CSO's Report To Executive Regarding Locking Of tektonic, focus and knutpett
From ProgSoc Wiki
25 May 2001
Given verbally to ProgSoc Executive meeting dated 24 May 2001 (minutes).
Findings of fact from CSO
Saturday 19 May 2001: User wildfire (full name Anand Kumria) was attempting to reconcile mysql account on sutekh to real users. Anand is unable to match mysql user tekton to any UNIX account. Finds actual owner is tektonic (owned by Melody Ng, secretary of ProgSoc) and mail is forwarded to multiple users. Anand finds due cause to investigate further by examining e-mail in the account tektonic; from this he finds e-mail suggesting the tektonic account is in use by multiple users. Locks the account tektonic and two other related accounts: focus (also owned by Melody Ng) and knutpett (in tektonic .forward file). Posts reasons on admin mailing list (email@example.com).
CSO (Murray Grant), regretfully, does not immediately inform Melody of Anand's report at alternate e-mail address. Adds ProgSoc Executive e-mail list (firstname.lastname@example.org) to the e-mail.
All three accounts remain locked until Monday 21 May.
Monday 21 May 2001: Melody contacts CSO by phone to explain her position and seek further reasons as to her account being locked. She is in a somewhat distressed mood. She admits to having more than one account and to allowing other people to use her account in her presence. Denies giving the password of tektonic away to anyone. Explains the use of the .forward file as a mailing list for a group assignment.
CSO is satisfied of no malicious intent on Melody's behalf. Satisfied that there was just reason for Anand to investigate and lock the three previously mentioned accounts. Original report from Anand support Melody's claimed use of the .forward file. CSO is satisfied Melody's claims are true and there is no immediate threat to the Society by her actions. CSO unlocks all three accounts.
CSO regretfully does not immediately inform the admin list of the accounts being unlocked.
Other Issues Arising From the Executive Meeting 24 May 2001
Melody Ng (secretary of ProgSoc) was concerned her privacy may have been breached by Anand Kumria overstepping his rights and responsibilities as an admin. This relates only to investigations Anand may, or may not, have taken after the tektonic, and other, accounts were unlocked. The Executive referred three items to CSO (Murray Grant) to ascertain findings of fact:
1. Whether Anand read the Secretary's actual e-mail after the account was unlocked. Including investigating sudo and/or su commands possibly used by Anand. 2. Whether Anand was following up on the original matter rather than investigating a new threat to the Society. 3. Whether he knew who had unlocked the account, namely the CSO, and not another admin.
Unless all of the above are true, there is no issue for Anand to answer.
Anand's Response to Above Questions The Executive notes it will likely be necessary to rely on Anand's version of events for questions 2 and 3.
CSO examines sudo.log file on ftoomsh. Notes entries made by user wildfire on May 22 between 0000 hours and 0100 hours. Log records show that user wildfire does not use su command to become user tektonic. Anand does make a copy of tektonic's mail spool file and searches for an e-mail ID (matching e-mail ID originally quoted in Anand's report to the CSO) using grep command. Also views e-mail file with less command. CSO satisfied Anand was searching for a specific message. Unsure as to whether Anand was looking for a new offence.
To be updated as soon as a response is received from Anand.