1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Advice needed on how to deal with a pr0n problem

Discussion in 'Computer Security' started by nugget, Nov 23, 2005.

  1. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    Y'all ain't gonna beleive this sh1t, but....my security problem of the day is pr0n.

    Today while I was troubleshooting a problem on someones laptop I accidently discovered they'd been visiting a lot of pr0n sites (temporary internet files). Now before someone jumps on my case, I think that people can do whatever they like on their own pc's at home albeit searching for it whether it's gay, lesbian, straight or whatever else.

    The problem here is that the laptop is a company one and this person is management (they pay me). He takes the laptop home with him and also on business trips too. The person also has an admin account on the LT and could install anything he likes on it. Based on this finding and also with some of the names of the pictures, I have no doubt that this person would also visit other dubious sites.

    Does anyone have any advice on how to handle the situation or been in the same situation before?:oops:
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  2. zimbo
    Honorary Member

    zimbo Petabyte Poster

    5,215
    98
    181
    EDIT: i presumed you had a virus/es onboard thus my answer.. didnt see that you didnt exactly specifiy... :oops:


    right i had to deal with one of these yesterday man!

    right first trial version of NOD32 at HERE first uninstall the antivirus on the system! if you not too sure how to configur it let me know!
    NEXT hijackthis... very useful free tool...
    then the two most highly rated antispyware... xoftspy and spy sweeper... i managed to get about 450 viruses off this guys laptop yesterday after atleast many hours!
     
    Certifications: B.Sc, MCDST & MCSA
    WIP: M.Sc - Computer Forensics
  3. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,199
    125
    199
    I wouldn't directly mention anything to him / her.

    Simply mention that you needed to backup and restore the data. If this person has any sense about them they will know that you have been able too see their files, and may do something about it.

    As long as the material is above board i.e. not kids, then just let it go, because as you said what they do in their time is up to them.

    I would mention to them though to be careful which sites they visit, as some sites contain spyware, etc. Don't be too specific tho!

    8)
     
  4. AJ

    AJ Administrator Administrator

    6,771
    102
    221
    I would agree with Simon on this one. As he said if it's kids or anything illegal I would be straight to my boss with a witness. What you could do though is to make a backup of all his data, including the pr0n, onto a cd. Then hand it tro him saying that you had to back his data up as a matter of course and here is the disk.

    Then see what he says.
     
    Certifications: MCSE, MCSA (messaging), ITIL Foundation v3
    WIP: Looking at doing ..................
  5. Rostros22

    Rostros22 Kilobyte Poster

    321
    5
    54
    Hi Nugget

    Agree with all that has been said above.

    Also do you use any audit software at all?

    We use Track-IT software at work and basically you can run a hardware / software audit at any time and all our users know this.

    I am not saying this would pick up cached internet information or anything but the fact it is there makes users think twice as they have no idea what it can do.

    I have had similar problems with management laptops when they take them home, not with any offensive material but still installing software / games / music etc.

    The audit software I have found is a big deterrent though.
     
    Certifications: ITIL Certs, F.A.S.T Auditor Certs
    WIP: None - Application with Police
  6. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    13,493
    179
    287
    I agree that discretion will be necessary here. I've heard of people either losing their jobs outright or causing a major flap at work when they confront a management person on their using work computers to access pr0n.

    On the other hand, the mayor of a city in Washington State is in deep water for using his work laptop to visit gay pr0n sites while on business trips.

    I would gently mention how (hypothetically) a person can really hose up their computer by visiting adult content sites and it anyone did that with a work computer, it would likely put the network at risk of being infected with dodgy malware and it wouldn't be much of a chore to trace this malware back to the originating computer.

    Hopefully, this fellow will take more care in the future.
     
    Certifications: A+ and Network+
  7. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    Zimbo, the problem here is not viruses or spyware, although they will come I'm sure.

    The problem is that this guy is surfing for pr0n on a company laptop with sensitive company information on it.

    AJ
    I can't really go to my boss about it because this guy basically is my boss, a hotshot business guy with investors and even the CEO wouldn't 'dare' to do anything about it because of this.


