I was one of the lead sysadmins working at AshleyMadison at the time of the hack. Recently I was laid off as the company is selling off their assets/staff before a merger with another big name in the online-dating world.
This is the story of how woefully inept we were during the hack.
> Around 4:50am I got a call from the boss to go to the office as soon as possible, because another admin (lets call him Steve) had detected a breach in our "internal network".
> Took 15 minutes to get to work. I cycled because they don't pay me enough to afford a car.
> I get there and Steve gets me more details. The firewall had a port opened up, which was detected by a remote Nagios server during a routine check. The firewall itself had not reported any problems or activity.
> We ssh into the firewall to find that a new rule has been appended to the config, that opens up port 1337 (not even kidding).
> Confused, and thinking it was somehow compromised, we thought about ditching this VM and spinning up another one, but then I had the idea of quickly checking all of our asset servers (email server, user database, etc) for any outgoing connections on port 1337.
> At Steve's desk, he opened up about 10 windows at a time, and copy/pasted the relevant netstat command into each as root.
> After about 10 minutes of this we find that a python script in one box - the user data backup server - was currently sending data out to a Romanian IP at roughly 1Mb/s.
> We both know python, so instinctively we decide to open it and see what its doing.
> Pretty clear it had done a full SQL dump to disk, zipped it up (with encryption), and was sftping it to this Romanian IP.
> At this point we panicked. We had no idea how much data had already been transferred, and it was clear that the attack was still very much in-progress.
> We both ran to the boss's office to ask if we could shutdown the whole site, as data was actively leaking out.
>>52873099
keep going, this is interesting.
>>52873099
Continue...
Not sure if bullshit but please continue
1337 h4x0r port bruh
Pls go on
>>52873099
>>52873099
> After a tense 10 second pause, John essentially whispers "shut her down"
> The other admin and I couldn't really believe what we were hearing, so we just stood there for a few seconds. Eventually it 'clicked' that we had to, immediately, shut down the firewall and the compromised server, and we started running back down the hall to his computer.
> On the way we discussed keeping a snapshot of the server before shutting it down (for forensics) but it was decided that as the data was encrypted, it might be impossible for the hacker to extract the archive if there is only a partial download. We weren't sure, but it sounded plausible.
> We get back to his desk after the fastest sprint of my life (needless to say im not exactly athletic) and we decide to do it. Just shut the server down.
> Steve types on the keyboard:
> shutdown now
bash: shutdown: command not found
> "Fucking Debian!" he shouts.
> sudo shutdown now
Nothing happens
> We're both staring at the terminal box. It doesnt say anything. Nothing about the system going into reboot NOW, or anything like that. It just freezes.
> Then all three of his screens go black.
> That's when we realised that while we were away from his desk, the connection had dropped out and we were now in his local terminal
It was 10 minutes later that his machine was back up. By then, the transfer had finished.
You really should have started this in a notepad or some shit, OP. Now I have to get the pop corn ready.
>>52873231
>It was 10 minutes later that his machine was back up.
10 minutes what the fuck
Did you guys decide to go to the bathroom and grab a coffee?
bump for moar
>>52873231
>the connection had dropped out and we were now in his local terminal
And they laugh about zsh fags with their defaultuser@host %prompt
>>52873099
>they don't pay me enough to afford a car
>one of the lead sysadmins
what a bitch of a company
this sounds like bullshit.
Nice read but I wish I could believe you.
>>52873231
why didnt you pull the plug? like literately, walk into mdf and start ripping cables out of shit.
Auto: checked
>>52873186
>>52873342
>>52873391
dubs confirm it's real
>>52873099
>>52873266
His computer was riced to shit, and he had Chrome up with 100 tabs which hung everything until they had finished loading. After 5 minutes I stopped waiting and went to boot my machine across the hall and try to fix stuff, and I was in before he was -_-;
The rest of the day was kind of a blur. We had two different security contractors come, one of which was Cisco or worked for Cisco or something. I remember their stupid red shirts and shoes. The other was just two guys who looked like your typical hacker type in flannel shirts. We didn't shut down the site in the end, and instead decided to 'catch them and make them give the data back'. That was the plan from way-up-top, naive as it was.
