated orders and forecasts, plan their inventory logistics and place requisite orders with their own, tier 2, suppliers. These were the days before ubiquitous internet and SSL/HTTPS was the accepted standard. Each auto maker had implemented what amounted to a private, text based, BBS system. They also mandated that specific (in some cases proprietary) terminal software be used. To be clear, these computers were each dialing in via modem to access these systems. Nothing was going over the internet. The Materials department had to designate a separate computer for each auto maker because the mandated software from one auto maker was incompatible with the software from another. Each computer was running a specific, old version of DOS, as required by the mandated software. These computers were so important that they were not connected to the corporate LAN/WAN (which didn't have internet anyway, just access to shared company resources) and were not meant for any use other than connecting to the auto manufacturers' systems. It's important to note that my client was subject to a fine (and a demerit to their rating, which would hurt them during contract review) if they didn't electronically acknowledge the updated orders/forecasts within a certain time window of publishing. Lastly, I didn't sell them these PCs. I'm not sure where they came from. They were cheap clones that were acquired and setup long before I was in the picture. Now our story begins: One day I got a call from the Materials department admin (I don't remember his exact title. Everyone in the department reported to him and he reported to the department manager). One of the Big 3 auto makers had sent over a package with new software and he needed me to get it setup. I had recently repaired one of their PCs used for a different auto maker so I was familiar with the department's setup. In that case, the power supply failed and took the RAM with it. I replaced those parts and got them to approve a CPU upgrade, but there were no software changes. Remember this PC (we'll call it $PC1). It will come back into the picture at the end of the story. The repair for $PC1 had gone smoothly and there were no subsequent issues so the Materials department admin was confident that I could handle this task. The setup for this other computer was a little more involved. The new software required Windows (I can't remember if it was 3.1 or 95) and I had to extensively upgrade the computer to meet the minimum system requirements (both for Windows and the proprietary software). I wanted to sell them a new PC but these were the days when "old school" managers thought of IT as a one-time cost, like hiring a plumber to fix a leak, instead of an on-going investment. They wanted it done as cheaply as possible. They didn't care/understand the implications of me cobbling together a mission critical PC, with many old and/or obsolete recycled parts and no warranty. To give them some credit, back then, a new PC, with good parts, could cost $3K+. I remember spending $880 on just 16MB of 60ns EDO SIMM RAM for the 133Mhz Pentium PC, I built for myself in early 1996. At the time, it was a good deal! So, I can understand why someone who didn't understand the difference would opt for a solution that cost 50% less. As I recall, I upgraded the CPU to a faster 486 (or maybe even a 486 clone, like a Cyrix or AMD), replaced the RAM with higher capacity SIMMs and upgraded the hard drive. I'm pretty sure I had to install a better graphics card too, but I don't remember. The interesting thing about this upgrade was that the new proprietary terminal software used a proprietary TCP/IP implementation, which they also supplied on floppy disks. This new terminal software was not compatible with other TCP/IP implementations (like Trumpet Winsock or the one eventually offered by Microsoft). And this proprietary TCP/IP software was not compatible with web browsers or other internet software like ICQ or standard email clients. So, this proprietary TCP/IP stack had to be installed in lieu of any other TCP/IP software and could not be installed simultaneously. This should not have been a problem because the PC was only supposed to be used for checking parts orders. After I completed the hardware/software upgrades I got the various Materials department employees that would be using it to test it and agree that everything was working. I heard some rumblings from them that they were looking forward to using this upgraded computer to "surf the web", a novelty back then. They were going to ask someone who worked in the factory to "get it on the net," which would have meant to install a browser, configure a dial up connection to an ISP, etc. I was a little shocked by this. I made it very clear to them and I spoke to everyone in the department to explain that the auto maker's software was not compatible with regular internet software. I showed them the documentation from the auto maker, which stated this. They all said they understood... A few days later, the first call came... It was the Materials department manager ($MDM). $MDM: "Hey, schmosef, this new computer you sold us is a ***** ** **** ! Nothing's working! We can't check our orders! Get **** *** down here immediately! If we get