Computing
Employer Spying
Submitted by warebehr, 01-03-2018, 06:50 PM, Thread ID: 77793
Thread Closed
RE: Employer Spying
This is interesting it sounds more like a targeted attack may have led to the corporate network getting compromised but it doesn't quite make sense..
Exploiting IOT is a big commodity right now by taking them over and using them to perform the DDOS attacks and if you did not recently update your home router it would have been an easy target and once compromised it could have been used to gather login information on anything on your home network that was not using a secure connection and use your device to initiate the DDOS attacks on someone else.
Your co-worker connecting to your computer for DHCP would mean you are actively exploiting your co-workers computers via a rougue DHCP server running on your computer are you sure it wasn't a broadcast request and was specific to your computer?
There are bios rootkits out there but since it did not work right after wiping the system and did work before it sounds more likely to be a software problem than a hardware problem and it could have been paranoia although any forensics data you could have used to prove your case is now also gone.
Employers would not be able to give you an OTA update even with MDM installed OTA is done via the carrier, although a fakefemtocell towercould which would require knowing what kind of phone and carrier you were using and resources (good amount of money or time) to develop the targeted OTA attack but there are other factors as well, if you had the app installed on android and do a reset then log into your gmail account you can select to have your previous apps reinstalled explaining how logmein got back on the phone.
From the data available I would say unfortunately you may have been the one that allowed the corporate network to become compromised or your wife may have installed software on your devices to see if you were cheating on her (most people would not admit to monitoring their spouse even if confronted but it is a common practice).
If your employer was responsible they would require highly specialized technical training and spend an enormous amount of time and to be honest most employers would not spend the time to go through the trouble and dont care what you do on your own time as they have too much work to get done and just want to spend their off time not thinking about work.
I would try looking at it from your boss's point of view, lust imagine if you were the boss and then someone starts spending time at work investigating an issue outside of their job description instead of doing their work and started talking about a privacy breach lawsuit what would you do?
I wouldn't mind helping investigate the root cause if you want to continue investigating but I would need more information:
Do you have the packets available for analysis removing your pictures and personal data first of course?
You mentioned DNS redirection does your company use a VPN you could have been accidentally connected at the time you checked and how did you determine your DNS was getting redirected?
Did you join your home computer to the domain?
What kind of webservers were running on you and your wifes devices and what method or methods did it use to hide itself?
Exploiting IOT is a big commodity right now by taking them over and using them to perform the DDOS attacks and if you did not recently update your home router it would have been an easy target and once compromised it could have been used to gather login information on anything on your home network that was not using a secure connection and use your device to initiate the DDOS attacks on someone else.
Your co-worker connecting to your computer for DHCP would mean you are actively exploiting your co-workers computers via a rougue DHCP server running on your computer are you sure it wasn't a broadcast request and was specific to your computer?
There are bios rootkits out there but since it did not work right after wiping the system and did work before it sounds more likely to be a software problem than a hardware problem and it could have been paranoia although any forensics data you could have used to prove your case is now also gone.
Employers would not be able to give you an OTA update even with MDM installed OTA is done via the carrier, although a fakefemtocell towercould which would require knowing what kind of phone and carrier you were using and resources (good amount of money or time) to develop the targeted OTA attack but there are other factors as well, if you had the app installed on android and do a reset then log into your gmail account you can select to have your previous apps reinstalled explaining how logmein got back on the phone.
From the data available I would say unfortunately you may have been the one that allowed the corporate network to become compromised or your wife may have installed software on your devices to see if you were cheating on her (most people would not admit to monitoring their spouse even if confronted but it is a common practice).
If your employer was responsible they would require highly specialized technical training and spend an enormous amount of time and to be honest most employers would not spend the time to go through the trouble and dont care what you do on your own time as they have too much work to get done and just want to spend their off time not thinking about work.
I would try looking at it from your boss's point of view, lust imagine if you were the boss and then someone starts spending time at work investigating an issue outside of their job description instead of doing their work and started talking about a privacy breach lawsuit what would you do?
I wouldn't mind helping investigate the root cause if you want to continue investigating but I would need more information:
Do you have the packets available for analysis removing your pictures and personal data first of course?
You mentioned DNS redirection does your company use a VPN you could have been accidentally connected at the time you checked and how did you determine your DNS was getting redirected?
Did you join your home computer to the domain?
What kind of webservers were running on you and your wifes devices and what method or methods did it use to hide itself?
Users browsing this thread: 6 Guest(s)