I'm nothing, I'm a musician

It was the end of November 2019 and Radio ГA / ГA was licking its wounds after the events that changed its inner life in many ways. It was a time made for new generals and self-proclaimed "so-and-so" specialists who, as is customary in these parts, always knew everything long ago. A group of "characters" quickly formed, who, according to the thickness of the butter on their heads, increasingly pointed out around them who was to blame. At a time when the hospital in Benešov in similar situations openly pointed out the reasons for the failure of its security measures and when it tried to learn from its mistakes itself, Radio ГA / ГA focused on the search for the internal enemy and it was not idle at all in its efforts.

When my supervisor and superhuman in one #RC("Remotely Controlled") realised that he couldn't get out of this mess on his own, he started looking for allies. He began to exert his irresistible charm on some of the members of his tribe and beyond, and thus he used his position to find and influence a suitable native useful idiot. There was not enough time and expertise, so he came to me with an offer of candy. My former reminders about system security, including the method of not deploying them, have been forgotten. Politically, he explained to me that it is necessary to take countermeasures as soon as possible, something like "lessons from the crisis period". He even patted me on the back for the first and last time for trying to help him so selflessly during the "Thanks Giving Days" days off. Simply, it was an unforgettable experience and his kind touch somewhere above my right shoulder blade kept me incredibly warm for several days.

And so, from 27/11/2019 to 1/12/2019, I began to collect extracts from the logos for him and gather materials for the gathering of the most anointed ones. Each of us, as I subsequently understood, acted with a different goal. While I thought it was to find out the real causes and prevent them from happening again, for him it was a simple effort to gather evidence and present it without me. In our country, according to the well-known I'm nothing, I'm a musician.

As a musician, he learned to play very quickly and, as far as possible, not too fake. Because on 2/12/2019, his rival in the unsuccessful campaign for the position of IT security director, #JS ("Joints Smoker") was returning from vacation and it was necessary to play the most pleasing score for their common superior. The fact that they wouldn't take me into the musical trio was ultimately to be expected.

The ensemble grew. On 29/11/2019, a colleague-administrator advised me to change the password to my private email account on the public email domain just to be safe. Although I didn't quite understand the reason, I did so, but from a network outside of Radio ГA / ГA. A worm of suspicion began to gnaw at me that if I ever play with them again in the band, then at most in the role of an extra. When I confirmed the password change about 40 minutes after his request, I was surprised by his immediate email question - "Are you at work?" From that moment I stopped trusting them all.

When I provided #RC("Remotely Controlled") with all the materials I was able to find out and collect for him, I became useless to him and the rest of our miniature musical ensemble. And so I started preparing for a possible life without music.

During this period, on the weekend of 30/11/2019 – 1/12/2019, I also created a complete time frame of the incident ("Incident Times Frame") from the documents I found at that time. It was very comical to watch our court tug-of-war over its authorship a few months later with the lawyer of the defendant #MV ("Mgr. Prasátko"), thus we certainly made an unforgettable mark in the history of the Czech judiciary.

In addition to bashing them like a god through their website, these were probably the basic offenses that the famous company Microsoft recommends to avoid:

Users:

• do not use "basic authentication" instead of "modern authentication" to support various outdated mail clients and mobile devices

• use MFA (multi-factor authentication) for 100% of users

• use "self reset password" (possibility of individual password change)

• synchronize passwords with local domain

• applied policy for password deployment and changes in O365

• not using "outdated" protocols IMAP, POP3, SMTP

• recommends using the audit system for O365

• don't use the basic (cheapest) license model that doesn't allow for advanced protection methods

• do not use "generic accounts" (accounts for which passwords have been shared)

Administrators:

• it is recommended to use a dedicated computer for administration, even though I requested it (officially on 18.10.2019) and this request of mine was never approved by my supervisor

• lack of training in the field of administration - said to be too expensive

• not using "conditional access" (conditional access) - again thanks to the use of a cheap license model

For the latter and very effective measure, these days appeared interesting article on the ZDNet portal, where Microsoft announced that "Microsoft is implementing these security settings to protect millions of accounts.", and so it is basically only today setting security settings globally rules implicitly for their cloud customers who were facing the same problems as Radio ГA / ГA at the time.

If only they had come with them earlier...

And so Monday 2/12/2019 came, the day when #I, like a broken dog, together with my handler #RC("Remotely Controlled") had to appear in front of the other smart ones. As soon as he met his rival #JS ("Joints Smoker"), a sharp exchange of views began and "the well of ideas opened wide". No one asked for my opinion, after all, when super-humans are talking, the opinion of a subspecies is uninteresting. And so I spent the moment I was at least "allowed" among them to observe the others involved. The old man, the superior of both managers, was just staring blankly into space and I had the feeling that he would be "knocked by heart attack" in the nearest moment. In fact, I have always wondered what this very old gentleman can do for Radio ГA / ГA. Perhaps only by using all kinds of Apple devices, otherwise I really don't know.

After yelling at each other, he finally dissolved this very fruitful meeting without further ado. After all, as quick as the meeting was called it was also terminated.

I left with mixed feelings. Me to my "open space" working territory, my supervisor, together with my colleague, somewhere higher up in the building. Where the almighty legal, HR was based and where I was banned from going there for the rest of my days. What if I said something inappropriate about anything important? For example, about the fact that my supervisor knew about the incident and did not act?

As my colleague himself wrote to me about his participation in the investigation of this mess by email:

Unlike him, however, my supervisor went there more than to his office and dictated the correct information to the #LA ("Dr. Leklá Andělka") computer. In the meantime, specialists from the IT field from an unnamed company in Prague appeared, and since they did not find the right evidence either, forensic specialists from Microsoft were called after two days. For the #RC("Remotely Controlled"), it was beneath him to participate in their investigation, so I was the only one to spend this time with them.

So before I found myself "away" on "administration leave", as is the English name for something between house arrest, collecting dirt on you and preparing your statement, I spent several days in the presence of these specialists, extracting their knowledge. It was finally the training that I kept asking for without success and it didn't really cost Radio ГA / ГA a cent this way.

I gradually started to find myself outside of the music scene.

In the meantime, the specialists flew off to iron out the messes of their other clients somewhere else, and my work-obstacle period started at full speed. Everything was written down, examined, signed. Just how to deliver the pamphlet to me before Christmas? The humanists came up with an idea here too - after all, we have everything already prepared and we have 2 months to hand it over, don't we? We'll spend Christmas and the New Year, and when we come back rested, we'll kneel on him.

And so from 19.12.2019 to 20.1.2020 the purchase of more secure licenses is being carried out feverishly and investments are being made in further security improvements, after all - exactly according to my previous recommendation. There is a thoughtless liquidation of "legacy systems", as Mr. Untouchable promised me during our last conversation. I always told him that if someone turns off this system, it is important to also tell the last person in the company to remember to turn off the lights. My exaggeration was confirmed - as quickly as he started the liquidation, he had to stop it quickly, because the systems depended each other began to gradually collapse under his hands.

On December 19, 2019, the system for delivering voice messages to e-mails was the first to crash. The following day, #JS("Joints Smoker") informs colleagues about successful phishing attacks on Radio ГА / ГA social media accounts. Since at the turn of the year, #RC("Remotely Controlled") was not yet able to fulfill its next threat, i.e. turn off the system that detected this attack at the time, colleagues could still read one of its last monthly statistics (see below). Stolen identities in subsequent attacks, this was a real "masterpiece" of his part of activities.

On 1/1/2020, he added access rights to my mailbox so he could mine it and is starting another search of my mail.

He searches and searches and searches, but cannot find anything.

And so, thanks to his other inexpert interventions in the systems, they stopped being backed up, the queues of mails waiting to be sent to the Internet exceeded 20,000, there are errors in system groups synchronisation, reports of other attacks are increasing, but no one is addressing and fixing them. That these are also the accounts of the highest in the company's hierarchy? It's not a priority right now. And the person who was responsible for these activities until recently is sitting 4.5 km from the trouble spot at home and waiting as ordered by a bunch of untouchables. Only on the phone and reading emails, as they said.

Discipline, damn it guys, it must be!

A colleague is having a mental breakdown and is staying home for treatment, #RC("Remotely Controlled") is about to take a desperate step that will eventually result in his leaving Radio ГA / ГA after 22 years of his "dream job". At their own request, as was emphasized several times in unison in court by #MV ("Mgr. Prasátko") and #JH ("Dr. Hustá").

But more on that later, because this famous ensemble still hasn't played its last note.