Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

When you boss has done something very wrong... 2

Status
Not open for further replies.

Stevehewitt

IS-IT--Management
Jun 7, 2001
2,075
GB
All,

I have a dilema.

I have been at this company for 4 months, and i'm the first network admin they have employeed. (We are a web development house).

My reporting line is:


MD
|_ Head of Tech Services (operations!)
|
|_ Technical Project Manager
|
|_ Me (network admin)

Before my time, the company has a AUP policy in place which states the usual - including no porn.

However, today I had to go onto my managers machine as he is the only one in the company with one of our client FTP website details. We had emergency work to do today and he is on holiday.
To get the details I used a cracking tool which dumps all passwords in IE along with some other bit's and pieces.

From this I can see a number of pornographic websites that he has been too. His PC has a rather a lot of spyware, and I believe has (or did have) P2P on it as well. I have also removed a couple of porn dialler from this machine recently too.

What am I to do? Tell my boss? Tell his boss? Stay quiet?

I've been in this situation before, but I have been reporting to the IT director or MD - and it was another employee being naughty. I simply informed HR and that was that.

We are too small a company (25 people) to have a decicated HR dept - and as it's my manager I am rather stuck.

Steve.

"They have the internet on computers now!" - Homer Simpson
 
I ran into something similar where I'm at now. However, we don't have any policies in place and the person in question was the owner.

Needless to say, I did nothing.

I know that doesn't help your situation. With that small of an office I would take some time to do some heavy duty thinking.

Another thought I always have when I encounter stuff like this is what else is he/her doing that may be illegal/immoral or against company policy.

Not much help, sorry.

BJ
 
If you have to keep notes of what you do, could the completed "work order" speak for you when placed in the Head of Tech Services inbox?

1. Used CAIN to dump all passwords
2. Removed following spyware: .....
3. Removed porn dialer
4. Did work I originally went there for....

[sup]Beware of false knowledge; it is more dangerous than ignorance.[/sup][sup] ~George Bernard Shaw[/sup]
Consultant Developer/Analyst Oracle, Forms, Reports & PL/SQL (Windows)
My website: Emu Products Plus
 
I would go up the chain of command a little bit to someone that can make company wide decisions. Don't call names or make accusations, simply tell them that you have a serious concern about spyware/adware/P2P/and other little nasties causing security problems with your network. Then suggest that they allow you to install a proxy/monitoring system to help protect the network. This will 1)stop access to these sites; and 2) produce reports of sites trying to be accessed.

Since your boss is out of the office, this would be the perfect time to do it because you won't be going over his head or trying to get him into trouble, you'll be addressing an urgent network issue. Since he's gone, the next logical step would be to seek permission from his boss.

By the way, I'm speaking from experience on this. At my last job, we had a real problem with a senior VP accessing porn at work. We installed a proxy and forced everyone through it. Then, at an executive management meeting, we gave several reports of the sites that people had been trying to access (although we kept everything anonymous and didn't say WHO had tried to access them). The particular VP causing the problem was the first to be "shocked" at this behavior from employees and was the most vocal and supportive in making sure we stopped it!

My point is, this can be handled politically and without embarrassment...if you want to. Of course, there is the ethics issue of him doing this in the first place...but then there's the ethics issue of you hacking into his computer and finding it...but then again it is company property...ok, now I have a headache...




Hope This Helps!

ECAR
ECAR Technologies

"My work is a game, a very serious game." - M.C. Escher
 
Complicates things somewhat in that I already suggest putting a filter onto our FortiGate firewall we have for Web Filtering. He was dead against it - mentioned this about two weeks ago and the dedcision was no.

Also, the Head of Tech services is a top developer - but nothing about IT in general. Mainly in terms of the harm the crap on this machine can do to it and the network as a whole...

Thanks for the advice guys - any more appreciated.

Ta,




Steve.

"They have the internet on computers now!" - Homer Simpson
 

You might be also interested to look at thread717-755894, where a similar question was already discussed and got a lot of interesting answers.
 

OK, I didn't realize that the 2.5-year-old thread was also yours. So this a different job - you are here only for 4 months - but problems are the same. Does it tell you anything at all?

Can you handle it the way you did the previous time?
Can you just relax and let it be, especially in a company of 25 people? Do you even have an authority to enforce that policy over your boss? Does it bother you so much, or will you get punished for reporting him? Maybe you should just leave it alone and do your job?
 