    As I mentioned before, if he wants to do it on his own pc that's fine by me but not on the company laptop and thereby putting the company at risk.
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  8. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,199
    125
    199
    Depending on the guy's character could you not drop a subtle hint to him, i.e. "If I were you I'd clear out my temporary internet files before sending it in for repair". Thus giving him the hint that you know what he's been upto?
     
  9. AJ

    AJ Administrator Administrator

    6,771
    102
    221
    IOf that's the case m8, you just gotta do your job and let it go. If he's got that much power then you can't do much anyway. He will eventually hose his machine and he'll be back. :dry
     
    Certifications: MCSE, MCSA (messaging), ITIL Foundation v3
    WIP: Looking at doing ..................
  10. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    hmm, as someone who has been using the interpr0n for many years
    i must ask why everyone things that accessing pr0n puts the company at risk
    you mean more so than accessing the football scores? or the cinema times?
    you said there is no virii/spyware? that alone says he is not off galavanting at dodgy sites, so the question here poses what risk is it to the 'company information' just because its pr0n?

    id leave it, perhaps make him aware that you know whats on his disk in a descreet manner, but leave it, install spyware/AV to make sure if he does visit the wrong place that things dont escalate


    oh, and NAC on your network is a nice idea ;)
    but not many people have that yet
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  11. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    Phoenix, it's not that I think the pr0n itself is the problem, it's the principle of using a company pc for accessing it. Added to that searching for more by following the links on these sites is more likely to lead to even dodgier sites plus the fact that even smart business guys are clueless users puts the information at risk.
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  12. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    Hmmm, I am not sure whether the problem is with the guy visiting prOn sites or with Nugget for invading his privacy.

    As far as I am concerned, if the person is an adult, they are perfectly entitled to visit any site of their choosing.

    When you are fixing somebody's computer, it can be likened to fixing somebody's filing cabinet. If you hired a carpenter to repair a draw on your filing cabinet, would you be happy that as soon as you left the room, the carpenter started reading your private files?

    You say...

    How does one accidentally view somebody else's Temporary Internet cache? If I intended to scan the computer for viruses/malware I would delete the cache first because it slows down the whole process. To delete them it is not necessary to view them. I believe this to be an invasion of privacy.

    Also, with the nature of adult prOn sites, and their clever scripting, it is very easy to visit numerous pages without you intent. They do this by using various means but the most common is the pop up syndrome. I have seen more pages pop up on my computer than I was able to close. None of which I had any interest in at all but they would have stored temporary files in the cache.

    The issue is really with browsers. The browser should be able to delete all private information. I know Opera can but with IE you would have to manually delete your history, manually delete temporary cache and manually delete the URL history.

    There should be a trust between PC tech and customer (in this case boss). You should not read his emails, documents or any user files, if you want to build that trust.

    You may think it is okay to snoop, I know I did years ago when I first felt the power of understanding computers more than other people. But nowadays I don't abuse that power.
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  13. Jakamoko
    Honorary Member

    Jakamoko On the move again ...

    9,915
    60
    229
    Post the contents on the intranet, acknowledge him for his contribution, and be done. He'll get the message ...
     
    Certifications: MCP, A+, Network+
    WIP: Clarity
  14. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    I don't know if it's just me or if everybody else is just missing the point.

    As I've mentiond a couple of times already Bluerinse, I don't care what people do on THEIR OWN pc's. I do care what they do on company pc's and when this guy has company information worth 20-30 million dollars and the future of the company on his laptop then I take it very seriously.



    This comes from trying to fix a problem and the program telling me that a file that I need is in the same area and also trying to get it done quickly as I'm already 10 mins late, a wrong click and there it is staring me in the face. A page full of .jpg files with names like ... well you get the idea.

    You mention trust and I would like to as well. I'd like to trust the guy to act in a professional and intelligent way and to not put the company at risk, which is the whole point of this post. I don't care what he has for other stuff on the pc be it email, docs etc. I'm just not interested in "snooping". As admin I have that power and I make sure I don't abuse it.

    What I do care about is the safety and future of the company. No viruses, no spyware, fix problems and keep things running.
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  15. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    13,493
    179
    287
    Hopefully, I'm not missing the point. I understand that you want to do your job honestly and to protect the company's data and security. This apparently is at odds with the person who, from your perspective, is putting all that at risk. You can't confront him. You can't tell anyone else in authority and have them handle it. You can't (or choose not to) ignore it.

