In today’s story, a system administrator discovered that someone was trying to hack the company’s server.
The delicious twist is that the employee finds the hacker and confronts him face to face, but it doesn’t end there.
Let’s see how the story plays out…
This happened a few years ago, when I was a volunteer system administrator for some organisation.
I was responsible for a fairly low-maintenance Linux server that dealt with their webpage and emails. I’d rarely go to their offices, usually working from home instead.
One nice morning, I decided to log into the server to check what’s up.
I immediately noticed a suspicious slowness. There was a fishy process using up the whole CPU power, which I immediately recognised as a scripted attack.
It took me a few seconds to kick out the user (let’s call the userid “naiveuser”), deactivate his password, and kill the process. Having slightly more time to assess the damage, I quickly called the boss of the organisation to let him know about the attempt. M = Me, B = Boss, NU = NaiveUser.
OP gives a play by play of the conversation with the boss.
M: Hi Boss, I just noticed a hacking attempt on the server from user “naiveuser”. (Quickly explained what happened)
B: Oh, the full name is Naive User, right? He’s here currently, I can see his screen, he was definitely doing something else… wait, hold on. (With a very stern voice) Naive? Did you give your password to anyone?
NU: Yes, boss, I’m sorry… it’s my student friend, he needed this for an assignment…
B: Give me his full name and phone number, right now.
The boss updates OP and gives instructions.
NU: Y… yes… his name is Leet Haxor and his phone number is 000-0000.
B: OK, thank you. (Back to his office) yuki_n_, deactivate his account permanently. I’ll deal with NU now, but we eventually need to teach them both a lesson.
M: Got it, Boss. I’ll get back to you if I have any news.
OP discovered the location of the hacker.
The whole discussion didn’t take more than a few minutes.
After hanging up, I looked at the perpetrator’s IP address… and my jaw dropped.
It was an internet cafe right next door to my home. As in, literally two buildings away. Also, my friends and I were regular customers there, to play multi-player game in the dial-up age.
I decided to go there, to face Leet Haxor (let’s call him LH) and let the owners know that one of their customers was just trying to hack into my server 5 minutes ago.
OP enters the cafe.
So, I entered the internet cafe, and there was only one employee whom I knew by face (let’s call him E for Employee) and a single customer.
The customer seemed to be so focused on his game that he probably didn’t even notice me walking in.
I went to speak to E.
OP talks to the employee.
M: Hi, is there any customer named Leet Haxor here?
E: (surprised) Uhh… no… there isn’t… why?
M: Oh, I see… Maybe someone who left recently, in the last few minutes?
E: No, no… it’s been just that guy over there for the last hour or so… Why are you asking? Is there a problem?
OP knew who the hacker was.
M: (starting to realise what happened) Well, we caught him red-handed trying to hack into our server from your IP address and I wanted to have a word with him.
E: (in deer-in-headlights mode, says nothing)
M: Okay, if there’s no such customer here, there must have been some mistake. Have a nice day!
I had figured that E must have been LH himself. He was acting too suspicious during the whole ordeal and seemed a bit afraid when I asked for the name. What’s worse is that he froze like a deer in headlights when I told him about the hack.
OP explained the employee’s reaction.
If he weren’t trying to cover up for something suspicious, the first reaction would have been “WHAT? Seriously? Let me check the logs” or something similar.
I then thought about this story from LH’s perspective. He got access to his friend’s server and tried to hack it, thinking his friend would be framed for it.
A few minutes later, someone walked into his workplace, knowing his full name, location, and exactly what he did. Must have been quite a shock indeed.
OP got the employee fired.
The reason I bluffed and said “there must have been some mistake” was that I wanted an excuse to get out and go directly to the owner.
I went home, assessed the damage, and saw that I was fortunately fast enough to prevent any real harm from happening.
I kept all evidence at a safe place, cleaned up the server, and got in touch with Boss to update him.
Given that I was a regular there, he gave me permission to deal with LH myself. I compiled all the evidence and prepared a sweet report for the internet cafe’s owner. Didn’t see that face around since then.
I’m not sure that getting fired is even enough revenge.
Let’s see how Reddit reacted to this story…
This reader didn’t seem to understand that it was the employee who was the hacker.
Another reader thinks OP should’ve reported the hacker.
This person really loved the story.
Another person is looking for career advice.
This person had questions about what the hacker could do.
I think the hacker shouldn’t been reported not just fired.
If you thought that was an interesting story, check out what happened when a family gave their in-laws a free place to stay in exchange for babysitting, but things changed when they don’t hold up their end of the bargain.