fined, we're suing you!" The call came from the same manager who refused to pay for a new PC, despite my warning that the upgraded PC would not have a warranty. From his description, it sounded like the computer was dead. He was really mad and I chose not to use that moment to correct him about it not being new or remind him that there was no warranty--it was written into the PO, so I knew I was covered. He refused to answer any questions over the phone and just kept demanding that I get down there. It was over an hour before I could get there. I found very quickly that the computer was working just fine. But someone had gone ahead and installed a web compatible TCP/IP stack, a web browser, etc. The employees were not even trying to hide what they did. That ridiculous viral "dancing baby" video was playing in a loop on the screen (I think it was an animated GIF in a browser window). This one employee (we'll call her $SL, for "smart lady") was totally entranced. Watching this CGI baby dance made her so happy. She just kept laughing and clapping along. She didn't want to let me get on the computer to fix the problem. The proprietary terminal software was still installed, and it could dial out, but it wasn't able to establish a connection with the auto maker's parts system. "Nothing's working!" $MDM had already left for the day. I wanted to report this to someone but everyone high up enough to care (and do something about it) had left for the day. So I fixed it. I uninstalled all the extra software that had been installed, deleted the Internet dialer config, uninstalled and re-installed the proprietary TCP/IP software (in case it was corrupted), let the employees get on the system to acknowledge their updated parts orders, then reminded them that I had warned them about this and, since they were adults, assumed that they had learned their lesson. Big mistake! I've never been great with handling my clients' office politics. I didn't want to go out of my way to get them in trouble with their boss. They agreed to not do this again and I decided to let the issue go. But, about a week later, I got another call... $MDM: "Hey, schmosef, YOUR computer is broken again. Get down here and fix it! Now!" I tried to have a conversation with him but he wasn't having it. I tried to explain what happened last time and to tell him he had to talk to his employees about this. He wouldn't listen. I asked him to wait for me so we could talk, in person. He agreed. But, when I got there, $MDM was gone. The dancing baby was there, though. Dancing and spinning. And $SL was clapping and laughing. The thing is, I knew that none of the regular Materials department employees were competent enough to install a web compatible TCP/IP stack and browser, etc. I asked them who was doing it for them so I could explain directly to stop doing it. They refused to tell me but promised not to let this happen again... Then it happened again... This time, $MDM was away, and one of the department employees called me. Before I headed out I called their Controller ($RG for "Reasonable Guy") and asked that he wait for me so I could speak to him. I got over there, saw the dancing baby and fixed the issue. Again. The department employees still refused to tell me who was installing the web software, but I had an idea for how to figure it out... Before I deleted the dialer config, I checked the settings. The dialer had the ISP's user name cached. I could tell from the user name exactly who was doing this (we'll call him $CV, for collateral victim). He usually worked during an evening shift and, a week or two later, when I had a chance to speak to him, I found out that $SL kept asking him to install the software. She never told him that there were any issues. The Controller kept to his word and waited for me... $RG: "Hi schmosef, I've been meaning to speak to you. The computers in the Materials department are very important and $MDM tells me that the new computer you sold us is a lemon and that you have to keep coming in to fix it." $RG was a legitimately reasonable guy. Just prior to this issue, he'd had me build a maxed out PC for him. He spent around $5K on it. He wanted to watch me build it and explain everything as I went. It took several nights to build because he asked so many questions. I told him what was really happening and begrudgingly told him it was $CV that was installing the software (I didn't yet know that $SL was repeatedly asking him to do it). I wasn't trying to get anyone in trouble, but this had to stop. And the issue did stop. But... $SL tried to get revenge... Some time went by. The emergency calls from the Materials department stopped. I was still visiting this customer quite often for various projects. One day, $RG called me into his office... $RG: "So I spoke to $SL and she denies everything." $Me: "I'm just glad that the emergency calls have stopped. You've paid all my labour for the visits so, we're even." $RG: "$SL is claiming that $PC1, a PC you repaired a long time ago, isn't working properly." $Me: "That's the first I'm hearing about it. What's the issue?" $RG: "$SL says it's running slow. She says you stole the gold chip and now it's running slow." $Me: "What does she mean? That doesn't make sense. There's