1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How would you deal with this...

Discussion in 'The Lounge - Off Topic' started by toiling, May 1, 2009.

  1. toiling

    toiling New Member

    6
    0
    1
    Hello, would appreciate your thoughts on this.

    about a year ago i discovered my boss was organising "night-time entertainment" using company servers (for what reason he chose the servers i do not know) for his trips to other branches using the admin account as it has full access to the internet. I decided to disallow full access to the internet for the admin account, hoping this would make him realise i was aware (only two of us in IT)

    When questioned about why admin account no longer had full access i explained it had been used to access inappropriate sites. He called back later and apologised.

    As only use two have access, i alerted a friend from the company, just to cover my own back should anything ever get pointed at me.

    I thought that would be the end of.

    This continued, however i chose not to act any further.

    Now for the next part: We have all our emails from every user forwarded to a journaling mailbox. This is for off-site archiving. It has come to my attention he has been using the besadmin account (has access to all mailboxes) to access this journaling account, and read through any emails he so desires. All emails enter the deleted items folder as unread, when investigating something a while back i noticed some appeared read. Didn't look into it further until recently when he has made comments seemingly out of the blue, but which were referred to in my emails.

    I have been able to establish, he has a mail profile (in addition to his own) on his PC for the journal acct, and when it requests authentication (as he is logged onto PC with an account without the required permissions) he used the besadmin credentials. As soon as he is finished he empties the folder (something we have a recipient policy to do automatically once a day).

    On top of this, he is not competent. Basically he has worked here since the company opened an office with just a handful of employees, and was on his own until i joined over a year ago. Without going into too much detail, he doesn’t know basic IT, for example he recently asked me what our primary smtp server was. He could never join another company and get a similar position, as this would be seen through.
    How would you guys deal with this situation? I’m came here fresh from uni, and don't know how best to deal with this while protecting my job and/or future jobs if it came to a situation where i told someone as how could i carry on working with him (its hard enough as it is). I could leave, but then theres the explaining to future employer.

    Any advice folks?

    Thanks
     
  2. dazza786

    dazza786 Megabyte Poster

    758
    30
    67
    i'm inclined to just say join in with him.. snoop on emails, open up game servers, ventrilo, run torrents off the server etc etc

    then when you finally get bored of it, do something which will get these factors looked at.
    delete a few emails, then when people ask you to recover them, you say 'well it was deleted by somebody with access but it certainly wasn't me... the time in which it occurred was blah' then he might speak up

    stuff like that or even make him look silly, if the server isnt a dhcp, make it a dhcp with a totally diff subnet
    then ask him to fix his broken network, when he can't fix it and yuo get recognised, who knows!

    just make sure you remember what you do :P

    haha [/fantasy] :twisted:


    for the record -> my post wasn't an actual direction of what to do.. do not do it! I was merely adding some light humour
    this can be seen by my fantasy close function :)
     
    Certifications: MCP (271, 272, 270, 290, 291, 621, 681, 685), MCDST, MCTS, MCITP, MCSA, Security+, CCA(XA6.5)
  3. UKDarkstar
    Honorary Member

    UKDarkstar Terabyte Poster

    3,477
    121
    184
    Err, I wouldn't "join in" - no point in incriminating yourself as well.

    The emails are the property of the Company if transmitted using their systems.

    Is there anyone in "management" that you know well enough to have a quiet word with ?

    In the past I have experienced this sort of thing at a client's site and made the Company Secretary aware of it informally. The MD was then informed and the Company sent out a clear directive to all staff (including IT) and then did some checking up (via me). THEN it's not a problem to "catch" the person as you have been corectly instructed to do so.

    All IT staff have a responsibility to ensure they are familiar with data protection requirements and security matters - he could be reading sensitive company info and passing it to a rival company for all you know (extreme example).

    Get it sorted ASAP as quietly as you can.
     
    Certifications: BA (Hons), MBCS, CITP, MInstLM, ITIL v3 Fdn, PTLLS, CELTA
    WIP: CMALT (about to submit), DTLLS (on hold until 2012)
  4. Daniel

    Daniel Byte Poster

    236
    6
    25
    That's what I would do.

    I've experienced this stuff aswell, you're not alone toiling :biggrin.
     
    Certifications: 70-270, 70-290, 70-291
    WIP: None, but learning SEO/SEM
  5. jk2447

    jk2447 Petabyte Poster Moderator

    5,483
    354
    249
    Yep, I agree with the two above me. As I work for a really big firm this couldn't really happen here, too many checks and regualtions etc but if it were me I'd ask for a word with a member of H.R. and voice my concerns before he gets you both sacked. He'd only have to say you knew about it for you to get in trouble. I know its a hard thing to do but its the honest thing to do on behalf of your employer because you take their money afterall. You'll be fine
     
    Certifications: BSc (Hons), HND IT, HND Computing, ITIL-F, MBCS CITP, MCP (270,290,291,293,294,298,299,410,411,412) MCTS (401,620,624,652) MCSA:Security, MCSE: Security, Security+, CPTS, VCP4, CCA (XenApp6.5), MCSA 2012, VCP5, VCP6-NV
  6. toiling

    toiling New Member

    6
    0
    1
    Thanks for the replies,

    There are a couple of people i could speak with, all however who work closely with him, and who i am worried how they react.