"Steve" and I were put on probation because it was suspected that it must have been an "inside job" as the commands in the python script were very specific to our database architecture. Of course, this is not exactly hard information to get once you have server-access, which obviously this guy did.
Steve and I were called back to the office about a month later. We wrote up reports of what happened (leaving out the bit about the accidental local shutdown of course) and that was that. Im put on paid leave until this afternoon when I got the call I should start looking for a new job. Probably a good thing too - babysitting servers is probably the most boring job in the world, and even if you do everything right some fucking cunt from across the world ruins everything.
In all honesty im not pissed at the hacker or anything. The other admin had kids though, so that kind of sucks because I presume from how HR told me they had to let "us" go, he's been let go too.
>>52873314
any linux admin worth his salt will change the prompt
>>52873231
> shutdown now
>bash: shutdown: command not found
> "Fucking Debian!" he shouts.
> sudo shutdown now
Thanks for that, man. I needed some cheering up today.
>>52873463
>'catch them and make them give the data back'.
o i am laffin
>>52873413
Im guessing these guys are software devs. NOT hardware ;-)
For them, pulling the plug is a metaphor.
I would have pulled connection cables or fucked the fusebox asap. But they might not have the server inhouse..
>>52873413
The data center is not in our main office - we thought about calling and asking them to shut it down locally, but for whatever reason we didnt
>>52873463
>'catch them and make them give the data back'
o i am laffin over here
What are your employment prospects looking like now?
>>52873463
but anon im thinkng about going /sysadmin/ after my neet vacation (graduated last year, going to uni probably this year)
what path should i take?
>>52873489
>hardwarefags
hurr just duh, just unpwug it, it make sense. i am so much smarterer than these software devs :^)
>The data center is not in our main office -
>>52873463
>babysitting servers is probably the most boring job in the world
YOU'RE SUPPOSED TO BE FUCKING HARDENING AND MONITORING YOUR FUCKING NETWORK AGAINST ATTACKS, YOU FUCKING RETARDED "NETWORK ADMINS"!!!!!!!!!2134235123`12312341`
>>52873510
I would laugh my ass off if someone put Ashley Madison on their history. And then not hire them.
Whose fault was it that the user data was vulnerable in the first place.
>>52873231
How does it feel knowing your co-worker's local shutdown cost a significant number of people their lives?
>>52873463
>and even if you do everything right
anon, i...
>>52873491
As soon as you THINK you are being breached, you call those fuckers and take everything offline while you investigate.
Jesus Christ
>>52873510
Im basically famous for not doing my job, so pretty shit.
I the reason for posting this on 4chan now is a way for me to let go and start over with something else. Something unrelated. I contributed to quite a few opensource projects during my time at AM, and I think i'll probably try and find a way to do that full-time from now on. Pay again wont be great, but i'm OK with that.
To be honest, everything has just been on hold since the hack, so I haven't really put much thought into it.
>babysitting servers is probably the most boring job in the world
>server got hacked
Looks like you're bad at your job. Go find a new line of work, you were not meant for this profession.
>>52873563
>guilty cheaters committed suicide because of guilt, shame and fear
a significant number of insignificant people is not significant.
>>52873569
>>52873489
that's not what actually happens, neckbearded NEET. it's fun playing armchair strategist though, isn't it?
>>52873563
>co-worker forced someone to cheat
herpyderp
>>52873554
big blank space doesn't look much better senpai.
>>52873231
>local shutdown
whoops! what a goof.
didn't have a connection timeout? hostname in prompt is a good idea.
>>52873546
>not picking up the phone and calling the data center help desk with the explicit instruction to scram the server
shig
>>52873570
Instead of posting this to 4chan, and depreciating yourself, you should have summed up your story, added flair and technobabble - and blamed some software architect or somesuch.
Paint yourself as the hero chasing down the romanian.
Then send it and offer interview to media. And make sure you say shit like
"If you want security in your company YOU NEED [insert whatever shit you think you do best]. Blahblahblah."
There. Now you have spinned it as something good.
