Tech support detective solved PC crime by looking in the carpark
On Call Some tech support jobs are sweet, and others go sour. Whatever taste they leave in your mouth, The Register celebrates them all each week in On Call – the reader-contributed column that shares your support experiences.
This week, meet a reader we'll Regomize as "Parker" who told us he once had a mostly delicious job in a candy factory.
"A floor manager responsible for production asked me to fix his PC, which was so slow he could literally make a coffee in the time between double-clicking an icon and having the program open," Parker told On Call. The manager's PC was only a year old and ran Windows XP, a combo that at the time of this tale should have made for decent performance.
A quick investigation found many malicious programs installed on the PC, plus an unauthorized local account called "offtime." Parker considered the manager a friend, knew he was a straight shooter, and could not imagine he had anything to do with this mess.
Log files confirmed Parker's theory: Whoever installed the malicious software did it between 8pm and 4am, well outside the manager's 9am to 5pm routine.
"My first suspicion was a remote hack, but the firewall logs showed nothing connecting to that machine other than HTTP/HTTPS traffic," Parker told On Call. With the manager's permission, he therefore removed the unauthorized programs and installed a monitoring tool that took a screenshot of the PC's display every five minutes. Critically, Parker left the "offtime" account in place.
The next morning, Parker found a stack of screenshots, plenty of them using the "offtime" account to visit a dating site. Some of the screenshots included the username "RedVette" on the dating site.
"That pointed to a specific mechanic on the midnight shift who owned a red Corvette," Parker told On Call.
Parker told us his investigation found that RedVette had spent around four hours using the manager's computer before logging off. A little later, someone else signed on to "offtime" account and spent a couple of hours browsing sites dedicated to guns and hunting. Parker knew those were passions of another mechanic who worked the night shift.
Parker showed this evidence to the manager, whose face reddened with anger because several maintenance tasks were well behind schedule and it looked like RedVette and his mate were the reason why.
"He asked me to kill the 'offtime' account, which I did, and locked down all office PCs to prevent creation of local accounts," Parker told On Call.
But he didn't stick around to hear the end of the story.
"I was not involved in the conversation between the manager and the night shift mechanics when they came in that evening," he said. "But I suspect it was short, loud, and one-sided."
The sour post-script to this story is that Parker's actions meant all of the candy factory's mechanics started giving him the cold shoulder, and kept up their petulance until he left the company a few years later.
Have you busted colleagues doing the wrong thing? Tell us how that worked out by clicking here to send email to On Call. We never rat out our contributors – your name and workplace are never mentioned in On Call! ®
