Fired for porn surfing
I was approached by a lawyer whose client was an employee fired for porn surfing. The company threw some logs at the employee as a proof of his wrongdoing. However, the employee rejected these claims as erroneous and sued the company to get his job back.
I was asked to double check what those logs really showed. Just to play safe, I decided to conduct my "research" from my home network instead of my employer's network. What I learned was somehow baffling, as most of the logs appeared incomplete showing only one small gif or jpeg per site with almost no html pages visited. While some of the images had some sex contents most didn't. Still, the names of the servers talked by themselves about the contents of those sites. Multiple visits to the same gifs suggests no caching on the browser, or ..., multiple clients. It reminds me the Migmaf trojan but that was way back in 2003.
Unless I get access to the employee's computer I cannot make a better judgement now. At any rate, be warned, your browsing activity could be monitored. Your computer could cause you to be fired, even if you are not doing anything wrong. So, I believe you should keep an eye on what your computer can be doing without you knowing it. It is time to completely revoke the idea that "I do not care, I do not have any important data in my computer". Sometimes the bad guys are not for your data but they just want to use your computer as a way to hide their activities. In this case, the porn surfing could well have been caused by a third party, either other employees or some sort of worm trying to cash in by visiting some paid links with the right http Referer tag.
I was asked to double check what those logs really showed. Just to play safe, I decided to conduct my "research" from my home network instead of my employer's network. What I learned was somehow baffling, as most of the logs appeared incomplete showing only one small gif or jpeg per site with almost no html pages visited. While some of the images had some sex contents most didn't. Still, the names of the servers talked by themselves about the contents of those sites. Multiple visits to the same gifs suggests no caching on the browser, or ..., multiple clients. It reminds me the Migmaf trojan but that was way back in 2003.
Unless I get access to the employee's computer I cannot make a better judgement now. At any rate, be warned, your browsing activity could be monitored. Your computer could cause you to be fired, even if you are not doing anything wrong. So, I believe you should keep an eye on what your computer can be doing without you knowing it. It is time to completely revoke the idea that "I do not care, I do not have any important data in my computer". Sometimes the bad guys are not for your data but they just want to use your computer as a way to hide their activities. In this case, the porn surfing could well have been caused by a third party, either other employees or some sort of worm trying to cash in by visiting some paid links with the right http Referer tag.
Comments
Good strategy, but I seen you can have trouble with your wife, rigth?
A good investigation. I's sure that is no paranoid situation wonder myself if there is someone using my computer at work making something illegal.
Thank you for the advice!!