Page 1 of 2 12 LastLast
Results 1 to 20 of 29

Thread: Electronic Spying by Employer?

  1. #1
    Cabledude Avatar Fan purecomedy's Avatar
    Join Date
    Feb 2000
    Location
    Canada
    Posts
    1,373

    Question Electronic Spying by Employer?

    I've always wondered if I'm being monitored at work when on my computer. For instance, if I want to go in and see my bank balance could there possibly be some kind of spy software whereby somebody else could see the same screen that I'm seeing and record the keys I type for my password etc.

    Obviously it's possible, question is how do I detect it! Are there certain things to look for in the task manager?

    Will be interested to hear some other reactions to this post. Maybe I'm too much of a conspiracy theorist!

  2. #2
    Elite Member Jim's Avatar
    Join Date
    Oct 2000
    Posts
    13,231
    Maybe if you're worried about such things, you shouldn't be looking at that information at work. I'm sure that if you have uneasy feelings about being spied on, you'll be able to wait a few hours to check your bank account.

  3. #3
    Gone Camping
    Join Date
    Jan 2001
    Location
    Northern AB, CA, turn left Alaska, Turn right, Yukon Territoies
    Posts
    13,515

    Re: Electronic Spying by Employer?

    Originally posted by purecomedy
    I've always wondered if I'm being monitored at work when on my computer. For instance, if I want to go in and see my bank balance could there possibly be some kind of spy software whereby somebody else could see the same screen that I'm seeing and record the keys I type for my password etc.
    Yes yes and yes to all of your questions.
    My last job, we could monitor every page someone went to, what they typed, we could read their E-mail.
    There was so much information collected that it was basicly useless, unless you needed it. But if something happened on such and such date at 3:15 pm. We could pull the logs for that day and time, then go into cached files for each workstation and go through them. To go along with all the logs and cached terminal actions we could also pull tapes for that same time period because all phone calls were recorded and filed.

  4. #4
    SCSI Dude Faust's Avatar
    Join Date
    Apr 2000
    Location
    Huntington Beach, CA
    Posts
    8,724
    ^^ yep.


    my employer is a very large corporation, with offices/plants all over the world.

    all our network communications go through a proxy in Pennsylvania, and all traffic that goes through the proxy server (to the WAN/internet side) is logged. as Chris mentioned, that's waaaaaay too much data to be useful on a day-to-day basis (aside from a security point of view). but if our MIS department wanted to, they could map all of the network activity from a given client machine.... cleared your browser cache, your history and temp folders?...... won't make a difference. all our network goes through a central point, and there's nothing you can do to detect it (aside from knowing it;s there) or stop it.


    obvuiously, not all networks are created equal, so it really depends on to what extent your company has gone to monitor what;s going on.
    "Today is a black day in the history of mankind."

    - Leo Szilard

  5. #5
    Gone Camping
    Join Date
    Jan 2001
    Location
    Northern AB, CA, turn left Alaska, Turn right, Yukon Territoies
    Posts
    13,515
    The only thing that wasn't monitored were the restrooms, but I kid you not, that was in the works.

    And all this for a call center for internet tech support

  6. #6
    Moderator Bouncer's Avatar
    Join Date
    Oct 1999
    Location
    OCONUS
    Posts
    4,834
    "all our network goes through a central point, and there's nothing you can do to detect it (aside from knowing it;s there) or stop it."

    From a technical standpoint this is not quite true. You can use anonymizer proxies, or HTTP tunnels to bypass their proxy and cacheing servers.

    http://www.http-tunnel.com/html/

    Is just one of them.

    Regards,
    -Bouncer-

  7. #7
    Originally posted by Bouncer
    "all our network goes through a central point, and there's nothing you can do to detect it (aside from knowing it;s there) or stop it."

    From a technical standpoint this is not quite true. You can use anonymizer proxies, or HTTP tunnels to bypass their proxy and cacheing servers.

    http://www.http-tunnel.com/html/

    Is just one of them.

    Regards,
    -Bouncer-

    Yeah but if you do that red flag goes up

  8. #8
    Second Most EVIL YARDofSTUF's Avatar
    Join Date
    Nov 2000
    Location
    USA
    Posts
    70,013
    Originally posted by Chris
    The only thing that wasn't monitored were the restrooms, but I kid you not, that was in the works.

    And all this for a call center for internet tech support

    thats not illegal in canada?