    Say they did take that option of sending out an email to all staff, i'm sure he would become very intrigued as to why this email was sent out, and presumably would start lookng at me, making a difficult working relationship even more difficult. Then theres the question of proof, how do i prove it, without just physically looking at him do it? what if they don't believe me? then it is completely obvious i am "snitching" and we would then not be able to work together. Who they going to get rid of, me or him? How do i expectto get anothr job if my previous employent ends abruptly and i have no reference?

    Currently sitting here awaitign his afternoon snoop. :(
     
  7. jk2447

    jk2447 Petabyte Poster Moderator

    5,483
    354
    249
    I wish I could anyswer this for you but I'm sure someone on here can. You need to collect digital evidence if you will of his activities before you do anything. Does anyone have the security know how for how he can do it? Saved log files, access reports etc???
    One thing I will say is though, are you sure this fella isn't supposed to snoop around? If there's only two of you he may be acting in a security role also, but this is just a thought, my security training isn't advanced enough yet to give you better advice sorry
     
    Certifications: BSc (Hons), HND IT, HND Computing, ITIL-F, MBCS CITP, MCP (270,290,291,293,294,298,299,410,411,412) MCTS (401,620,624,652) MCSA:Security, MCSE: Security, Security+, CPTS, VCP4, CCA (XenApp6.5), MCSA 2012, VCP5, VCP6-NV
  8. UKDarkstar
    Honorary Member

    UKDarkstar Terabyte Poster

    3,477
    121
    184
    I wouldn't go collecting any evidence.

    If you don't know anyone well enough in a senior management role within the company then go to the most senior that you have at least a nodding acquaintance with.

    You don't have to drop the guy in it; just point out to the person that access to the journal is possible and that you think someone could do it. Let them lead and , if pressed, then you can explain what you have seen.

    At the end of the day you work for the Company and have it's interests at heart.
     
    Certifications: BA (Hons), MBCS, CITP, MInstLM, ITIL v3 Fdn, PTLLS, CELTA
    WIP: CMALT (about to submit), DTLLS (on hold until 2012)
  9. Fergal1982

    Fergal1982 Petabyte Poster

    4,196
    171
    211
    why dont you have a 'hypothetical' conversation with HR regarding the matter. Ask for their advice on what you should do, if you discovered someone performing activities like these, even if you didnt have solid evidence tying them to the act.
     
    Certifications: ITIL Foundation; MCTS: Visual Studio Team Foundation Server 2010, Administration
    WIP: None at present
  10. Daniel

    Daniel Byte Poster

    236
    6
    25
    His afternoon snoop? Explain please.

    In all honesty, how you're working relationship changes isnt a factor in this, if hes breaking the rules, then tell someone also I advise you to refer to you're companies policy on this.

    Either way, you CANNOT lose you're job if you have done nothing wrong.

    Take the plunge mate, everyone here can see from what you've said that you havent done anything, it's him.

    Let us know how you get on.
     
    Certifications: 70-270, 70-290, 70-291
    WIP: None, but learning SEO/SEM
  11. toiling

    toiling New Member

    6
    0
    1
    Problem with that is i imagine they would just say speak to **** and sort it, or he will ask who can access, and when i say me or ****** i expect they will just say well your IT etc etc....

    Thanks for the replies guys, appreciate any thoughts on this!

    in the past two days i have been paying attention to it he has been on 7 times. (unless i missed any)
     
  12. toiling

    toiling New Member

    6
    0
    1
    logging into the account. he's just been on.
     
  13. jk2447

    jk2447 Petabyte Poster Moderator

    5,483
    354
    249
    The more I think of it, the more I think you should go to HR and say "whats the companies policy on IT reading other peoples emails" and just see what they say. They could say they approve of someone in IT being able to do that
     
    Certifications: BSc (Hons), HND IT, HND Computing, ITIL-F, MBCS CITP, MCP (270,290,291,293,294,298,299,410,411,412) MCTS (401,620,624,652) MCSA:Security, MCSE: Security, Security+, CPTS, VCP4, CCA (XenApp6.5), MCSA 2012, VCP5, VCP6-NV
  14. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Daniel - sorry to say fella, but you are wrong. From the sounds of it, this is a small company - probably with bugger all clue about IT. I guess this chancer was lucky enough to get the job originally and has continued to baffle the non-technical peeps with science over the years when things have gone wrong. He's probably hired in outside consultants to do anything that required even the slightest use of a braincell and, when things got too hot, he probably moaned to someone that he 'had to do all the IT on his own' and got Toiling in as a result. Now Toiling does all the work, he doesn't pay for nearly as much consultancy as he used to and can point to this as 'proof' that he's running the IT department on a tighter budget than ever.

