This case a few good items from a incident handling side and a few more bad things.
This group used physical break and enters along with wireless penetration to get in to company’s to mess with the payroll. Once in the system they stole identities, setup more back accounts with the employee’s and then gave raises.
They were even in a position to monitor the response to the incident in at least one of the company’s including phone calls to authorities.
A couple good incident handling ideas from all this.
- Use out of band communication, cell’s. Using a VOIP phone on an unknown network may be bad.
- Auditing systems is a must, things like changes to a payroll DB are a good example.
- Logging is great for coming out of an issue, you can use them to try and track them around the network.