Need opinions (Corp. Espionage)

S

spotdog14

[H]ard|Gawd
Joined
Jun 16, 2005
Messages
1,297
We have received orders from the managing parter to start monitoring a specific employees internet behavior (most notably email and IM usage), and this also complies with our technology manual that each employee signs that all activities on a work computer or on the work network can be monitored.

The reason for this is the employee is believed to be leaking company secrets to the competition. We are not a large office (20 employees total) but we deal with information that our clients trust us with.

So my question is how do you monitor IM traffic? After looking at our logs AIM and Facebook are the two widest used protocols.

Any ideas? Sorry for this type of question, I know they are usually frowned upon but searching google leads me to some very shaddy sites.
 
For several sites, I've used Spector Soft
http://www.spectorsoft.com/
They have stand alone products for single workstations, all the way to full blown networked versions that store data on a central server.

Good detailed logs, and the software runs hidden, won't show up in the registry, task manager, or other ways that people would look. AV software will not flag it.
 
WhiteZero said:
Packet Sniff him?
Click to expand...
I am not that familiar with packet sniffing, but are you able to see plain text IM conversations with a program like wireshark?

Also YeOldeStonecat, we don't need something that flashy as we can monitor everything else besides IM conversations.

Thanks for the advice though!
 
spotdog14 said:
I am not that familiar with packet sniffing, but are you able to see plain text IM conversations with a program like wireshark?

Also YeOldeStonecat, we don't need something that flashy as we can monitor everything else besides IM conversations.

Thanks for the advice though!
Click to expand...

Yes, you can get IM conversations with packet captures unless you have a very sophisticated user. There are some router distros such as pfSense that have this as a built in module.

It would be quite a bit of work to manually sort through the packet captures, but I am sure there are some automated utilities out there to re-build the conversations.
 
Their eBlaster product is pretty light weight...did you check that one out?
What's nice about it....the reports it creates, you get summary, and details. And no matter what kind of "chat" it is..be it IM client like MSN or AIM or Trillian, or browser based...like google chat or others..it'll capture it. You get summaries of what kind of web activity their doing, time spent at facebook for example, lots of good stuff.

The only other thing I can think of, it's free, and it's getting outdated...is IMInspector. A plugin for some of the *nix based routers. But many of todays IM clients slip past that with encryption.
 
YeOldeStonecat said:
Their eBlaster product is pretty light weight...did you check that one out?
What's nice about it....the reports it creates, you get summary, and details. And no matter what kind of "chat" it is..be it IM client like MSN or AIM or Trillian, or browser based...like google chat or others..it'll capture it. You get summaries of what kind of web activity their doing, time spent at facebook for example, lots of good stuff.

The only other thing I can think of, it's free, and it's getting outdated...is IMInspector. A plugin for some of the *nix based routers. But many of todays IM clients slip past that with encryption.
Click to expand...

I had this setup on pfsense.. It worked great for msn, but my google talk traffic slipped by for some reason
 
spotdog14 said:
I am not that familiar with packet sniffing, but are you able to see plain text IM conversations with a program like wireshark?

Also YeOldeStonecat, we don't need something that flashy as we can monitor everything else besides IM conversations.

Thanks for the advice though!
Click to expand...

If he was a smart spy, he's use SSL or some other encryption on his communications. Or even better, just use his cell phone.
 
WhiteZero said:
If he was a smart spy, he's use SSL or some other encryption on his communications. Or even better, just use his cell phone.
Click to expand...

Yup..but we're talking staff in businesses. 99 and 44/100 % of them are just looking for easy ways to goof and slack.

IT people know the ways around it, the average office worker though..hope...and that's what we're talking about.
 
YeOldeStonecat said:
For several sites, I've used Spector Soft
http://www.spectorsoft.com/
They have stand alone products for single workstations, all the way to full blown networked versions that store data on a central server.

Good detailed logs, and the software runs hidden, won't show up in the registry, task manager, or other ways that people would look. AV software will not flag it.
Click to expand...

Yea spectorsoft is suspose to be pretty good. We run http://www.softactivity.com/ at one client. I set it up almost a year ago and showed him how to use it. Guy figured the fear of it being there was enough and never touched it again. Called us in a few weeks ago to have us show him how to use it again and check what 1 employee was doing. Turns out last year she spend over 150 hours on netflix. :eek:

Program seems to be pretty good. We just renewed its support and pulled the latest version. It was enough for him to fire the girl in question and strike some fear in the others.
 
since when were AIM and facebook protocols ?

to answer your question, spectorsoft is a decent program, i've used it before to monitor employees too. I believe we used the eblaster program which is made by spector soft. The price is relatively cheap.

the only problem with spector soft, is every year or so, they come out with an "upgrade" which makes your current version stop working, so you have to upgrade to continue using it. Again, its a nominal fee (less than 100 bucks), so not that big of a deal, but if you google their company, a lot of complaints from people saying that its their way of making more money. They did this to my company a few months ago. We told them to f**k off though.
 
Use IMSpector or Facetime. You change your DNS to forward all IM traffic to them. As far as email... Do you have exchange? Just make a server rule to copy all inbound and outbound traffic to a seperate mailbox.

Done and done.
 
Another vote for spectorsoft, we have let go about 5 people so far because of spectorsoft activity and our employees KNOW about it being on the PCs.

I don't know what runs through some peoples minds.

The product we use is Spector360, it has pretty good reporting features.

One guy we had, been with us for over 2 years, was visiting a risque online dating site. He attempted to deny it when confronted, till we showed him the activity report and then a screenshot of him entering his credit card information. Case closed.
 
RiDDLeRThC said:
Another vote for spectorsoft, we have let go about 5 people so far because of spectorsoft activity and our employees KNOW about it being on the PCs.

I don't know what runs through some peoples minds.

The product we use is Spector360, it has pretty good reporting features.

One guy we had, been with us for over 2 years, was visiting a risque online dating site. He attempted to deny it when confronted, till we showed him the activity report and then a screenshot of him entering his credit card information. Case closed.
Click to expand...

hahah....sucker
 
Most email and IM stuff these days runs over SSL. I recall seeing some screen video capture software previously that would essentially get around that but I can't recall the name
 
Lightworker said:
Most email and IM stuff these days runs over SSL. I recall seeing some screen video capture software previously that would essentially get around that but I can't recall the name
Click to expand...

proxy servers can get around that since you control the end desktops simply add an SSL cert for the proxy into the root trust, and proxy everything.
 
I've used Specter Pro on salespeople in the past. Pretty easy to install/setup and it does a hell of a job getting the info you need.
 
You must log in or register to reply here.
Back
Top