  9. #9
    Gone Camping
    Join Date
    Jan 2001
    Location
    Northern AB, CA, turn left Alaska, Turn right, Yukon Territoies
    Posts
    13,515
    Originally posted by YARDofSTUF
    thats not illegal in canada?
    I'm not certain what the what the law is regarding it, there argument was client confidentiallity, because there is addresses and billing information and SS #'s in the accounts. The office was to a regulated paperless point, No paper or pens permitted. Everything had to be done on the terminal.If someone was found to have a piece of paper or a pen, they could be fired.
    On the restroom issue, I think it was for the common area, not individule stalls.
    But who knows, I'm no longer there

  10. #10
    Moderator Bouncer's Avatar
    Join Date
    Oct 1999
    Location
    OCONUS
    Posts
    4,834
    GH,

    I wasn't saying it might not be detected, merely that it was possible. More to the point, unless they have the address of the remote site as a "red flag" site then it would be treated the same as any other encrypted page.

    In fact, I'm not sure if any proxy or cacheing software would correctly display an HTTPS page. A machine local keystroke logger or page logger might capture your password and sign on.. but I'm not sure any remote proxy or cacheing server would.

    The HTTPS would fail durring connect because it'd be enable to set up the encryption hash to the correct end destination. At least, this is what I've seen when I set up local cacheing proxy servers in a location outside the US. We had to specifically allow HTTPS connections to bypass the proxy/cacheing server, or they'd never work. Since a lot of deployed soldiers use hotmail and yahoo for personal stuff, this was the only way we could allow them to access their personal email. (Actrually we had to set up a full bypass for hotmail because they use some funky udp per session setup protocol).

    Regards,
    -Bouncer-

  11. #11
    SCSI Dude Faust's Avatar
    Join Date
    Apr 2000
    Location
    Huntington Beach, CA
    Posts
    8,724
    Originally posted by Bouncer
    GH,

    I wasn't saying it might not be detected, merely that it was possible. More to the point, unless they have the address of the remote site as a "red flag" site then it would be treated the same as any other encrypted page.

    In fact, I'm not sure if any proxy or cacheing software would correctly display an HTTPS page. A machine local keystroke logger or page logger might capture your password and sign on.. but I'm not sure any remote proxy or cacheing server would.

    The HTTPS would fail durring connect because it'd be enable to set up the encryption hash to the correct end destination. At least, this is what I've seen when I set up local cacheing proxy servers in a location outside the US. We had to specifically allow HTTPS connections to bypass the proxy/cacheing server, or they'd never work. Since a lot of deployed soldiers use hotmail and yahoo for personal stuff, this was the only way we could allow them to access their personal email. (Actrually we had to set up a full bypass for hotmail because they use some funky udp per session setup protocol).

    Regards,
    -Bouncer-
    this is true. i suppose what the point i was driving towards was is that even if the specific content (pics/movies, etc) of what you were looking at isn't available, the addresses/domains would still traceable through the logs.

    a red flag may not go up if it is unknown, or if it has overly generic or nondescriptive meta tags.... but all traffic could be found out at some point in time, should it be needed or wanted... even using an anonymizer proxy would (err, could), in itself, look incriminating.

    dont get me wrong.... i'm not correcting you (because you are indeed correct). it's just that those logs are the killer. maybe not now... maybe not next month. just at some point, someone may say "hmm.... why all this time spent at www.chubby-ankles.com?" .
    "Today is a black day in the history of mankind."

    - Leo Szilard

  12. #12
    Gone Camping
    Join Date
    Jan 2001
    Location
    Northern AB, CA, turn left Alaska, Turn right, Yukon Territoies
    Posts
    13,515
    Originally posted by Faust
    www.chubby-ankles.com?" .
    Ooooo, my favorite

  13. #13
    Moderator Bouncer's Avatar
    Join Date
    Oct 1999
    Location
    OCONUS
    Posts
    4,834
    LOL!!!

    chubby-ankles.com

    LOL, yer a nut.

    Regards,
    -Bouncer-

  14. #14
    R.I.P. 2017-10-02 Joint Chiefs of Staff's Avatar
    Join Date
    Mar 2001
    Location
    The Sandbox
    Posts
    42,832
    While working for Bell Canada I've seen employees get let go for sneezing the wrong way while browsing the web. If it wasn't work related, it was inexcusable regardless of the reasons.