    If this sounds familiar to anyone on here, it will be because they, too have worked in environments just like this. In truth, more than half the small businesses I have worked/consulted for are run in the same way. Unfortunately, just hiding behind the Shield Of Righteousness is NOT protection against losing your job. Pound to a penny this slime will have 'friends in high places' who would cover for his arse in the tightest of spots especially since he probably has dirt on all of them from reading their emails over the years.

    My advice is to be very, very careful with this. The HR department may well not be very professional either (why should they be - it sounds like no-one else there is!). It might be worth you taking some independent legal advice about your contract and what protection you are entitled to. Personally - and I know this is probably not what you want to hear, especially in this economic climate - I would think about getting the f*** outta dodge. If I was in your situation I'd leave - no question about it.
     
    Certifications: A few
    WIP: None - f*** 'em
  15. AJ

    AJ Administrator Administrator

    6,771
    102
    221
    I agree with everything said above, except join in. I would add that worknig in IT you must have a certain amount of trust with the management, considering that you COULD have access to all of the companies data and emails. Whilst all of this data does belong to the company, as an employee, you would expect a certain amount of privacy as to what is in your mailbox (something i read a while ago regarding the human rights act).

    Just because you can look at all of this data does not mean that you should. This is where you would lose all credability as an IT professional.

    Now as to what to do. IMHO, you have a responsibility to the company not to keep this to yourself. If you didn't do anything but later on something happened and it transpired that you knew about it, you may leave yourself open to further reprecussions. If he is making no attempts to cover his tracks, then you have no other option than to report him. Ask to have a quite work with someone in senior management or the HR Dept. But whatever you do, be professional and above all maintain your intregtrity, because if you lose that then getting other employment would be difficult.
     
    Certifications: MCSE, MCSA (messaging), ITIL Foundation v3
    WIP: Looking at doing ..................
  16. UKDarkstar
    Honorary Member

    UKDarkstar Terabyte Poster

    3,477
    121
    184
    Ok, bit of lateral thinking here then :

    Why not go to HR or management and ask if there are any company policies on use of IT. If asked to give example say things like users loading own programs on, checking of files brought frrom home for viruses and accessing other peoples email such as those of management. When they ask you why you can say that it's a wise thing for all companies to have if they haven't. If they do have procedures then you can ask if they apply to IT staff as well as they are obviously involved in "securing" systems. You could also ask about staff using computres for their own use e.g. checking personal emails online etc.

    Onc eyou know how the company stands on the issue then you'll have an inkling of how to act i.e. reprot the guy and you're just doing your job or just keeping your head down.
     
    Certifications: BA (Hons), MBCS, CITP, MInstLM, ITIL v3 Fdn, PTLLS, CELTA
    WIP: CMALT (about to submit), DTLLS (on hold until 2012)
  17. jk2447

    jk2447 Petabyte Poster Moderator

    5,483
    354
    249
    Absolutely agree with AJ. Don't ever make it personal or comment on a person, always keep it 100% about the work. Obviously you may have to say its your boss breaking the rules but don't comment on him as a person or his character, let them deal with that (HR). From what you said earlier mate, if he's read your emails and is making funny comments about something you've wrote, your working relationship with his isn't very good anyway
     
    Certifications: BSc (Hons), HND IT, HND Computing, ITIL-F, MBCS CITP, MCP (270,290,291,293,294,298,299,410,411,412) MCTS (401,620,624,652) MCSA:Security, MCSE: Security, Security+, CPTS, VCP4, CCA (XenApp6.5), MCSA 2012, VCP5, VCP6-NV
  18. toiling

    toiling New Member

    6
    0
    1

    Wasn't anything bad he said, he just brought up something out of the blue, which i had been discussing (work related) with a collegue via email. that set alarm bells ringing.

    Appreciate all the advice so far guys.

    Zeb, i swear, have you worked here at some point? you pinpointed everything to the letter (other than he didn't actually request help, it was thurst upon him by management, and from what i have heard, he wasn't best pleased at having anyone else. (this is how i felt before it was confirmed to me by other staff).

    At the minute i'm going to leave it over the weekend, no one senior in at the minute, plus want to think it all through. Very worried what kind of effect this could have on my future career.

    If you guys have anymore thoughts/have a chance to speak to anyone in your company about this i'd be extremely grateful of all opinions.

    again, THANK YOU
     
  19. Daniel

    Daniel Byte Poster

    236
    6
    25
    Ah, forgot the fact that its a small company, but nether the less, surely they comply with verbal warnings, written warnings, etc. :ohmy
     
    Certifications: 70-270, 70-290, 70-291
    WIP: None, but learning SEO/SEM
  20. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    [​IMG]

    We need to bring in Magnum PI. Nah serisouly be careful and follow the advice given here, but I repeat carefully.
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5

Share This Page

Loading...