    If this was happening in the U.S., I'd probably arrange to have a private meeting with the head of HR and discuss it with him (fortunately, I work at a place where I can trust that person) and see what my options were. That may or may not be an option for you.

    Whatever else you do, document this situation fully. You might not need it but if for some reason this thing hits the fan, you'll be glad you have all your ducks in a row. That's the best I can do. Sorry, Nugget. It's a tough one. :oops:
     
    Certifications: A+ and Network+
  16. Jakamoko
    Honorary Member

    Jakamoko On the move again ...

    9,915
    60
    229
    IMHO, Nugg - the guy is neither an angel nor a devil here. Personally, I'd say some of the above advice about subtle hints, with nothing being outwardly stated would be the way to go. However, obviously this may not be too easy for you, given the situation of the user in question.

    This is very much a judgement call, and much as I wouldn't like to be in your shoes, a quiet word or hint may help. I agree he may not be compromising company data through his activities, but this is obviously an issue that troubles you, and I'd rather suggest my thoughts on a solution rather than tell you where you appear to be taking the wrong stance.

    Hope you get it sorted, Nugg.
     
    Certifications: MCP, A+, Network+
    WIP: Clarity
  17. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    Firstly, let me make it clear I am not having a go at you Nugget, I am just trying to open the conversation up to other issues such as a persons privacy and a PC techs responsibility.

    Do you have a company policy that explicitly states users of company laptops must not visit web sites with adult content?

    I am sure there are some adult sites that have malware but the same can be said of thousands of other sites that are not adult in nature. Most of the malware I see is on computers used by kids.

    Do you have a personal objection to Adult content?
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  18. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    I haven't been in Nugget's position, but when I have had to clean a ton of spyware/malware out of a customer's computer I'm pretty upfront with them as to the cause of the problem. I tell them what the names of the malware were and where they are usually picked up. I then tell them, after they have paid me so the pain of writing that check or digging that cash out of their wallet is really fresh, that if they don't like paying me to fix this kind of problem they have a choice to make. They can continue their present Internet surfing habits and continue paying me, or they can change their habits and quit paying me. I don't say I've found anything other than malware, where the likely places are that this specific malware came from by its name and nature, and how easy it is to avoid.

    I've yet to have a customer get insulted, however Nugget's case is different. The guy isn't having to pay him to fix it. What I might do is take a little longer to "fix" the computer. Rather than giving it back to him right away I'd make him wait a little. Then when he says something say how hard this type of problem is to get rid of and where the likely places are that it is picked up.

    That's what I'd do, but then I probably take risks most people wouldn't take.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  19. JonnyMX

    JonnyMX Petabyte Poster

    5,239
    211
    236
    At the end of the day, the laptop isn't his.
    I guess the company also has strict rules about what you can and can't do on a work machine (if they don't, you don't have a problem).

    You've got three realistic choices.

    1) Do nothing. He carries on with his thing and maybe that's the end of it. Or maybe he infects the office network with a virus, or his wife finds out and divorces him. You just have to hope that you are never put in a position where you have to say 'I knew about it but...'

    2) You report it to management. He may get sacked, or disciplined, or they may all be chums and not do anything. Either way you become a snitch and it's unlikely that anyone will praise you for your honsty and dilligence. You may even get to see they guy lose his job and family. That's not nice either.

    3) In my opinion the best option, which has been mentioned here already, is to fix the problem, return the laptop and suggest that he is careful what he uses it for and that you won't log it... this time. That way no one gets hurt, he knows the score and he also owes you big time. In theory, no losers.

    Just my opinion.
     
    Certifications: MCT, MCTS, i-Net+, CIW CI, Prince2, MSP, MCSD
  20. AJ

    AJ Administrator Administrator

    6,771
    102
    221
    I think the point has been made that this is a works lappy and as such is subject to company policies regarding its use. Check this policy out. If there isn't one then ask the HR dept to sort one out to a) protect the company and b) protect the IT staff from what ever they find on the pc's.
     
    Certifications: MCSE, MCSA (messaging), ITIL Foundation v3
    WIP: Looking at doing ..................

Share This Page

Loading...