Incident Report
Incident Report
Report on analyzing network problem for DHS, Nov 14th
Summary
On Nov 13th, I was sent to Helijet, Victoria by Director Darren Hasselhoff for an emergency of the government offices in the Department of Human Service. The emergent problem was assumed as malware-leading hacking and attacking at first and perplexed me yesterday. However, today I figured out that the problem is caused by the factory defect of network cards in their computers and solved it, then I returned right after that.
I recommend that we making choices of installing hardware more carefully.
Background
Yesterday morning DHS reported to us that they detected some extremely high data feeding from the network interface cards on some computer, like being downloading from outside the company, which may deal serious damage to the data security. They also found malwares in their computers. Therefore, Darren Hasselhoff arranged a helicopter to transport me to Helijet for DHS’s problem. I arrived there at about 12:35 AM.
Incident
In the first day I went DHS, Sissy Hofferer, DHS’s network administrator, described the detail of the problem: The Norton Symantec anti-virus and firewall detected two malware and deleted them, and then 13 of their new computers are flagged by security protocol as having incredible large amount of data being downloading. They considered this issue as an assaulting by hackers. When I started scanning, however, I actually found nothing had been downloaded from outside the company’s network, those malware are irrelevant and this firewall are unbroken.
My experience of maintaining told me that the problem is possibly related to the computers themselves, so today I tried to swap network cards between a compromised computer and a secure computer, as I did so, the different results of showing data downloading, swapped too. Then I totally confirmed the problem is about the network cards, solved it and came back to company.
Outcome
Following the incident
Report on analyzing network problem for DHS, Nov 14th
Summary
On Nov 13th, I was sent to Helijet, Victoria by Director Darren Hasselhoff for an emergency of the government offices in the Department of Human Service. The emergent problem was assumed as malware-leading hacking and attacking at first and perplexed me yesterday. However, today I figured out that the problem is caused by the factory defect of network cards in their computers and solved it, then I returned right after that.
I recommend that we making choices of installing hardware more carefully.
Background
Yesterday morning DHS reported to us that they detected some extremely high data feeding from the network interface cards on some computer, like being downloading from outside the company, which may deal serious damage to the data security. They also found malwares in their computers. Therefore, Darren Hasselhoff arranged a helicopter to transport me to Helijet for DHS’s problem. I arrived there at about 12:35 AM.
Incident
In the first day I went DHS, Sissy Hofferer, DHS’s network administrator, described the detail of the problem: The Norton Symantec anti-virus and firewall detected two malware and deleted them, and then 13 of their new computers are flagged by security protocol as having incredible large amount of data being downloading. They considered this issue as an assaulting by hackers. When I started scanning, however, I actually found nothing had been downloaded from outside the company’s network, those malware are irrelevant and this firewall are unbroken.
My experience of maintaining told me that the problem is possibly related to the computers themselves, so today I tried to swap network cards between a compromised computer and a secure computer, as I did so, the different results of showing data downloading, swapped too. Then I totally confirmed the problem is about the network cards, solved it and came back to company.
Outcome
Following the incident