Royal Dutch Shell Plc  .com Rotating Header Image

THE CORPORATE HACKER AT ROYAL DUTCH SHELL

By IT4me Posted on Dec 1st, 2009 at 11:36 pm

THE CORPORATE HACKER

The story of Gary McKinnon (the Scottish hacker who penetrated US defence security) reveals different attitudes on either side of the pond. The prevailing US reaction might be caricatured as “Guantanamo is too good for him” while in the UK, it’s more like “OK it’s a crime, but remind me again why all those military computers didn’t have passwords ?”. If tried in the UK, McKinnon would likely face the judicial equivalent of a chinese burn. Extradited, he faces a lengthy jail sentence.

What’s this got to do with RDS ? Well, the case may worry those for whom “hacking” is now part of the day job. Many Business Applications need “administrator” access to the GIH servers on which they are forced to run. The CIO’s empire denies this access, one of many “Big Rules” enforced with total rigidity. Faced with business systems failing, support staff resort to “hacking”. One little trick is to turn temporary administrator access (granted for an install or a problem-fix) into permanent access. Another is to borrow a powerful “service account” who password is known but which can’t normally be used “interactively” (by a human). A quick hack makes the account “interactive” and gets the job done. This trick is favoured because it leaves no trace – unlike Garry MicKinnon, who was caught not by some brilliant CSI-style forensics operation but because he left his email ID on screen.

What you think about ‘corporate hacking’ may depend on whether you sit above or below the fault line where top-down “strategy” meets bottom-up reality. Arguably, it is counter-productive because it hides the failures of strategy. On the other hand, it does keep local systems running. Even if misguided, this kind of hacking is at least well-intended.

Those tempted to send the the corporate hacker to Guantanamo at might save some of their outrage for the really bad guys. In March this year, 661 GIH servers were wiped out by a mystery “virus”. Word has it that this was actually not a virus but insider vandalism, hacking of an unambiguously hostile kind whose perpetrator did not obligingly leave their email ID on-screen.

This website and sisters royaldutchshellgroup.com, shellnazihistory.com, royaldutchshell.website, johndonovan.website, and shellnews.net, are owned by John Donovan. There is also a Wikipedia segment.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Comment Rules

  • Please show respect to the opinions of others no matter how seemingly far-fetched.
  • Abusive, foul language, and/or divisive comments may be deleted without notice.
  • Each blog member is allowed limited comments, as displayed above the comment box.
  • Comments must be limited to the number of words displayed above the comment box.
  • Please limit one comment after any comment posted per post.