>>52873463
>We wrote up reports of what happened (leaving out the bit about the accidental local shutdown of course)
So, you mean to say if someone were to contact your (former) employer now and add this little piece to the puzzle of what went wrong, it might be appreciated?
>>52873099
>>52873476
> "Fucking Debian!"
Reminds me of this https://www.youtube.com/watch?v=s5ocXFgowZA
tl;dw: italian CSI where this tech guy from the forensic team tries to recover some files from a PC and shouts "oh fuck a Debian, I don't know this OS well, /dev/null is like a black hole".
>>52873099
If you had found the PC/VM that had been compromised, you should have removed the network cable/virtual nic. Why would you keep the machine online any longer than you had to? What's wrong with you? Are you retarded?
>>52873666
then a software architect would pull out their detailed documentation, and prove how the claim is impossible, discrediting the plaintiff.
>>52873623
What happens?
>>52873693
Yeah well, the architect wont get airtime. And the guys doing hiring dont understand his technobabble anyways.
>>52873731
you're gonna bet on that? okay, i'll bet against you for $100
>>52873693
>software architect
>detailed documentation
sensible chuckle.jpg
>>52873595
but what is the job of a sysadmin?
>>52873666
To be honest, I have about 100 emails in my inbox about how we should migrate to Postgres and use its native encryption. I even said in one e-mail that not doing so would "raise questions about our due diligence", or something to that effect. Strong words when you're writing to your boss.
Alas, all my attempts at enacting change failed, and ultimately I stopped trying. Honestly, i'm proud that I managed to detect the hack while it was in progress, and it certainly wasnt the first and only time someone had tried. AshleyMadison was constantly getting DoS'd by all sorts of people. Some political, some evangelical. To last as long as we did I think was impressive.
And to be honest, my job was about uptime, network throughput, redundancy, etc. In short, making our services as accessible as they could possibly be - not on the network security side of things. We still don't know how the hacker got in, and I doubt we'll ever know, but chances are it was a 0day for something we had no control over..
>>52873757
Whats the bet?
OP being able to spin the discourse to his favor in the media?
Software architect calling him out?
Execs unfazed by software architect tech speak - still buying OPs spin?
>>52873807
how do i become a sysadmin
>>52873601
>cheaters committed suicide
more like:
>they were murdered and their spouses were smart enough to fake it as a suicide
>just because they wanted the sex with other peoples.
>>52873099
>> Took 15 minutes to get to work. I cycled because they don't pay me enough to afford a car.
just tell future employers they didn't let you work enough on the clock to secure the network
>>52873491
So you are telling me that NO ONE in your office has VMware Tools installed on their workstation, connected back to your data center's vhost?
You should really leave that off your resume and make sure no one finds out. You are so beyond bad at this, you should be bagging groceries. Or, just kill yourself.
>>52873807
If you want to clean your image, take all the info and hire a ghostwriter/journalist to fix your story into you first being the hero and now being the whistleblower.
Then hit the media with your polished story. Done deal.
>>52873471
Yeah, sure, dropping/omitting hostname from promt is very good for any situation, shithead.
>>52873849
I don't see why they didn't just ssh from another machine without even having him come in.
Also, after the local shutdown accident, they shouldn't have been fucked. Did they really not have any other computers with openssh around? Heck, in that situation I could use juicessh from my phone.
I can't even into programming, so it's not like those dudes are useless since they know python, but I think a lot of simple things were overlooked.
>>52873922
i meant that it's absolutely a good idea to have the hostname in the prompt. dunno how you misconstrued that
>>52874004
if your boss tells you to come in, you come in, that's why. what are you, an inexperienced NEET?
he's only 15 minutes away, and being onsite you can do much more than you can remotely, if you need to physically move stuff or something. and communication is easier.
ohhh, you can't even program. that's why you're this stupid
>>52874011
>>52873922
OP here - I cant remember if the hostname was in the prompt or not, but if it was and we didn't notice I wouldn't have been surprised. Honestly, there was so much adrenaline at that time it could have say Nigger@Nigger /Nigger/Nigger: and I wouldnt have noticed.
>yfw most companies are this incompetent or more so
>>52874031
>ohhh, you can't even program. that's why you're this stupid
kek
Just haven't learned, doesn't really mean I'm stupid. I have no issues using GNU/Linux.
>>52874141
>I started a ganoo unanto live cd, am I good with ganoos yet?
Well OP, i mean I've been a system admin for 5 years at a uni. We have a huge team divided up into multiple units that handle all different aspects, database, security, workstations, etc. Running a website is just too much work for a few guys to realistically handle. I think you did your best, you all made some mistakes, you're human, it happens, and you were full of adrenaline at the time because fuck, that's some exciting shit happening.
Anyway, thanks for the good story. I'm sure you'll probably find a good gig somewhere else, just treat it like another learning experience.
I'd probably hire you, desu, if you could pass my interview questions and lab.
>>52874151
What? I use Arch and Debian on all my machines.
>>52874164
Knowing how to program/script in bash is still knowing some "programming", no?
>>52874182
Eh, I try to undersell more than oversell. Probably part of me being an inexperience NEET as you said.
Also, I've never really written a bash script, although I use aliases a lot and chain shit together with ; or && sometimes. I'm also comfortable in vim. I should probably just learn a few more things.
>>52874162
>made some mistakes
This is a little more than a mistake, buddy. He discovered a network breach in progress, identified the compromised machine AND DID FUCK-ALL WITH THE INFORMATION. If these posts are to be believed, OP just stood there scratching his ass wondering what to do next. I would say this goes beyond a mistake into full caveman. Actually, a caveman would try to hit the bad thing with a stick which would have been more than OP did in the end.
>>52874207
Well at least you got over the vi/vim hunch. I know how to use vim but honestly its not worth the time I fumble around it. Based nano for life
>>52874162
since OP wont answer, what's a good path to becoming a sysadmin?
>>52874315
git gud.
>>52874244
everyone's a critic
>>52874315
Be handy with tech and find a place that will hire you, entry level. I would recommend looking for a managed services provider. That's how I got my foot in the door. I had no real IT experience and no education. I was just handy with computers and knew how to use Google.
>>52874353
Is it common to teach you more once you're on the job? The thought of barely getting a position I'm not qualified for and then having to work there for a year or two sounds pretty hellish.
>>52874315
Install gentoo is the only rational answer
>>52874368
you don't "get taught". you have to be an autodidact. before you can be an autodidact, you have to first stop being lazy.
>>52874402
and you have to stop asking other people for answers. you have to find the answers yourself.
>>52874402
>>52874416
I normally teach myself things and find my own answers, I just worry that I'll never find a job because I don't consider myself qualified. Also thought I'd ask some knowledgeable people since I was lurking here anyway.
>>52874353
thank you anon,
So OP,
why did they use Debian? were you there from the beginning?-
Why not an AWS or Azure instance? Cost mainly?
>>52874368
I already had strong troubleshooting skills but I went in knowing little about administration on an enterprise level. I learned a ton about exchange, active directory, VMware, Cisco, VOIP, etc. All this shit's super easy to learn if you have a knack for it. Cisco is mostly CLI oriented but everything else can pretty much be managed end-to-end with a friendly GUI. The great thing about working for a MSP is all the people you can go to for help. They've showed me a ton since starting.
>>52874481
ok faggot stop hijacking this thread with your NEET bullshit. You aren't 1337. you're NEET.
>>52874402
>>52874416
This is BAD advice. Always try to find the answer yourself, but if you can't, never be afraid to ask for help. The only way you are going to learn is if you know how to do it right.
Studies have shown that asking for help from a knowledgeable co-worker is a great way to strengthen interpersonal bonds and trust.
>>52874494
Isn't NEET the opposite of having a real job as a sysadmin and interacting with people? Besides, I'm replying to someone asking me a question. Why don't you fuck off?
great thread desu, up until >>52874315
>>52873471
eye hurting red, yellow, green colors is enough cute colors are for desktop use and love /threads
>>52873891
like set down the VM's lan interface?
I'll imply host is compromised too, image snapshoot and physical network isolation is best case scenario? In case the script changes once the wan stops.
>>52874576
thanks for the (you)
>>52873563
If I were OP I'd be more worried about the gap in my employment history than suicidal adulterers.
