[Dshield] Interesting Situation

Nelson Andrew - Systems Security Andrew.Nelson at kohler.com
Mon Jan 31 20:38:46 GMT 2005

Greetings all-

I have an interesting situation that has come up and I'm looking for
opinions on what course of action to take.


One of our departments called us (Systems Security) to give us some
information regarding a possible breach of our network. An allegedly
disgruntled customer (one of our dealers) told one of our employees that he
had managed to obtain confidential information from our network. The
information we received, regarding the matter, was fairly vague. Basically,
this customer has claimed to gain unauthorized access to several of our
databases (containing very sensitive data) and said they were able to read a
company execs emails.  At this point, this information is being handed to us
on a second/third hand basis.

So, where do we go from here? On one hand, I am inclined to report the
incident to authorities just based on the fact that the person claimed to
access sensitive information. On the other hand, my gut tells me that this
person was just shouting their mouth off. Unfortunately, we don't have any
way of substantiating the claims. We were able to dig up some basic
information on the individual and, based this information, we are analyzing
our logs.

Has anyone ever been thru a comparable situation? If so, what course of
action did you take?


More information about the list mailing list