Dirty deeds, done expensively

At my old higher seat of learning - which to me will always be the Polytechnic of Wales - some naughty people were doing naughty things. The BBC story is here although they are missing loads of details.

The article is quick to mention Brook Street but completely fails to say what the nickname for the alleyway behind it was in the late 80’s/early 90’s - Dog Shit Alley. We are not told if the guilty mens house backed onto Dog Shit Alley or was on the other side of the road. I found this lack of detail extremely perturbing.

At least in those days a dog shit would go white after a few days, giving you half a chance of missing it during the day. With the lack of street lights this only gave you a marginal improvement in the probability of avoidance at night from zero to an almost negligible amount above zero.

There was a consensus from all the brave souls who had accepted the challenge of navigating Dog Shit Alley, that the actual dog shits, though high in number, were not randomly placed. There was a distinct pattern that made it impossible to not get ones shoes dirty. Some sections would be deceptively easy, lulling the traveller into a sense of false security, before unleashing a devastating and unnavigable series of fecal deposits.

Other times the series would be laid out to catch out the right footed, other parts, the left footed. The gait of the explorer had also been taken into account. Those who favour small steps would soon discover that they simply had no where to step - except into some shit. And vice versa.

The mixture of white, brown and black dog shit was laid out in such a way that even the ambidextrous person, fleet of foot and able to take any size stride with a ballet dancers dexterity, would fall foul of an expertly camouflaged pooh. The different shades of shit, blended in such a way to make some obvious while making others invisible and unavoidable, their presence only revealed by the victims sickening sense of the foot hitting the ground too soon, and that ground giving away to the inevitable slide and panic at loss of balance.

It would seem that one day the shit in Dog Shit Alley was simply collected and renamed The IT Security Team. And it would appear that they didn’t employ the Devious Dogs responsible for the deposits. Confusing cause with effect.

You see, the Devious Dogs would have ensured that Two Factor Authentication was being used - then it wouldn’t matter if a staff password had been stolen. It would be useless.

I wonder how the key logging software was installed, because had the Devious Dogs being doing the security, it simply would not have happened. Firstly the computers would have been locked down so that software could not be installed, that the computers could not be booted from a USB stick, that the computers were fully patched against all known attacks.

The guy responsible was no mastermind, he may have used “a sophisticated key logging device to acquire details of staff usernames and passwords” but he didn’t know how to hide his IP address; it pointed to his front door; he also didn’t know how to hide his tracks - he accessed the system over 700 times!! So he wasn’t using something he had knocked up himself - he was using a known exploit that should have been either patched or mitigated.

He was actively using staff accounts for 19 months. The claim that he used “sophisticated” techniques to remain undetected makes no sense - they found the software he was using and his IP address. They weren’t looking for anomalies - the guy was using a staff account more than once a day on average and exfiltrating files. If I stare at my feet all the time I will never detect the moon, the planets and the stars. That only makes me sophisticated if I’m in a 90’s “shoe gazing” indie band that invented the genre. Otherwise I’m just deluded. Or a wannabe. Or both.

Claiming it cost the University £100,000 is utter bollox. It only cost the overtime of those who did the investigation. The “new” security measures are simply what they should have starting doing a long time ago. And if they had, I’m sure it would have cost a lot less money and the damaged reputation would not have happened.

None of this of course is to excuse the guilty. He simply shouldn’t have done it. That doesn’t mean the University, the Police and the Prosecution can go about spreading shit - because let’s be honest; the shit they spread was easy to spot - like the Devious Dogs.