BMW M5 Forum

Post Reply
 
Thread Tools Search this Thread
      09-15-2009, 10:09 PM   #1
RRGOO7
Colonel
RRGOO7's Avatar
376
Rep
2,451
Posts

Drives: GTR
Join Date: Dec 2006
Location: Miami FL

iTrader: (13)

Bugging computers

I have a little problem at my office. An employee is known to be stealing from the company and I need to gather evidence to prove it. Does anyone know any programs that can be installed on his computer to record his emails, instant messages, and website history???

Any help is greatly appreciated
Appreciate 0
      09-15-2009, 10:18 PM   #2
solefald
Nigerian Prince
solefald's Avatar
Vatican City State
396
Rep
2,180
Posts

Drives: '11 F25
Join Date: Apr 2008
Location: San Diego, CA

iTrader: (2)

Garage List
'11 BMW F25  [0.00]
there is a ton of keyloggers out there... some free, some paid

http://www.actualkeylogger.com/
__________________
Appreciate 0
      09-15-2009, 10:53 PM   #3
RRGOO7
Colonel
RRGOO7's Avatar
376
Rep
2,451
Posts

Drives: GTR
Join Date: Dec 2006
Location: Miami FL

iTrader: (13)

thanks guys
Appreciate 0
      09-16-2009, 05:09 AM   #4
kyleb350
Brigadier General
kyleb350's Avatar
United_States
428
Rep
4,709
Posts

Drives: '21 X3MC
Join Date: Jun 2008
Location: Milwaukee

iTrader: (6)

If it's in a corporate environment, can't you just set up to monitor where the web traffic from his computer is going to?

For example, all IMs go through port XXX, and the software will record all of that.
Appreciate 0
      09-16-2009, 05:19 AM   #5
radix
you know he kills little girls like you
radix's Avatar
No_Country
398
Rep
892
Posts

Drives: -
Join Date: Feb 2008
Location: -

iTrader: (0)

Quote:
Originally Posted by kyleb350 View Post
If it's in a corporate environment, can't you just set up to monitor where the web traffic from his computer is going to?

For example, all IMs go through port XXX, and the software will record all of that.
Yep. If you have *nix box handy on the same network segment, you can run tcpdump and/or Wireshark. This might not work on a wireless network however, depending on if the card on the box doing the sniffing can be put into promiscuous mode or not. This still will not allow you to sniff encrypted traffic, e.g. https, ssh, etc. For that you would need a proxy capable of doing man in the middle attacks such as bluecoat. Be sure to consult a lawyer and check wiretapping laws in your state first.

Oh yeah, if you want to sniff traffic on that network segment, it'd be ideal if the machine designated as the sniffer had a gigabit interface, and one or more fast processors, otherwise the kernel might not be able to process the traffic fast enough and you might lose key data.

Not that I know anything about this, no sir...
Appreciate 0
      09-16-2009, 06:22 AM   #6
radix
you know he kills little girls like you
radix's Avatar
No_Country
398
Rep
892
Posts

Drives: -
Join Date: Feb 2008
Location: -

iTrader: (0)

As a follow up to my previous post, I realize that my advice to consult a lawyer first might seem like overkill. I'm assuming your going to use this evidence that you collect in order to fire, prosecute, and sue the employee. Since it seems that the company/employee will be seeing the inside of a courtroom, you'll want to make sure all your ducks are in a row. I know that the network/computers are owned by the company, but many states have some really strange computer laws.

BTW... depending on your MTA/MDA, it's also fairly trivial to copy all of their email as well. For example, with sendmail you can use a pipe in /etc/aliases (or /etc/mail/aliases depending on OS) for a particular user, or if you wanted to archive all inbound and outbound mail, you could do this:

http://www.usenix.org/publications/l...archiving.html
Appreciate 0
      09-16-2009, 06:25 AM   #7
c0nstant
Lieutenant General
c0nstant's Avatar
United_States
1830
Rep
17,322
Posts

Drives: G80 M3
Join Date: Apr 2007
Location: Los Angeles

iTrader: (1)

radix is the alton brown of this stuff, listen to him
Appreciate 0
      09-16-2009, 07:15 AM   #8
RRGOO7
Colonel
RRGOO7's Avatar
376
Rep
2,451
Posts

Drives: GTR
Join Date: Dec 2006
Location: Miami FL

iTrader: (13)

Quote:
Originally Posted by radix View Post
As a follow up to my previous post, I realize that my advice to consult a lawyer first might seem like overkill. I'm assuming your going to use this evidence that you collect in order to fire, prosecute, and sue the employee. Since it seems that the company/employee will be seeing the inside of a courtroom, you'll want to make sure all your ducks are in a row. I know that the network/computers are owned by the company, but many states have some really strange computer laws.

BTW... depending on your MTA/MDA, it's also fairly trivial to copy all of their email as well. For example, with sendmail you can use a pipe in /etc/aliases (or /etc/mail/aliases depending on OS) for a particular user, or if you wanted to archive all inbound and outbound mail, you could do this:

http://www.usenix.org/publications/l...archiving.html
I appreciate the heads up. I plan on talking to my lawyer today. I was told by another lawyer that it is completely legal since the computer belongs to my company. I plan on double checking today.
Appreciate 0
      09-16-2009, 09:00 AM   #9
hhkim
Lieutenant
hhkim's Avatar
United_States
42
Rep
481
Posts

Drives: '10 335d
Join Date: Oct 2006
Location: LA

iTrader: (0)

Garage List
2006 325xi  [0.00]
Um since this person is working at a company couldnt you just go into his computer and access his information?

The Electronics Communications Privacy Act prohibits an employer from intentionally accessing an employee's electronic communications unless its for a legitimate business purpose. And the good part for you is that 'legitimate business purpose' is anything done with company property. I'm sure your lawyer will tell you a similar thing.
__________________
MY10 335d: Montego Blue, Oyster/Black Leather, Aluminum Trim, Navi, ZSP with Paddle Shifters, ZCW, Alarm
Order Placed: Aug 15th, In Production: Sept 1st, At Port of Exit & Awaiting Transport: Sept 15th, Sept 16th, At Prep Center: Oct 7th, Released to Carrier: Oct 22nd, Delivered: Nov 11
Appreciate 0
      09-16-2009, 10:03 AM   #10
M_Six
Free Thinker
M_Six's Avatar
United_States
19288
Rep
7,549
Posts

Drives: 2016 MB GLC300 4matic
Join Date: Jan 2009
Location: Foothills of Mt Level

iTrader: (0)

I assume you or someone you trust has admin rights on the employee's PC, right? Unless said employee is really good with computers, the evidence you need is probably on the PC still. Do you think he/she is only doing the stealing through email (ie, sending out data to someone) or FTP? If you use a keylogger, make sure whatever anti-virus program you use won't detect it (ain't that a kicker?).

Back in the day, I worked for an environmental engineering firm. An employee tried to walk out once with a floppy full of proprietary drawings. The owner stopped him and they ended up in a fight. The owner threw the guy through a wall. Literally. Big hole right through the sheetrock. We had a dialup connection then, so there really was no way for the thief to send things out over the network.
__________________
Mark
markj.pics

"Life is uncertain, eat bacon now."
-UncleWede
Appreciate 0
      09-16-2009, 11:16 AM   #11
335e92tx
ahat
335e92tx's Avatar
1070
Rep
2,592
Posts

Drives: Was '07-335e92 - Now '13-335IS
Join Date: Mar 2008
Location: Texas

iTrader: (6)

Quote:
Originally Posted by RRGOO7 View Post
I have a little problem at my office. An employee is known to be stealing from the company and I need to gather evidence to prove it. Does anyone know any programs that can be installed on his computer to record his emails, instant messages, and website history???

Any help is greatly appreciated
Use data leakage protection agents and clients. Your probably gonna have trouble getting anything else to be admissible.
Alternatively, replace his desktop with another machine and just run forensics on it.
__________________

'13 335IS N54 (1 of 373 LeMans Blue out of 3597 total production e92)- Grey interior (1 of 24 in LMB with any trans- 1 of 14 with DCT)-MODS -MFactory LSD/MHD-BQ custom Tune/ATM-IC/AFE Momentum GT Intake/Konis/Mfront&HeimJoint Rear rods&arms/Brembos.
https://photos.app.goo.gl/Lo6aHZRo7XqtPkhL8
Appreciate 0
Post Reply

Bookmarks


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -5. The time now is 09:34 AM.




m5:
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
1Addicts.com, BIMMERPOST.com, E90Post.com, F30Post.com, M3Post.com, ZPost.com, 5Post.com, 6Post.com, 7Post.com, XBimmers.com logo and trademark are properties of BIMMERPOST