Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Industrial Espionage

  1. #1
    Senior Member
    Join Date
    Aug 2001
    Posts
    267

    Industrial Espionage

    This is a serious matter, I am asking for assistance.

    1. A 'user' loads MSN Messenger and sends confidential company information to
    to a 'friend'.

    2. Have tried blocking MSN's port 1863, but it then uses HTTP proxy port
    (thanks MS !!) Then tried blocking all the MSN IPs, but it still goes through.

    3. Tried 5 different keyloggers, but A/V keeps picking them up.

    4. Have put a sniffer on the users IP, but the buffer fills up. And not knowing
    what day the messages will be sent.......

    5. Blocked the IP address at the router, but the user goes to another computer.

    6. Installed MS 2000 Professional on sensitive computers.

    All systems are Windows based (and I'm not strong in Linux)

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    257
    Report this person to HR and have them fired.
    -Shkuey
    Living life one line of error free code at a time.

  3. #3
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    Lock the user's account from authentication onto the domain for starters.
    Next, go around and make sure they can't install any third-party programs (2000 and NT both have that ability).
    Get proof that they've had transactions sent (by default, messengers log to a file somewhere).

    Wait for the user to try to log in and nail them when they come looking for access with the proof in hand from their repeated transactions on multiple machines and get them for the following:

    1: installing and using non-approved software on company machines.
    2: transmission of confidential and proprietary information to outside parties.
    3: repeated violations of 1 and 2 when measures were taken to block this communication.

    That's enough to warrant someone being fired and have a bad mark on their referral list. If none of those work, wait out in the parking lot with security and have them have "an accident". *he he he*

    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  4. #4
    Senior Member
    Join Date
    Aug 2001
    Posts
    267

    Can't

    Can't 'fire' them without the proof.

    Wish I could lock them out of the domain; but their job depends on them seeing 'some'
    information. (they are locked out of sensitive material....as is everyone except management)
    Implementing Logon policies would cause others to have problems.

    Can't stop them from overhearing information.

    Vorlin; I agree with you 100 percent. There are written policies in place prohibiting loading software of any sort, and using 'chat' type programs, and xxx websites, etc.

    MS Messenger has the ability of NOT logging it's files. (dammit) Otherwise we would just
    print them.

    Have to prove they download it, install it, use it, then remove it again.

    Bit of a conundrum

  5. #5
    Junior Member
    Join Date
    Dec 2001
    Posts
    7
    well first off if you using win 2000 pro and this person has a id or user name there are lots or option you can do . just give the guy guest privileges on the workstations and or server and deni access to internet. just giving him guest privileges will make him unable to load or down load a program to the machine tada no msn messenger.

  6. #6
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Can you configure your Firewall to log ALL inbound and outbound activity from this user (or IP)?

  7. #7
    Senior Member
    Join Date
    Aug 2001
    Posts
    267

    Tried that

    DjM

    Our firewall is NAT, and configured to log all inbound/outbound connections.

    MSN packets only shows the Router/firewall address, and not the internal IP.
    Seems all Chat programs do that.

    I'm thinking of installing a WinProxy server, and cascading to the Router.
    It's logging feature is pathetic, but maybe with a sniffer I may be able
    to pinpoint the offending internal IP.

  8. #8
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    By the sounds of it, a sinffer might be your only option.

    Sorry, can't help more, if I think of anything else, I'll get back to you.

  9. #9

    Post

    if you are running a w2k network you can give him extremely detailed privileges via the ACE.
    4ChecK

    --ssshhh, be vewry, vewry quiet...

  10. #10
    Junior Member
    Join Date
    Jul 2001
    Posts
    29

    Talking

    For $99 bucks I could send you a hardware keylogger that records all the keystrokes typed into the device. Depending on model, it could hold 64kb or 128kb. But hey, this would be illegal wouldn't it?


    I'm not in that kind of business anymore....

    LOL...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •