A disciplinary procedure has been initiated against the civil servant Marc W. Until further notice, he is suspended from his duties. If he fails to prove his innocence, he risks dismissal for serious misconduct.
What happened?
On 25.11, the Minister of Home Affairs received a letter and several emails containing offensive content from the municipal civil servant Marc W.
In these writings, the civil servant accuses the Minister of Home Affairs of incompetence and cronyism. The Ministry immediately informed the college of mayors and aldermen. The mayor has known the civil servant for many years and can’t believe this. Of course, Marc W. had criticized various departmental procedures but had never expressed such serious allegations and such “nepotism”.
During an extraordinary meeting, Marc W. has to give explanations in front of the elected officials. He denies the charges against him, but can’t explain by whom and how these comments have been sent to the Minister, on his behalf and with his signature.
Regarding the letter, it is indeed the official letterhead from the municipal administration that has been used. The signature was scanned, but this procedure is not unusual. Moreover, the transmission report confirms that the e-mails were sent from Marc’s computer. The civil servant maintains his innocence, but he is still suspended from duty.
How is it possible?
Either the civil servant lies or another person could have accessed his computer to write these emails and send the letter on his behalf.
Usually Marc W. goes for a lunch break at 12:15. But the 22.11, he left his office at 11:45 because he had an appointment outside. Nevertheless, even if the administration is closed at midday and generally all employees are out of office, Marc W. always locks his computer when he is absent from his desk.
Marc W. has not only friends among the staff. He knows for sure: one malicious employee used his computer to get him in trouble.
Although Marc W. computer was locked, it was not very difficult to access it:
- His password consists of the birth date and name of his dog. The dog’s picture is on his desk and date of birth on the back of the photo. Investigations revealed that these emails were scheduled to be sent later.
- The letterhead is available in all the offices and could have been stolen by anyone, even outsiders. The scanned signature was in an un-encrypted file on the desktop of Marc’s computer.
Since the person was able to access Marc’s desktop and computer, he used his identity to send this letter and emails to the Minister of Home Affairs.
What should Marc W. do now?
He needs to prove:
- that he was not at his computer at the time of the incident,
- that another person was in his office on the day of the incident and used his computer.
Anyway, he should ask for advice from a lawyer and, if necessary, file a complaint with the police.
What should the municipal administration do?
Communal leaders should ensure the following:
- prohibit immediate access to Marc’s computer in order to prevent critical proofs to be erased and useful data deleted;
- request a technical analysis of the computer from an expert or a CERT (Computer Emergency Response Team), namely: circl.lu;
- and / Or take legal action to obtain a forensic analysis of the hard drive and desktop.
The last two measures are used to save traces and reconstruct the chronology of events.
How could have Marc W. prevented this malicious act?
The best protection in this case would have been a strong password to protect the access to his workplace:
- be difficult to guess and easy to remember,
- be unique, and not used for several applications,
- not easy to find in the workplace.
In addition, sensitive documents, such as digitized signature, must be stored in an encrypted form. To this end, there are many encryption software and applications (i.e. PDF or ZIP with a password).
The names and actions are fictitious, but they are based on realistic scenarios.