In the mid-1990s, within the bustling IT sector of the Ottawa-Gatineau region, I found myself workin at an Ottawa-Gatineau region internet service provider (ISP) as their telecom & network administrator. Among this ISP was a man, a junior IT person, we’ll refer to as Mister X. Fresh out of a private IT training school, Mister X had the requisite knowledge for a junior system administrator role in a Windows environment, though he didn’t stand out for his technical prowess, but was given all system administrative privileges.
A Sudden Departure and an Ominous Discovery
After two years, Mister X moved on to a new position within a provincial government service, and I lost track of him. However, a few months after his departure, a routine analysis of his old work computer unearthed something alarming. A hidden folder contained a large compressed file that, when decompressed, revealed a trove of hacking tools, documentation, and sensitive data. This included copies of the ISP’s active directory databases and decrypted containers with personal information and passwords of all employees and clients.
The discovery prompted immediate action: passwords were changed, and the ISP’s owner was notified. The consensus was relief that Mister X was no longer part of their team.
The Past Resurfaces
Fast forward over 25 years to a seemingly innocuous job search at the Canadian House of Commons (HoC).While research this potential job and work environment, I discovered that this Mister X was employed in the (Canadian House of Commons) HoC’s IT department. This raised significant concerns. If Mister X had engaged in hacking activities in the past without any supervision or mandates, what was to stop him from repeating such actions in a more critical and sensitive environment like the Canadian Government ?
Attempts to Raise the Alarm
I was now seeking a cybersecurity position at the House of Commons in Cybersecurity and I intended to highlight Mister X’s past if I found the opportunity. However, the application did not result in an interview, thwarting this plan.
A secondary attempt involved reaching out to a retired RCMP officer friend, who could only suggest the RCMP website as a contact point. This route also failed to yield any results.
The Unanswered Questions
The growing concern about potential foreign infiltration within the Canadian government further fueled worries about Mister X. His military background, reserved demeanor, and questionable technical skills were overshadowed by his ability to compromise system accounts and passwords. These traits and his career progression—from a local ISP to provincial and then federal government positions—suggested a deliberate infiltration strategy.
Despite lacking hard evidence, I couldn’t shake the fear that Mister X might be compromising government information, either for a foreign actor or an internal entity. The idea that Mister X’s career path was meticulously designed for mole infiltration work kept nagging at me. During my career, I learned that the Devil is always in the details.
The Ongoing Mystery
To this day, Mister X remains at his job in the House of Commons, potentially holding a strategic position. The knowledge of his past activities continues to trouble his former colleague, who ponders the possibility of Mister X being a silent mole within the Canadian government’s IT infrastructure.
As cybersecurity threats evolve, the tale of Mister X serves as a stark reminder of the importance of vigilance, thorough background checks, and robust cybersecurity measures in protecting sensitive information. The unanswered questions surrounding Mister X’s true intentions and activities highlight the potential risks posed by insiders with malicious motives.
Conclusion
The story of Mister X underscores the critical need for constant vigilance in the cybersecurity realm. As technology advances and threats become more sophisticated, the importance of identifying and neutralizing potential insider threats cannot be overstated. Whether Mister X is indeed a mole or merely a figure from the past with a questionable history, his tale serves as a powerful cautionary example for IT professionals and security experts everywhere.
Goodluck to Mister X.
I hope he gets caught doing something nefarious.