>>52874661
Killing the nic is better than nothing. It'll at least buy you time to figure out a plan. The attacker probably wasn't able to get root access in the vhost. Especially if you've properly implemented VMware.
>>52874055
> Nigger@Nigger /Nigger/Nigger
next build here i come
>>52873623
Assuming your data center is in-house and you have an active breach, you hit the button that's usually protected by a lid
>>52874768
Kek'd :D
>>52874353
It almost sounds like you're saying you didn't have an education or any fancy resume, but God dammit you walked into the guys office and told him "I'm young, need a job and I'm not afraid to get my hands dirty" and then he hired you!!!
Thanks grandpa
>>52873677
He's already fired and since it was accidental it's not like he can be charged with anything, so whats the point.
>>52875095
I replied to an ad on Craigslist about 5 years ago, but yeah, that's basically how it went. Most of the interview was a series of troubleshooting tests on a broken VM. It was fun.
>>52875166
>mfw decided after i get my A+ i would brwse jobs in my area on craigslist
>mfw convinced myself it would work, and it wouldn't work out
>mfw this guy got a ob because of craigslist
>for 5 years
>>52875207
Are you saying you convinced yourself it WOULD work and it didn't work out or that you convinced yourself that it wouldn't work and never applied?
>>52873099
Reports says you were popped via tour vpns with shitty passwords
>>52875576
i fucked up.
*anon said it wouldn't work put
>>52875095
If you had any real life experience you'd know that this shit actually happens. Everyone is retarded when it comes to computers. A tiny bit of knowledge and charisma will get you a job almost anywhere.
>>52874444
you can't been those services prices without qualified people. Both those companies exist because finding somebody you trust and is competent is nearly impossible.
Also, patriot act. Fuck you from Canada. I am not OP
>>52873807
>i'm proud that I managed to detect the hack while it was in progress
but you didn't, anon.
Your boss and Steve did.
>>52873563
>implying there was any actual cheating going on
>implying that the entire female "userbase" of AM didn't consist entirely of bots.
Steve was the hacker. He fixed it all to clear himself of wrong doing and got out clean.
>>52875824
I keet seeing a lot of women saying that; " Lmao those guys were flirting with other guys and bots xD nuh uh!! women weren't even on this site, sgame ob thise men"
No.. men go on craigslist/backpage/fuckbook/etc. AM was made for women. All those statistic breakdowns of the userbase gender aren't really valid, they're most likely glanorized since the they just leaked email addresses.
>>52873563
Pretty good only absolute scum would use such a site
>>52873099
Cool story bro.
I choose to believe.
Fuck you and all you stand for
>>52873843
If I was a police officer I would rule that as a suicide death. If someone wants to kill a cheating spouse they should be allowed to.
>>52873231
poweroff
>>52873231
Why didn't you just unplug your edge router? Or poweroff your modem? Are you guys retarded or what? Why wasn't your boss sitting with you?
This seems stupid to me.
>>52873463
This is why I have a minimal install ubuntu vm as my terminal to everything outside of my desktop.
I use my desktop for literally nothing usefull all my good shit is on a vm.
>>52873099
Why the fuck didn't you just kill -9 the sftp process? I assume because this never actually happened.
>>52873231
>> "Fucking Debian!" he shouts.
>> sudo shutdown now
>Nothing happens
>> We're both staring at the terminal box. It doesnt say anything. Nothing about the system going into reboot NOW, or anything like that. It just freezes.
>> Then all three of his screens go black.
>> That's when we realised that while we were away from his desk, the connection had dropped out and we were now in his local terminal
why didn't you just hold the power buttons, literally nothing would have been simpler. pull plugs, power, ethernet, fiber, all of it. Why didn't you just pull network plugs?
don't you guys have a kill switch that kills power to the entire facility?
>>52873463
I can't imagine that interview going well.
"So anon, why did you leave your last job?" "Oh, a massive data leak occurred on my watch and I didn't do shit to stop it"
>>52879176
>on my watch
more like when he was snoozing at home
other sysadmin should have taken the heat
>>52879192
If it was that time-sensitive he could easily have just remoted in?