I still haven't seen anything to indicate if going to porn sites is against your company's policy. And while you're checking the policies, you might want to see if using programs to hack into other people's accounts (particularly those in your chain of command) is covered. Depending on the results of these checks, you may or may not really have a problem.

On the other hand, you might want to mention to your boss that you found an unusually high amount of spyware on his machine and, while you don't know how it got there (possibly some web sites he happened into, but it's hard to say without checking - "shall we take a quick look while I'm here?"), you think that maybe (1) he should be more selective about which web sites he goes to and (2) it would be a good idea to install an anti-spyware program on his machine in order to reduce his - and the company's - exposure to external threats.
 
normally I would say go to HR, but you have no hr. so i would just tell my boss. if you can't be honest to your boss then find another job.

hmmmm
 
Hi,

I believe it's within the remit of network security ti ensure tha the AUP is followed as well as the spyware and crap he is infecting on the machine that belongs to the company.

I'll go with the view of cleaning the crap (recording it though) and mentioning to him the stuff leaving his machine is probably spyware but I'll keep an eye on it...!

Cheers for the advice,




Steve.

"They have the internet on computers now!" - Homer Simpson
 
Bear in mind that if a computer if full of spyware, could not many of the websites he 'accesses' be down to popups and such?


Carlsberg don't run I.T departments, but if they did they'd probably be more fun.
 
Althogh it may be you job to ensure the security of the network and that the AUP is followed. cracking into a superiors machine can have consequences. When doing this I would advise extreme CYA. Make it known to the person making the request on what it is you have to do, and that it is documented your were told to do it.Management and Supervisors have numerous documents on their machines not intended to be seen by staff. Whats to stop your manager from saying you were accessing documents on his machine not intended for staff?

I'm not saying you did the wrong thing but these are the situations you need to cover your bases when in.

Shoot Me! Shoot Me NOW!!!
- Daffy Duck
 
Thanks all.

I had to use a cracking tool for line of business. We required details of a FTP password to assist a client which my manager failed to leave for us whilst he was on holiday. The action was authorised.

The sites in question were not logon porn sites or adverts - it was the content of the IE autocomplete cache. It revels passwords, usernames and URLs. Hence why I don't think it could have been spyware. (For a start they nearly all use a password that is personal a specifc to him!)

Thanks again,




Steve.

"They have the internet on computers now!" - Homer Simpson
 
Send out a companywide email that says something about pornographic material being found on an employee computer (or something of that sort) and state the dangers (spyware and crap) that it causes.

Something along that sort will shock the user enough to stop the behavior without singling this person out. The higher-ups can then come to you for names if they want to take it further.

Just an idea...

----------

Steve Budzynski


"So, pass another round around for the kids. Who have nothing left to lose and for those souls old and sold out by the soles of my shoes"
 
Oh I didn't see that it was one of your managers...

----------

Steve Budzynski


"So, pass another round around for the kids. Who have nothing left to lose and for those souls old and sold out by the soles of my shoes"
 
... there's also the consideration of exactly how evil the porn in question was. If it was illegal, you should of course go to the police. If it was deeply disturbing to you, there may be personnel issues worth pursuing. If it was the sort of stuff that could have been obtained in paper copies from the top shelf of a nearby service station, and you work in a private company, it may be hard to do much about it, except follow sbudzynski's excellent suggestion of trying to warn everyone of the openness of office machines, and shame the particular miscreant into keeping their private life out of the workplace.
 
Have you considered the blackmail opportunities...? :)

Only joking. ;)

Ed Metcalfe.

Please do not feed the trolls.....
 
[shadeshappy]
BlackMail said:
I thought I would help you out this time because it sure would be a shame for you to lose your job over something like this. By the way, you know my review is coming up in a couple of weeks, I sure do hope I get a larger raise than last year! Just out of curiosity, what would your wife do if she found out you were looking at porn all day at work?
[shadeshappy]


Hope This Helps!

ECAR
ECAR Technologies

"My work is a game, a very serious game." - M.C. Escher
 
I thought perhaps:

"My consience wouldn't allow me to say nothing at all about what is on your PC. However I thought it only fair to allow you the opportunity to resign before going to your manager with the evidence. By the way, perhaps you could recommend me as your replacement as a thank you."

:)

Ed Metcalfe.

Please do not feed the trolls.....
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top