no such thing as a 'gold chip'. I didn't steal anything." $RG: "$SL says it's running slow. She says you stole the gold chip and now it's running slow." $Me: "We built a computer together. Did you see a gold chip?" $RG: "No..." $Me: "The chips inside a computer are made of silicon. We spoke about this when we built your computer. The main CPU chip is about the size of your thumbnail. Everything else is thermal packaging and space for the pins. Silicon. Copper. Ceramic. No gold. The chip is Silicon. That's where the name Silicon Valley comes from." $RG: "Yeah....................................................." $Me: "Think about how much a block of actual gold would be worth. There's no gold chip. Why would gold make a computer faster? She's never reported an issue before this. Did you ask $MDM if she's ever reported this? Do you need me to follow up on this somehow?" $RG: "No, no, no... Let's drop it." And so we dropped it... But for months, I would hear whispers about it from various office staff or factory floor employees. They would ask me why I took the gold chip and that $SL warned them to watch me if I had to fix their PCs because I might 'steal the gold chip'. I had to keep telling people that there was no such thing as a gold chip. $Everyone: "Why would $SL lie?" $Me: "She thinks I took her dancing baby away for spite." All this time, I never had to interact with her but I saw $SL in the Materials department office many times. She never said anything to me directly about the gold chip. One day, I had to be in the Materials department office to fix a computer. I called her over and asked her to show me the gold chip. She didn't have anything to say. I tried to make peace... $Me: "Listen, I know that you're upset that you can't have the dancing baby. But you're claiming that I stole something. That's not fair. You know that I didn't steal anything." $SL: "You told $RG that I messed up the computer. I had nothing to do with it." $Me: "You kept asking $CV to help you get the dancing baby back on your computer. I'm sorry, but the emergency calls had to stop." $SL: "I didn't do that! I had nothing to do with that!" $Me: "So, where did the dancing baby come from? Why was it on the computer, every time I got called in." $SL: "I don't care about any of that. I know what I saw. You were supposed to fix the broken computer but you stole the gold chip and now it's slower than ever before." $Me: "There's no such thing as a gold chip." $SL: "I know what I saw!!!" $Me: "So why did you wait until after the dancing baby issue to report it?" $SL: "I know what I saw!!!" $Me: "You are remembering wrong. The computer died. I had to replace the old RAM and power supply. I also upgraded the CPU. It's faster than it ever was. I did take parts out of it but not to steal anything of value. They were dead or obsolete." $SL: "I know what I saw!!!" $Me: "Ok, I guess we're done here." Epilogue (and a possible solution to the mystery) Well friends, if you're still here, thanks for sticking around. I don't think I ever spoke to $SL again. I didn't hear any more rumours about gold chips and she ended up leaving the company a few months later. I think she found a job that was less of a commute. It took years of introspection but I think I might have figured out what she was talking about. Back in the 90s, it was very common for aluminium CPU heat sinks to be anodized, especially for CPUs that did not need a fan. I don't specifically remember this but it's possible that the CPU I upgraded had a heat sink that was anodized with a yellowish colour. If so, $SL might have confused the heat sink for a "gold chip". But, it's just as likely that she made the whole thing up to try to get back at me for taking the dancing baby away. $SL, if you're out there, it's been over 20 years. Tell us the truth about the gold chip! Inquiring minds want to know. TL;DR: Despite multiple warnings, client employee repeatedly corrupted the mission critical software on her computer because she wanted Internet access. Didn't understand why she couldn't have it and tried to spread false and malicious rumours about me as revenge for reporting her to senior management. Edit: Some formatting and a few typos. Edit 2: Thank you for the gold, friends! Sorry if giving it to me slows down your computers. Edit 3: A better TL;DR! Edit 4: Wow, Gold x4! Thank you, I'm really honoured. When I was writing this post I was thinking, "It's too long. No one will read this." submitted by /u/schmosef [link] [comments]

A tale of power fail Posted: 01 Dec 2018 03:14 AM PST Originally posted in user deadmoneydrew thread, had a lot of deserves its own post so here it is Circuit breakers are unique each has their own personality A generator test sometimes causes circuit breakers to trip and they are located in each room as opposed to the power rooms down the hall, reason being they can be reset at a moments notice. Genny test occurred at 6am, ran for 2 hours and no issues, save a "tripped" breaker in cardiac ICU room 2, not patient in at time, battery backed equipment runs for 11 hrs, around 7 pm, I get an after hours call from a nurse screaming that room 2 is "dark" and they want to put a patient in it (how they ignore the battery chirp tone is annoying in the least) que me going over the basics Me: have you checked the breaker Nu: YES, DONE ALL THAT IT'S B-R-O-K-E-N GET OVER HERE phone call goes for a few more minutes So I head out for a 45 Min drive to fix it. I walk into a mine field set up by nurse McGoo with hospital senior managers from A to P that's anaesthetics to poo tech (cleaner) NU: that's him the one who tested this room (I did test it, and could see obvious fault) he was rude on the phone and did not help. Manager1 starts talking white noise anout my role, but I just wonder over to the breaker while pulling out my phone to playback the call. As rudey nurse is reliving the call I flip said breaker, lights illuminate, monitor goes "Bing" and pops into life, fans kick in and little neon lamps light up to say the wall sockets have power! The room is now silent, well aside from electronic monitoring stuff that's now booting and charging its internal battery's. I comment "God forbid someone was actually in here, cause they would have expired and the only thing that would have saved them is someone competent enough to flip a switch, imagine what would happen if the investigation team found this" (manager #3 present and hiding in the back) Nu: I don't like you recording phone calls Me: I have to document everything on my portable pocket computer, it's access to email and our database of service manuals, it just happens to have a phone function. Nurse McGoo last seen that night, they found her another posting at another place far far away submitted by /u/MEM1911 [link] [comments]

Igor doesn't talk to the clients Posted: 30 Nov 2018 01:17 PM PST Back in the very early 2000's I was in a graduate program and had a help desk job as my work study. About 95% of it was basic password resets etc. In the rare instance that it was more I sometimes had to deal with Igor. From a technical perspective Igor was as knowledgeable and skilled for his time as anyone else I've ever known. From a human point of view he was as incompetent as anyone I've ever known before or since. I learned over time two things. First, how to take his technical jibber jabber and tone and translate it into traditional human speech. Second, Igor doesn't talk to the clients, that's my job. ​ Student: Hey man, what happened to all my files. I went into my folder and it's almost all gone. Me: Let's have a look. Yeah, I see what you mean. Let me check with the back. (walks to the back) Me: Igor, hey I got a student where almost all of his files are gone. I checked the - Igor: (Looks straight ahead at his monitor) Is it [Student Name]? Me: Yes, the logs suggest that - Igor: The one who had a shitload of mp3 files and other garbage? Me: Well, I don't know, I - Igor: A shitload? A shit - load? Me: Uh. . Igor: (Pulls CD off the top of his desktop) Here! You tell that idiot to stop filling up my hard drive with his crap! (Holds disk aloft while still continuing to stare straight ahead). Me: (Plucks CD from his hand. Walks to the front) Igor is glad to be of service to you. You were beyond the storage limits of your drive so Igor kindly copied the files to a disk (hands disk). He asked me to gently remind you that school facilities are for school related activities. Student: Thanks! Tell Igor I appreciate it. He's the real deal! Me: Oh he is, believe me. ​ Most of the time I just rolled with it and got on with my day. But there were the occasional side effects. Especially at the end of the term where I had gotten 4 hours of sleep a night for weeks. One term I had even begun to hallucinate from time to time. On the day before finals this happened. ​ Me: One large coffee and a cookie, the usual. How you ladies doing today? Ladies: We're fine, the term's almost over so people are - Me: Wait! What! WHAT! THAT'S IGOR ON THAT PICTURE UNDER "CUSTOMER OF THE WEEK!" YOU MADE IGOR CUSTOMER OF THE WEEK! AND GAVE HIM FREE COFFEE!! ARE YOU NUTS??!! (The Ladies and I stare at me motionlessly at each other for a few seconds. I look around and notice a few other customers and staff also staring.) Me: I'm sorry, I haven't gotten much sleep lately. I hope you have a wonderful end of term. (Stuffs large tip into jar.) ​ Then 10 years later I met someone at my corporate job I'll call Bob. Bob was almost exactly the same. I will always remember the first time I got Bob on the phone with a client. I was swollen with pride at how I had the developer - THE expert - talking directly to my client! He can answer all their questions! Then five cringe worthy minutes after hearing his answers I decided this must never happen again. Ever. Bob doesn't talk to the clients. That's my job. submitted by /u/dave999dave [link] [comments]

Poor Norman Posted: 30 Nov 2018 10:39 AM PST Another post reminded me of this tale from the distant past. Back in college I got hired to work the helpdesk after the school had put in a big new network. Mostly it was supporting students getting on the internet back when the internet was new but occassionally we helped faculty. I don't remember this one female faculty member's ($FFM) name but I do remember Norman, oh poor Norman... $FFM calls in complaining that she can't read "the drive" and retrieve her important docs. I head right over thinking this is a hard disk crash. I've got my toolkit and a spare drive with me thinking it'll be a simple swap and copy, with luck the old drive will be readable enough to retrieve her files, if not I've got my Win95 (gag) install disk with me. On arrival I find a big table with a lone 3.5" floppy disk on it, her computer is on her desk off to one side. The disk, it turns out, is Norman, her "favorite disk" that she has recorded EVERYTHING she's ever written on a computer on. IIRC this is 1997 so computers and floppy drives have been around for awhile. I asked her why she didn't use the hard drive in her computer but she replies "Oh those things fail all the time, this is better." (Spoiler, it isn't.) Thus begins about a 3 hour epic where I try to salvage data off of Norman, I try every trick in the book and even invent a couple new ones, in the end I manage to salvage maybe half of the files (all Word docs) from the disk. I finally got to leave because I absolutely HAD to go to class. ​ A couple days later I got a written invitation to a ceremony celebrating "The life of Norman". $FFM invited myself and a few of her colleagues to a really awkward little party in her office complete with cake and soft drinks. After a little speech from $FFM we moved outside where Norman was "interred" under a bush at the edge of the building. ​ RIP Norman. submitted by /u/curtludwig [link] [comments]

My high school netbooks Posted: 30 Nov 2018 05:43 PM PST First post, sorry for formatting, I'm on mobile etc. (I'll edit from desktop soon) Not a specific incident or person, rather an entire school population including teachers. I have a related story I might post later if I feel like it. So I'm in uni now and have, since these days, had the pleasure of tearing one of these particular netbooks to shreds with my own hands. In my year 7-10 school (ages ~13 to 17) I gained quite the reputation as the tech kid. During my year 7, the school got a whole lot of little tiny netbooks. On their own they worked pretty well, as I learned when I got to be one of the first people on them, before they got fully set up with authentication to get our roaming profiles from the network (which had its central server halfway across the city because that's how the department of education had it set up). That lasted about a week. Eventually the admin (one guy who I later had as a teacher for my IT classes, a fairly clever guy) got through re-imaging everything and the network got its claws into these innocent little machines. The monstrosities they became taught me everything I know about finding the problem, and remembering to record the solutions to things. I have several specific stories about these things that I might compile into one post someday. There were 40 of these little things in each faculty, split into two trolleys with 20 each, and a class could have one of these trolleys for a lesson if they were booked. If yours was shut down when you got it out, it'd take either 5 or 25 minutes to start, depending on windows updates, as is often the case. No matter if it was shut down or not, you'd be waiting at least 20 minutes for it to log on. Group policy registry policy. Group policy files policy. Group policy folders policy. Group policy start menu setting policy. I have a vague idea what those things mean now but at the time I, and my classmates, had almost no idea, they were just the loading sequence for logging in. There were a million more that flashed past to fast to read but those four took time every time. When you eventually logged on, there's a 50/50 chance of having a stable internet connection, and any of a million other issues that are common windows stuff. Here's what happens when you're the tech kid and your class has those: Teacher nominates you to take down the number of each netbook with the name of whoever took it You hand out netbooks, saving whichever one looks like it's in the best shape for yourself You start your netbook You spend at least 20 minutes dealing with strange things other netbooks are doing You return to your desk to find the login screen, enter your details and wait for that You help each person as their machine logs in with whatever weird thing it does, often requiring restarting AKA you're getting nothing done this lesson You return to your computer now that it's finally logged in The teacher, seeing about 15 minutes left in the lesson, calls for people to start shutting down You shrug, shut down your netbook and take up your post by the trolley to return all the netbooks to their places Seeing you at your post, everyone just leaves their netbooks on the tables and clears out as soon as possible The teacher has a meeting over lunch and leaves you their keys and a thankful smile You collect up all 20 netbooks and set them in neat rows on the table next to the trolley About 3 will be properly shut down (thank you friends) After untangling all the power cords, you plug in the 5 that are now shut down Wait several minutes for all the rest to wake up from the sleep they go into when the lid is closed About 10 will be halfway through shutting down, and will continue on their way The last 5 is where it gets rough At least one of them will be logged in, frozen and with an important document open At least one will still be starting up At least one will shut down with >150 windows updates Eventually all 20 are back in the trolley and the classroom is locked. Then with the remaining 5 minutes of lunch you shovel down a sandwich and pray that whatever you've got in the afternoon doesn't have the netbooks. At least once a week I'd loose a whole lesson to those things. Some days that was welcome. Some classes I would have rather learned the content. I was the only person in that entire school that ever took care of any of the netbooks. Most other people didn't even plug them in in the trolleys. submitted by /u/yayroos [link] [comments]

Pete And Repeat Send An Encrypted Email Posted: 30 Nov 2018 06:19 AM PST $me: 127.0.0.1 $BlazeIT: Remote Branch Man, is also a 6th level Druid The C-Stooges: $Client's C-level team $CurlyJoe: Of Dewey, Cheatham, and Howe; Sir Not-Appearing-In-This-Trailer I'd ignored the earlier bat-signal from $BlazeIT since I was on another call at the time, and crises have an annoying tendency to occur while I'm otherwise engaged. But as it too often does, ignoring the problem did not make it go away. $BlazeIT: halp $Me: whaaaaaaaaat $BlazeIT: $Client email got compromised again. it's bad. $BlazeIT: $Moe and $Curly specifically $Me: Wait didn't you turn on MFA for them already? $BlazeIT: yes Welp. This particular step-headed redchild of an organization had been targeted before, and had undergone some stringent cleanup afterwards. Hence the MFA, and why the C levels hadn't put up a fight about it. So the fact that they had been compromised again meant something most likely had been overlooked. $BlazeIT went into full cleanup mode - changing passwords, restricting and auditing access, etc. I started delving into the back end to see if I could track down Patient Zero. Between the two of use we were able to narrow it down to the Stooges - $Larry, $Moe, $Curly, and $Shemp. $Shemp in particular had been the one to spam spam eggs and spambring it to our attention. $BlazeIT passed me the details of the email in question and I pulled up the trace to make a timeline. Interestingly enough, unless I'd missed something, the very first email came from $CurlyJoe, outside the organization, sent to $Larry. Along with some sort of invitation minutes later. Then from $Larry to $Moe and $Curly, from them to $Shemp, and from $Shemp to most of the org. And based on the logs they were all sent from the Stooges' accounts themselves. We agreed this was odd enough that we needed to talk to the Stooges. $Larry was the only one left in the building, so $BlazeIT put me on speakerphone while he pored over Outlook. $Me: So all those devices attached to your account are legit.....by the way, what did $CurlyJoe want to talk to you about? $Larry: Oh, he wanted to talk about an ongoing fraud case involving XYZ. That's why he sent over the invoice. It's got A and B and C on it so it's sensitive info- $Me: Wait. The first email was legit? $Larry: Yes! $CurlyJoe is very high up in Dewey, Cheatham and Howe, I should hope he knows better! $BlazeIT: Wait, then what about the rest of it? How did it get sent out from $Shemp's account? $Me: ....$BlazeIT, do you still have the picture of the first email they sent? I pulled up an unrelated message I'd gotten weeks ago for comparison as $BlazeIT sent me the picture. The content of the messages was identical. Just to be certain, I went back into both the transport rules and the assigned product licenses for the Stooges, then took another look at the message logs. And to put the nail in the coffin, I abused my admin privilegesninja'd into $Shemp's mailbox and took a long hard look in the Sent folder. One of the more common ways of setting up message encryption in this kind of email system is setting a rule on the back end. Say, if members of a certain group send a message, but the word "Swordfish" is in the title, the message gets encrypted. As it turns out, the very first message from $CurlyJoe had the word "Swordfish" in the title, because theirs was the same way, and it had very good reason to be encrypted. $Larry, $Moe, and $Curly, were discussing it among themselves, and as people often do, forwarded the original email, with the original title, "Swordfish" and all. $Moe and $Curly thought it odd that they were suddenly getting encrypted messages from each other, and sent messages to this effect to $Shemp. With the same title. $Shemp did due diligence and confirmed in person that no, $Moe and $Larry did not mean to send encrypted messages. $Shemp then emailed most of the staff to let them know to be on the alert. And uses the exact same message title. The entire team of C Stooges forgot they had message encryption on, or at least how it worked. As it was now late enough that $BlazeIT was the last person left, he went home to start typing out an email to the Stooges. I have not heard about the fallout from that yet, because he titled his email "Swordfish". TL;DR We didn't h@ck the email It was too legit for the whole thread to quit We didn't h@ck the email It was re-encrypted but was self-inflicted submitted by /u/extensiondenied [link] [comments]

You are subscribed to email updates from Tales From Tech Support. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States