>>52879220
>implying you'd give remote access from home
>>52879035
> kill -9
This.
>>52879114
>actually thinks servers have a power button you can press, just like his home rig
never seen big boy toys have you?
>>52873231
>"Fucking Debian!" he shouts
>>52879728
>never seen big boy toys have you?
Have you?
HP ProLiant series are used widely in enterprise.
See that big power button on the right? Do you know what it does?
>>52879751
if you read the post, you'd know that the server wasn't even in the same building, thus the power button is not in the same building either. retard.
>>52879750
the real reason for ian murdoch becoming an hero
>>52879763
The poster I replied to literally said that servers had no power button you can press.
This is wrong, and I proved him wrong.
Being unable to press the power button because you are not physically in the same location is not the same as saying ">actually thinks servers have a power button you can press".
>>52879778
Haha lol you sure got him.
>>52879841
>Talk shit when you can't follow a trail of logic
>Get it pointed out to you
>"lol autism"
Wow you clearly won that disagreement.
>>52879871
OK boy autist, everyone was thinking about "push the power button" in the context of the story.
>miss obvious social cues
>um, actuuually..
>haha, yeah I'm so right
>>52873231
Sudo init 0
Always.
>>52873546
Ipmi/bmc slam it...
>>52879931
>Homophobia
>>>/pol/
I already proved that I am right and you are wrong.
I will not continue this conversation until you admit it and apologies.
>>52880094
I'm sorry can we be friends?
>>52873471
I just run top when I want to keep the connection open
>>52879224
> what is VPN
>>52874811
>Assuming your data center is in-house and you have an active breach, you hit the button that's usually protected by a lid
No, you don't. You drop every single connection, using scissors (not even joking) if necessary, but you do NOT power off anything so that your security team can capture forensic data.
OP, why didn't you just cut his connection?
>>52873601
>a significant number of insignificant people is not significant.
There have been reports of gay users of AM, who were simply using the site to date in countries where homosexuality is either frowned upon or straight out illegal, killed themselves after learning their personal information was out in the wild.
It's easy enough to criticise people who use a website with a stated goal is to help married people cheat, but it's an online dating site, used by some to have relationships that might be outside of their local social norms.
Nobody should die because they wanna fuck someone different.
>>52875824
AM is overwhelmingly fake accounts, but it's one of the few online dating sites that landed me an actual date.
Girl was nice, it didn't go anywhere, but she was still a real person.
>>52873463
YOU
FUCKED
UP
YOU HAD ONE JOB
AND YOU FUCKED IT
GG ANON YOU FUCKING RETARD
>>52880348
Not him but reading your post this phrase came to my head:
"The problem then is not on the hackers, it's either in then for breaking the laws and expecting no consequences or that country laws being medieval and unfair."
>>52873666
Satan trips guy confirmed to be a talented salesman
>>52873099
All you had to do was this:
https://youtu.be/u8qgehH3kEQ?t=35s
>>52873682
>Are you retarded?
>dude worked for Ashley fucking Madison for shit pay
are YOU retarded?
>>52880452
They pretty much did. In the video the old guy smugly pulls the cord on the machine they were using to SSH into a remote server. OP and his buddy Steve shut down theirs
>>52879931
>everyone was thinking about "push the power button" in the context of the story
No, that was you and possibly anyone else who fails at reading comprehension. The ability to read something and understand it is not a 'social cue', it's a matter of education.
>mfw sysadmin at a "startup" and manage multiple servers by manually sshing into each of them
>mfw wouldn't know what to do if an attack like this would happen
>>52879751
it shuts down a whole compute node, the relevant vms would start on another. along with a lot of other vms.
>>52881197
i honestly want to be a sysadmin but i just feel like i'd constantly be stressed out and im not sure i can take it
>>52881484
I develop software for network switches, so I work with and meet a lot of sysadmins turned developer, and the common sentiment I hear from them is
> I liked the work, but I got really sick of hating everyone
>read this thread in bed as I fall asleep
>wake up 10 hours later
>thread still alive
Noice.
