Jump to content

Issue with employee


anguish79

Recommended Posts

I figure this is a good a place as any.

The client that I'm contracted to has an employee they suspect of using personal email to discuss company business, divulging information that they shouldn't be. Based on the monitoring of their company email, we have reason to believe that this is indeed the case (and actually affects more than one employee, but at different locations, and we're only specifically concerned with this one employee at the moment).

We know that the employee is using their ISP email via the web interface. IIRC, it's also encrypted via SSL. However, it's been requested of me if there is any way to do this.

I'm imagining that this is a legal gray area, so I'm already telling them to talk to the company attorneys. But, at the same time, I am wondering if it is indeed possible, and what's the best/easiest way to do it. I'm looking for no cost at this point, as they don't want to invest any money into anything if the attorneys do give the go ahead (budget issues is the excuse, but I know that's partially true).

Spectre Pro was my first thought, since they do use that web interface on company provided equipment, but again, there's the no cost issue.

Link to comment
Share on other sites

If the employee has broken an non-disclosure agreement, get a civil Court to issue a supina to there ISP for all emails.

Illegal wire tapping is most definitely illegal, unless they are accessing there ISP email from the companies computer, in which case there is no expectation of privacy. The easiest way is to setup an SSL proxy and install your proxies certificate on the client machine.

Link to comment
Share on other sites

It's a hard suit because while they were typing the information on a company workstation the data now resides on an off site server. This information was at one time, although not saved, on the corporate network, which in turn you own. Like Sparda said if you have some NDA policy that they signed then you can probably get a court order from the ISP.

Link to comment
Share on other sites

We had a case at our office where a manager requested that one of his reports exchange emails were silently forwarded to him without involving HR, helldesk did this for some reason and the report found out. The subsequent shit storm managed to reach the desk of the global head of HR and the report is currently in the process of extracting a sizable chunk of money from the company due to local HR laws. IMO, bump this up to someone with enough Responsibility to cover your ass. If you hack there personal mail then you will be on the line for it, not the company (the company won't be able to use the info in court anyway), so make sure that whatever you do, you get HR, your line manager and whoever runs the place to sign off on everything you do, and keep this somewhere safe.

From a technical standpoint, you can get about a billion "take a screen shot every 60 seconds" applications, use one of these to monitor the usage of the *workstation*, and leave getting access to the mail account to the boys in legal. You should be well within your rights to monitor the companies machines in accordance with your AUP. You can also monitor browser history, recover saved passwords from the browser, and install a key logger to capture the account password if its not stored. And depending on the webmail app in question you might want to look into sidejacking if the above fails. Then, give the account login details to your boss, who can do the dodgey bits himself.

Link to comment
Share on other sites

damn VaKo.. you beat me to it.

But actually I had another idea. One that would 'seem' a lot easier.

ez@pz# old machine w/ Windows Remote Desktop Viewer | dvr set @ datetime 8_hr_record_time cin << user_login_datetime

eh.. some things just sound easier in cli and c :P

Link to comment
Share on other sites

LOL.. Thanks for the feedback gang.. I appreciate it it.

The one sticky part about the whole ordeal, which is why I'm not doing anything at this point until the lawyers have been spoken to, is that it directly deal with a senior HR manager. I'm not sure they're going to want to go to the point of subpoena's and stuff, so it may already be dead.

Might work out if that's the case, cause I think there might be another nail in the coffin of this HR person anyway based on something that happened yesterday. Unfortunately, I've heard since before the beginning of the year that they were going to get rid of this person, and it still hasn't happened.

Link to comment
Share on other sites

The other option is restrict internet access from the user all together. Most companies have policies on what is acceptable use of the network and what they are allowed to have access to. We had to sign into a proxy to get outside the local lan, and at any time, your access could be revoked, no explanation necessary. Internet access is usually meant for business use only anyway, and if an employee violates that in any way shape or form, they could/should have it revoked. At least where I worked, they would remove their ability to access anything other than local server access for network shares, printers and internal company web pages. If they don't need the internet for their job to begin with, remove it from their profiles. If they do anything to circumvent it, fire them.

Also, block access to the web sites in question including their ISP's web portal/webmail access and make sur ethey can't add it to their local machines email clients, like outlook, etc.

Link to comment
Share on other sites

You can get USB / PS2 dongles that acts as a key logger

True! And being a business, you really don't have to explain the use, since all system activity is monitored to begin with, there is no expectation of privacy in the work place. Most handbooks explain in detial the employer has rights to record converstations as well as read their email and even go as far as putting cameras in bathrooms(although who would want to watch someone take a dump?) except for in the state of California, its a misdemeanor to have a two way mirror in a bathroom/fitting room filming people without first disclosing it to employees or patrons.

Link to comment
Share on other sites

Is there not (or at least should not there) be a Server 05/08 MMC plug in for a keylogger? I mean it makes sense to me.

Tried to see if there is a vbscript keylogger, which supposedly IS possible, but I could not find one that is ready to go.

Link to comment
Share on other sites

HomeKeylogger

its free, and easy, you can access his account at night, download it and set it up so it wont pop up on the toolbar without a command like ctrl+shift+m or something its really good, it hides teh log in C: but can be set differently.

Link to comment
Share on other sites

These are all good ideas but remember to do this legally. Depending on the state that you’re in I would recommend that you have clear cut policies and procedures that state you are allowed to do this. If not push for having legal make them. This could be a mine field your stepping into and or you could really screw somebody’s life over. But if done right you couuld be the new Forensic analyst and show the comapny how valuable you are.

We are a large enterprise - I'll tell you a dirty secrect. Everybody has porn on there computer - because of caches. If an over zealous HR manager got a hold of that evidence that I supplied as a security expert they have a duty to interrupt it. And people could lose there livelihoods or lives

This has happened a lot more than you think or realize. Your manager could also have alternative motives that you are unaware of.

I don’t mean to discourage you – just make sure that you are aware of these issues and I would have a documented trail as a CYA for you ass. Stored off site that clearly states that you a right and a duty to do this. I would also review evidence handling guidlines, custody issues and reccomendations forecnsic pratices in case this blew up on you.

If these are not in place and it blew up in your companies face I would be that you my friend will be holding the bag. Especially since you have no training in this. Corporate Lawyers are the worse form of scum on the planet - they will not say your ass if this goes wrong.

My 2 cents,

Ole Bubba

Link to comment
Share on other sites

Sarcasm?

NO NO! not sarcasm. I mean that's some pretty nice software then. I saw that on a few sites when I was searching for an MMC version of it, but the way it was worded, it didn't look like it would work in the way that he would like it to.

Link to comment
Share on other sites

I have had to rebuild many machines and 995 of them either have porn, movies or music on them. I sued to give people a chance to back them up but soon got sick of it because they don't stop doing it. If I find it, it gets blown away and i report it. I'm not risking my job to save somebody else's.

I warn people that while I don't care, other people with a lot more power than me do care and explain to them that a flash drive costs £10 for 8GB, I never judge, especially in the case of road warriors.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...