Sensative information has been compromised by way of email and the jackel is using a hotmail account to share these sensative emails with others in the company who should not be reading them. I believe they are accessing calendars and monitoring emails as we speak.
The network is primarily Microsoft based with several SQL servers, Exchange, and 2003 servers. These servers are patched regularly and the patch management team does maintain a vigil with regards to patching. There are multipule sites that are using terminal services and Active directory group policies are used company wide.

The real stinger is this. I think the jackel is the guy who used to be in charge of Information Security at this company.
Now I have looked at the email header and tracked it back to the original IP which happens to be the company he went to work for....I have recommended the review of the exchange server accounts and have asked that this hotmail account to be blocked.

I suspect that IT is using Telnet on the routers and switches and that this guy has left himself a backdoor I will monitor the port tomorrow.

I have been asked to find this holeor holes and plug it. I am formulating a plan, but I have seen some amazing things come from the brain trust on this site and would appreciate any additional input. Simple or complex I have been charged with covering it all and I do not want to miss anything.

SO anyone up for a game against a grey hat? I will continue to post progress and findings and hopefully this can turn into a worthwhile senerio when all is said and done.