Daniel Estrin

to give somebody a global admin account and not log or not track their activities or access. That's keys to the kingdom. I'm going to close my eyes now and trust you. That's something that you just don't do. It violates every core concept of security and best practice.

to give somebody a global admin account and not log or not track their activities or access. That's keys to the kingdom. I'm going to close my eyes now and trust you. That's something that you just don't do. It violates every core concept of security and best practice.

When I saw this tool, I... Immediately panicked. Just for lack of a better term, I kind of had a conniption and said, whoa, whoa, whoa.

When I saw this tool, I... Immediately panicked. Just for lack of a better term, I kind of had a conniption and said, whoa, whoa, whoa.

When I saw this tool, I... Immediately panicked. Just for lack of a better term, I kind of had a conniption and said, whoa, whoa, whoa.

From what I saw, these tools have a very specific use, what you would call part of a hacker toolkit.

From what I saw, these tools have a very specific use, what you would call part of a hacker toolkit.

From what I saw, these tools have a very specific use, what you would call part of a hacker toolkit.

I saw that there was a good 10 gigabyte spike within a matter of maybe two hours that lined up right about the time that they had their access accounts. It would represent data that was being copied from within our system to outside of our system. And for it to spike like that, that's across the board probably the number one indicator that you've been breached.

I saw that there was a good 10 gigabyte spike within a matter of maybe two hours that lined up right about the time that they had their access accounts. It would represent data that was being copied from within our system to outside of our system. And for it to spike like that, that's across the board probably the number one indicator that you've been breached.

I saw that there was a good 10 gigabyte spike within a matter of maybe two hours that lined up right about the time that they had their access accounts. It would represent data that was being copied from within our system to outside of our system. And for it to spike like that, that's across the board probably the number one indicator that you've been breached.

I went to, you know, obviously immediately try to validate that this was not legitimate copying. And so I first went to the dev team, validated that nobody was working on the systems at that time. It was like an early morning. So it did make sense for them anyway.

I went to, you know, obviously immediately try to validate that this was not legitimate copying. And so I first went to the dev team, validated that nobody was working on the systems at that time. It was like an early morning. So it did make sense for them anyway.

I went to, you know, obviously immediately try to validate that this was not legitimate copying. And so I first went to the dev team, validated that nobody was working on the systems at that time. It was like an early morning. So it did make sense for them anyway.

Instructions to drop it, to not file the report. It was one of those situations where it just, it bothered everybody that was involved in my agency and especially my department to do that. And so there was a lot of concern amongst us about that.

Instructions to drop it, to not file the report. It was one of those situations where it just, it bothered everybody that was involved in my agency and especially my department to do that. And so there was a lot of concern amongst us about that.

Instructions to drop it, to not file the report. It was one of those situations where it just, it bothered everybody that was involved in my agency and especially my department to do that. And so there was a lot of concern amongst us about that.

I wouldn't be able to live with myself otherwise. To know that this data was out there, it's going to impact these cases. It's going to cost people their real livelihoods. And for that to happen with nobody knowing what happened, that's the biggest travesty of all. And I believe with all my heart that this goes far beyond just case data.

I wouldn't be able to live with myself otherwise. To know that this data was out there, it's going to impact these cases. It's going to cost people their real livelihoods. And for that to happen with nobody knowing what happened, that's the biggest travesty of all. And I believe with all my heart that this goes far beyond just case data.

I wouldn't be able to live with myself otherwise. To know that this data was out there, it's going to impact these cases. It's going to cost people their real livelihoods. And for that to happen with nobody knowing what happened, that's the biggest travesty of all. And I believe with all my heart that this goes far beyond just case data.