Guest Deleted_Account Posted May 18, 2010 Share Posted May 18, 2010 To start off i would like to say that YES our usage policy states all networking traffic is monitored, and all computers WILL and MUST be passed through a proxy (allowing us to capture everything). *** Now one of our employees has been caught E-Mailing company secrets, but wait theres a problem: They used OpenPGP to encrypt said emails. How do we know what they were doing? What we know: 1) Said employee accessed a 'Level 4' (Tech) terminal without authorization (we log all logins and log outs on the networks and systems While the employee has access to this terminal at all times they are ONLY allowed to access it if me, my team, or Management says so) 2) Immediatly after copying Financial documents employee went back to their work station signed on (our system only allows employees to sign on one computer at a time and since no one besides IT knows the local accounts & passwords this eliminates plausible deniability. ) 3) Employee connected to her personal email and sent an email using OpenPGP (E-mails are intercepted with SSLstrip which is also in our usage policy stating "Any personal email or "Secure Website" Using protocols such as, but not limited to, SSL, TLS, ETC. may be monitored though means of "Stripping" or "forging" of such protections or by means of redirecting traffic [sSL strip]... " So what i would like to know is what can i do to get hold of that password used to secure the Email. I checked for the PGP key but its be removed. I am in the process of attempting recovery but not sure how the keys are stored or if normal recovery will work. Even so with out the password i cannot decrypt it. Also i managed to get the public key (from the intercepted emails the second email contained the public key) again need password though. What would my best bet be? Considering the employee new what she was doing and circumvented out keylogger by using KeyScrambler to encrypt (encode?) the keystrokes. Is there any way to retrieve that password? Under the assumption that she will NOT enter it again on company computers (since she removed the private key i mean). Sorry about the long post :P wanted to make it clear we are aloud to do this. also keyloggers are only installed when we suspect something and said employee has been suspected for months and now we may have evidence but it may slip through our fingers if we can't decrypt these messages. Thank you, x942 Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.