If there is ever some world award for discovering something this is the one I wish I could have.
By now you know I have been involved with computers for a very long time.
I started in a large computer room environment and I was fortunate enough to witness the birth of personal computers. But back then mainframes were not dead and their need was still very much required.
So the timeframe here is the late 1980s. I was working in at a bank and I still worked the night shift.
I was recalling my experiences from another university and remembering how we used to check the status of our jobs with a card reader. So I began researching and testing. I was able to replicate that process. I then remembered what I had learned at another manufaturing site in terms of speeding up my job scheduling.
That’s when it hit me.
There was an internal function apart of the process that provided an even more powerful way to execute console commands in an automated fashion.
At this point it is still theory with me so I put together a job and then executed the test.
It worked.
I then started to test other console commands and realized there was no limit to what a job like this could do.
Oh my gosh!
If you don’t understand computers then know this. This technique is nuclear material. This kind of power in the hands of someone is such a breach of protocol that it is scary. Even by my standards.
And by now you should know me and what I am capable of. And I have this power at my finger tips.
I then decided to keep this information to myself.
As I continued to work through the weeks and months, I practiced with my new found abilities. No one knew that I could do this. Even if someone analyzed the syslog they could not tell what I was doing.
I eventually, created a job that helped me shutdown the mainframe when i worked the weekend shift. that was the only time it was allowed to shut it down. that process was a manual system and it normally took about an hour to complete.
By automating it, I could do it in 30 minutes.
But there was still one final hurtle to jump. Security.
The mainframe had a package called ACF2 and for all accounts it was rock solid. At least that was the going thought of the day.
I learned that ACF2 used the first three letters of the jobname for security. That was a directive that the security people setup when the package was installed.
Well, in our system all of the different systems had certain three letter designations and they to had their own level of security. As it turned out. Only jobs with the same three letter designation could alter data within their group. But after a conversation with the security manager I found my answer.
The ACF2 system had its own set of production jobs and after I looked at that code I learned that ACF was the only job that could cross all production systems.
I setup a test whereby I created a test production job using my system of submission and I then created an ACF job where I manipulated the data and removed it.
It worked.
With all of the information that I had it meant only one thing.
I was one dangerous individual.
Eventually, I graduated from college and I went to work in the internal audit department.
My job became more and more security systems. I guess you see whats coming now.
I now drafted my report and with great detail I outlined how I could subvert security, alter data, destroy all data including tape data and impair recovery. Not to mention I knew where the and how the system logs were and i could wipe those out as well. And as a final blow I would shutdown the mainframe.
The beauty in this scenario was that this could be done days in advance due to special scheduling commands available at the console. The jobs would have production names so they would blend in and by the time anyone caught on to the process it would be in such a tail spin that it would have been impossible to stop.
Now as a part of this detailed report. I also detailed how I would use another online systems for remote dialup processes to actually set this whole scenario up.
So do you believe me? Well it is very true and it was very possible.
Management read my report and blew it off at first. But once they got into the details they realized that not only was it possible but my report was quite dangerous.
I was now label the most dangerous person in the bank. I was also told if anything ever happen on that scale they would be coming after me.
I eventfully left Audit and started working in Network Operations. Whee I learned even more dangerous skills that could impact mainframes.
I leave that story for another day. lol
