Before I was employed at DomainTools, I considered myself a professional Grade A prankster. I had completed dozens of fruitful acts of mischief, but after a few short weeks, I realized I was a mere mortal compared to my prank-counterparts. Yes, it is true, the most important day of the year here at DomainTools is PranksGiving. In fact, some of us have been preparing and training for this day for the past year. I always expected working at a cybersecurity company would provide me with a healthy level of paranoia but I had no idea that paranoia would not be limited to cyber space, but also inclusive of tomfoolery. With this in mind, I have compiled a list of DomainTools office pranks that have taught me valuable lessons about maintaining a healthy level of security and prank paranoia.
Be Vigilant When Connecting to Wifi
Many of us have been forced to fight the urge to connect to “free” or unsecured wifi networks. The inner dialogue that sternly reminds us how important it is not to connect to untrusted networks usually kicks off with the simple question: do I trust this network enough to risk losing control over what data enters or leaves my device? The answer, not so surprisingly, is a resounding no. Whenever we connect to a network, we are providing means and opportunity for an intruder to control this information portal. REDACTED * applied a similar logic by attaching a remote-controlled electrical outlet switch to the victim’s desktop monitor. This gave REDACTED absolute control over whether or not energy traveled between the power source and monitor, which made for a humorous and confusing interaction with our internal IT team.
Takeaway: Always, always, always make sure you are connecting to trusted Wifi networks. And if your monitor is turning off at random, ensure all of your outlets are remote free.
Beware of Intrusive Malware
Malware is a common tactic used by adversaries to disrupt day-to-day operations, gather valuable information, and gain access to internal systems. By definition, malware implies malicious intent to subtly gather/attain/exfiltrate valuable information. This usually gets to a point where your computer is noticeably slower. Once again, REDACTED took this cybersecurity principle and victimized two DomainTools employees. Similar to sophisticated malware, REDACTED worked under the radar to slowly move two employees’ desks closer and closer together. This maneuver (known internally as the “continental drift”) remained a covert operation for over three months – and was only uncovered when both employees (who sat back to back) no longer had the ability to sit at their desks simultaneously.
Takeaway: Complex malware can be difficult to uncover, and a continuous security model is a necessary process to ensure your assets are secured.
Control Your Brand By Monitoring Owned Domains
As a marketing professional, I feel confident stating that a company’s brand is one of its most valuable assets and therefore must be protected and monitored. It is not uncommon for adversaries to spoof well-known and trusted domain names for phishing campaigns. Organizations proactively track down these domains and redirects to ensure their brand equity is not being exploited. Not so surprisingly, the usual office culprit REDACTED used this technique to REDACTED’s advantage by having 40 temporary tattoos made of a fellow employee. These temporary tattoos were worn by a large majority of DomainTools employees on the victim’s birthday (who was highly, and temporarily entertained by this prank).
Takeaway: Proactively and continuously monitor the use of your brand in spoofed domains, as you never know who may be leveraging your hard work for evil (or for enjoyment at your expense).
Prioritize and Protect Your Most Valuable Assets
Organizations can never protect all of their valuable assets- they can, however, prioritize which assets are the most valuable and essential to their operations. This should be your security team’s first step when outlining and defining processes and procedures. As an act of vengeance, a team of DomainTools employees finally sought revenge against REDACTED. This team identified this individual’s main concern, cleanliness. Therefore, the prank squad retaliated with egregious acts on the victim’s desk (i.e. pretending to clip their toenails on REDACTED’s desk). REDACTED’s desk was cleaned, but not before these acts were documented on REDACTED’s own DSLR camera- which REDACTED discovered at a much later date.
Takeaway: Ensure that your entire organization understands what assets need to be prioritized, and secure these necessary components. Also, ensure not to prank your colleagues before an extended vacation.
I hope these security pranks provide you and your team with enough fodder to protect your organization and effectively prank colleagues and friends. From all of us at DomainTools, wishing you and your co-workers a happy PranksGiving!
* (all names have been REDACTED for the safety of those involved)