I'm still at college doing my bachelor's. I constantly think about what to do after graduating. I thought sys admin or Linux admin or database admin would be neat, then I read threads like this and I think maybe I should try becoming a software engineer instead. But I'm too stupid for that..
>>52881484
It's hit and miss really.
If you have everything automated and under control, it's comfy as fuck until shit hits the fan.
But you end up in an understaffed company, it doesn't matter if you're the best sysadmin in the world.
If I was you, I'd aim for a junior position.
All the fun, and nearly as much responsibility.
>>52881484
Before you can do that most people need a few years of being an IT Analyst, where you will really learn to hate everyone.
>>52881666
>>52881713
it's not that i'm scared of people that much (though i kind of dont like them already)
it's more that i don't want to make a huge mistake that'll make me liable
>>52873099
It's all your guys fault I found out my wife was having an affair with some African American men while I was babysitting her son! How dare you!
>>52881722
IT analyst is people literally yelling at you and treating you like you are dog shit because you are their desk side support. A few people I know during that stage of their career started smoking. But once you get past that stage the SysAdmin stage is comfy.
I jumped ship to being a Systems Analysis, but I miss SysAdmin man (though the salary in my new field is much nicer).
>>52873463
>they had to let "us" go
What? They couldn't have used the word "us
", only "you".
You story has holes Anon.
>>52878443
>Fuck the law my feelings are more important.
I agree with you and would vote for a law like that, but you should ethically resign if you feel that way.
>>52881722
But see, that's the problem. You're basically babysitting a bunch of people who know nothing about security and see you as the guy standing between them and being able to do whatever they want with their computers.
It's more a game of cat and mouse for them, but for the sysadmin, it's a life or death game of whack a mole. And then everyone wonders why the sysadmin gets so pissed off when someone does something stupid to potentially compromise the network.
>>52874716
Just put "worked as sysman" describe duties and use the co-worker as a reference. They won't double check probably.
>>52875821
He found the python script if I read that correctly.
>>52880397
Said the fat uneducated neet who was sat on his mummies laptop :)
How many years of experience did you guys have before getting your first job as sys admin? Should I even bother applying for system admin as entry level job?
>>52873099
dump
>>52879750
RIP TO A REAL NIGGA
How does it feel working for CuckSoft Inc?
>>52873099
>not immediately killing the python script and modifying it to spit out garbage before the hacker could restart the dump
Why not just pull the plug on the server?
>>52873099
>> Took 15 minutes to get to work. I cycled because they don't pay me enough to afford a car.
So you would use a car for a distance that would only take you 15 minutes you a pushbike?(likely with rubbing brakes,punctured tyres amd some nice gay streamers fluttering in the wind)
Are you a HUUUUGE bitch op?
A HUUGe,slow,thick bitchboii?
With the amount of money Ashley Madison brings it, did you guys really not have any network sensors? IPS systems? A SIEM solution to correlate network/host events? Also, why on earth would you shut it down? Once you do that you're going to lose the most volatile evidence of the breach. How does Ashley Madison not have a team of sec analysts dedicated to monitoring the site 24/7? It's really unacceptable.
>>52888020
it was a dating site not a nuclear silo
>>52873099
What the fuck.
Why did they call you? Was your coworker too stupid for shutting down a server or disconnecting it from the network?
>>52888524
I do incident response and security analysis for a living, a good portion of our clients are small businesses, If they can do it, Ashley Madison can do it. it doesn't have to be a nuclear silo in order to implement what I mentioned before.
>>52887853
it couldve been a cloud clouds dont have plugs
>>52879751
Most of the time the server is like 500 kilometres away from you. At least in my company there is noone we could call in that case. If someone took over our servers we would be fucked and could only log in to some obscure secret backendshit and shut it down and it the attacker had even this then there would be absolutely nothing that is stopping him for say like the next 24 hours. If ssh doesn't work we are pretty fucked.
can you not, like, stop a VM instead of shutting it down? that way, it stops instantly, plus you get to do forensics easily...
>>52889211
Don't they think they should probably implement a contingency plan in case something like this were to happen?
>>52880348
Yeah man, its another shoah amirite?
>>52890023
>mfw 6 gorillion cheaters
