Some employee’s will use the network resources for their own purposes, regardless of how inappropriate they are.
The problem
A financial services client came to us with a problem. One of our their security team was visiting a bulletin board site on the internet and found a hacker claiming to be using the company’s computer systems to download and store software, media files and other materials he had stolen. This individual (called a “Warez Dude” in hacker parlance) used an alias, but from the context of the e-mail appeared to be an employee or contractor working for the company.
The solution
We quickly traced the individual by using “web-beacon”. We sent an specially configured e-mail message to the individual’s anonymous e-mail account. When the e-mail was opened it broadcast the hacker’s current internet address to us. We were able to track this address back to our client’s computer network, and from there to a specific individual. The person was found, as predicted, to be an IT contractor working for our client.
We made a forensic copy of the computer assigned to the individual, and another two computers to which he was known to have access. Ultimately, it was found that while he had downloaded and stored some material on our client’s systems, the amount of data he had claimed to have stolen and stored in his bulletin-board post was considerably exaggerated. He was, nevertheless, dismissed from his position. Our client also greatly increased their scrutiny of the activities of other contractors working on their computer systems.