Re: Patient Zero?
"the clowns that pass for opsec didn't tell said "patient" not to open attachments and absolutely not click on links in email"
In the early 00s, when the 'I Love You' virus/worm did its thing, the company I worked for was hit.
Multiple users opened it, and the entire network was taken offline. It was down for many days, since we didn't have a very good IT department.
The disruption was of such significance (you'd have thought) that every single user would have been aware of the cause and the gravity of the situation.
After several days, once systems started coming back online, IT sent out messages that further emails were backed up which contained the worm, so not to open them when they came through. Departmental meetings were held which broadcast the same directive. I mean, they were pretty obvious with their subject lines (i.e. 'I Love You'), and the complete lack of relevant context within a closed office and restricted network environment.
But guess what...?