Coworker (IT guy) went into a meeting room, turned on the computer, but not the monitor, and then returned to his office. Then he waited for another co-worker to enter the meeting room. The IT guy then remotely connected to the meeting room computer from his desk, logging in as the person in the meeting room - no idea how he got the password. He then made some very strange modifications to seemingly random employees time sheets and left a homophobic email in the drafts of a lesbian co-worker. Then he tried to cover his tracks by erasing some logs, logged out, and went on his merry way.
The changes were noticed the same day and I was asked to investigate. The only reason I looked thoroughly enough to figure it out was because the logs were erased, otherwise I probably would have stopped digging once the CCTV footage and time sheet modification logs matched up. He forgot to wipe the logs of his own machine showing the remote connection to the meeting room PC just before the changes were made. I was digging through his computer’s logs while sitting across from him, it was a bit surreal.
From what I heard, he gave no reason for why he did what he did. I don’t think he really had one.
You're thinking of audit logs, few systems are critical enough to warrant that, no system mentioned in the story would typically have audit logs unless we're talking in the military or similar.
Coworker (IT guy) went into a meeting room, turned on the computer, but not the monitor, and then returned to his office. Then he waited for another co-worker to enter the meeting room. The IT guy then remotely connected to the meeting room computer from his desk, logging in as the person in the meeting room - no idea how he got the password. He then made some very strange modifications to seemingly random employees time sheets and left a homophobic email in the drafts of a lesbian co-worker. Then he tried to cover his tracks by erasing some logs, logged out, and went on his merry way.
The changes were noticed the same day and I was asked to investigate. The only reason I looked thoroughly enough to figure it out was because the logs were erased, otherwise I probably would have stopped digging once the CCTV footage and time sheet modification logs matched up. He forgot to wipe the logs of his own machine showing the remote connection to the meeting room PC just before the changes were made. I was digging through his computer’s logs while sitting across from him, it was a bit surreal.
From what I heard, he gave no reason for why he did what he did. I don’t think he really had one.
What an absolute piece of shit. Could of destroyed someone's life. I wonder if that was the first time.
Weird.
Also, I thought the whole point of logs is that you can't delete them yourself. They get written to an external place and then they can't be edited.
You're thinking of audit logs, few systems are critical enough to warrant that, no system mentioned in the story would typically have audit logs unless we're talking in the military or similar.