Employer Spying

Hello All,


I've come to hear your thoughts on workplace spying - AKA - corporate espionage. I need advice, before I proceed with my current plans of going to the FBI.

Recently I became a victim of this, and it was purely my knowledge as a hobby programmer and former unethical hacker that lead me to the discovery of a company MDM tool being deployed to my personal devices, and eventually to every device in my home.

I have lost a laptop, 2 phones, and a modem/router combo to the tool that was deployed by my(now former) employer.


It all began January 15th,

When I logged into my xbox account to check on my recent purchase history, which led me to my recent activities page. I noticed a login around an hour before I would get to work, from Internet Explorer. Immediately I knew it had to be my boss. The company employs 7 people in total (when I was there), and the only person who goes to work an hour early, would be my boss.

I did not say anything, just began my own investigation into the matter. There was never any work-related activities involving my xbox account. The only possible way my boss could have gotten my login details, would be the use of a password recovery tool that could extract Chrome saved passwords. I made the mistake of using my personal email to log into Chrome - it has all my industry bookmarks.

At that point, having had a great relationship with my boss, I didn't think anything of it. I started to notice strange things happen when my work email password was changed. My secondary role in the office was Network Manager, so it would seem odd for my email to get changed, when I am the one who would make the email accounts.

Immediately I scoured the computer for a virus. I found tons of new processes and services running in the background, and informed my boss I thought I had a virus. One process would be one called "LogMeIn". I had noticed that morning my phone received an OTA update. I didn't think anything of it.

Like an Idiot, I plugged my phone into the computer to charge that day. When I got home, I plugged my phone into my home computer to charge. Then I noticed this same LogMeIn process running on my home computer!

Immediately, I checked my phone. I found a bunch of odd/new/fake Android System processes running. I checked my wife's phone, same thing! These processes included "Work Profile Management", and they did NOT normally run on our phones.

Immediately I factory reset both phones and the home laptop. When I booted up the laptop, it had a new bios password set, with the bootloader locked to make it where USB and CD would not boot, and the entire hard drive was wiped. The phones would work, however 5-10 minutes after factory reset, they would start running those rogue processes.

At this point, I was sure I had a virus pretending to be a corporate monitoring software, as I asked my boss if he had out IT management company install anything on my computer, or knows of anything being done to my computer, and he said "No, and I wouldn't even know how to go about that." ODD. Because my boss is the smartest person I ever met in my life, and I've been to every inhabited continent but Africa. (Navy)

This is when I began logging events at work and at home.

Here is a quick breakdown of the sequence of events:

-Noticed boss logged into my personal account
-Began investigating
-Informed boss of possible virus on work network
-Boss instructed me to investigate network
-Found "LogMeIn" on work computer
-Used work computer to charge phone
-Received OTA update
-Used home computer to charge phone
-home computer now bricked (HP says $417 to replace motherboard. Bios codes are encrypted and only HP can decode)
-both mine and my wife's phones were using a lot more battery and location could not be disabled
-started logging packets on mine and wife's phone using PacketCapture app
-noticed packets containing any and all data on my phone being sent to amazon web servers, including dirty pictures of me and wife
-Noticed DNS redirection forcing my home traffic to go through my work's domain controller server
-Installed ESET security on work computer, and set firewall to ask me on all traffic
-Noticed coworker laptop attempting to connect to my work computer via DHCP, denied this, then coworker's Iphone attempted the same thing. coworker was out of state at this time
-Noticed hidden web servers being ran on work computer, and both mine and wife's phones
-Asked coworker why his laptop and computer might be connecting to me from out of state...
-Coworker lies and says he knows nothing about it
-Informed boss that coworker is connecting to my work computer from out of state & about the login to my personal account an hour before i would arrive at work
-Got fired 3 hours after informing boss of privacy breach, and was handed a check for 5 weeks of my salary.


Obviously I was fired because I made it seem like I was investigating a privacy breach, with the company as the violator. Everything up to this point has been denied by them. Packets don't lie, and I've logged over 5GB of traffic from my home network to my former work network, since I've been fired. Not only that, I had to buy a new phone because mine and my wife's phones are now mysteriously bricked just like my HP computer.

After buying a new phone and computer, they were instantly infected upon connecting to wifi. I have now began using BlackArchLinux to log my packets, as any new windows installation keeps being added to a workgroup which their tool has access to. I bought a new router and things have been fine, until I noticed a DOS attack on my new router, and my DNS servers being modified.

This made me believe perhaps I was wrong about the company doing it, until I logged into the webserver in which I set up their website, which routes their email to their email server. I changed the MX record to keep the mail local, and that is when I found the truth. After they fired me, they hired a guy named Chris to "remove any possibility of liability for the accidental privacy breach".

Turns out they didn't know how to set up their MDM tool.

Thoughts?