    Here is my philosophy. Your at work to do just that, work. For those that can't wait 8 hours to get home to e-mail the mistress or what not you can always hit a local internet café or Starbucks on your lunch break to do your private exchange of information.
    >>Cult Master of International Affairs<<

  15. #15
    Cabledude Avatar Fan purecomedy's Avatar
    Join Date
    Feb 2000
    Location
    Canada
    Posts
    1,373
    Originally posted by Patrick K
    While working for Bell Canada I've seen employees get let go for sneezing the wrong way while browsing the web. If it wasn't work related, it was inexcusable regardless of the reasons.

    Here is my philosophy. Your at work to do just that, work. For those that can't wait 8 hours to get home to e-mail the mistress or what not you can always hit a local internet café or Starbucks on your lunch break to do your private exchange of information.
    I don't know if I agree with this entirely. What if I get to work early, what if I browse the web at lunch, what if I stay late after work, what if instead of going downstairs for a coffee break I check something out on the web instead.

    At an Internet Cafe don't I run the same risks, they could track everything too couldn't they?

    Can I never use the office phone to make a phone call to a friend or family member either?

    I say we have to be reasonable and balance life and reality instead of making hard rules. If this is the way bureaucrats are wasting money (tracking my every move) in my office I have a definite vote for who goes first if the industry goes downhill again.

  16. #16
    Cabledude Avatar Fan purecomedy's Avatar
    Join Date
    Feb 2000
    Location
    Canada
    Posts
    1,373

    Re: Re: Electronic Spying by Employer?

    Originally posted by Chris
    Yes yes and yes to all of your questions.
    My last job, we could monitor every page someone went to, what they typed, we could read their E-mail.
    There was so much information collected that it was basicly useless, unless you needed it. But if something happened on such and such date at 3:15 pm. We could pull the logs for that day and time, then go into cached files for each workstation and go through them. To go along with all the logs and cached terminal actions we could also pull tapes for that same time period because all phone calls were recorded and filed.
    So literally they could see and access an https site. I think it's obvious they could figure out the webpage I went to, but do they really have the info info in the login/password fields clearly visible?

  17. #17
    Gone Camping
    Join Date
    Jan 2001
    Location
    Northern AB, CA, turn left Alaska, Turn right, Yukon Territoies
    Posts
    13,515

    Re: Re: Re: Electronic Spying by Employer?

    Originally posted by purecomedy
    So literally they could see and access an https site. I think it's obvious they could figure out the webpage I went to, but do they really have the info info in the login/password fields clearly visible?
    It really depends on what type of monitoring the company see's fit to run, the call center I was in ran key loggers as well as everything else I said, they also randomly watched your screen with software similiar to VNC, and could sit there and watch everything you did. Not only was it security personel who could do this but as an employee supervisor I was able to do this also. If it was my bank account, i wouldn't even think about doing it on a company or public computer. Mind you with everything I know about computers I won't even do online banking, I don't feel there is any security there. I'll go to the bank and do it in person, or the in branch bank machine, not remote ones though.

    They way I look at it is I don't have much, but what I do have I'd like to keep.

  18. #18
    Assistant Admin Ken's Avatar
    Join Date
    Dec 1969
    Location
    Tampa
    Posts
    12,209
    A point to consider would be that the company owns the computers, and pays for maintenence, support and bandwidth...

    Not to mention the state of the internet with all of it's nasties such as virus, trojans, spyware, adware, etc., cost companies a lot of money and put the entire system at risk... Especially companies that deal with personal/private/financial info...

    Check to see if your particular company allows you to have your breaks, lunch, etc., at your workstation, as many require you to leave your workstation for these personal times... (Just for this reason)

    Most companies state that any and all activity on their computers, etc., are the companies property, including personal emails. (Which may not be permitted anyway...)

    Yes, I am a system administrator...

  19. #19
    Cabledude Avatar Fan purecomedy's Avatar
    Join Date
    Feb 2000
    Location
    Canada
    Posts
    1,373

    Re: Re: Re: Re: Electronic Spying by Employer?

    Originally posted by Chris
    It really depends on what type of monitoring the company see's fit to run, the call center I was in ran key loggers as well as everything else I said, they also randomly watched your screen with software similiar to VNC, and could sit there and watch everything you did.
    Okay this VNC program, if I look in my task manager at work would I see VNC.exe or something running in the task list then?

  20. #20
    ♫♪ ♫♪ ♫♪ ♫♪ downhill's Avatar
    Join Date
    Jan 2000
    Location
    My Own Private Idaho
    Posts
    34,805
    My company is talking about putting trackers in our trucks. I'll be hitting the public restrooms whenever I get the chance..

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •