Hi Todd, sorry I don't really have an answer for you - never having had such a serious breach (knocks on wood). I'm going to share my experiences with users, and the wonderful things they bring into my network, which is usually bad enough. I'm personally not going to look through a ?00MB folder of pictures that someone dumped on the file server if it obviously contains porn / mp3s of the latest pop band - I've told management this and they have agreed. I typically just disable the account, save the logs and have the user deal with their supervisor. The urge to rm -fr /~user must be overcome. Yes, it might be harsh, but I have other things to do besides monitoring user's internet activities. It also helps security when someone almost gets fired for not locking their workstation / writing their password on a yellow post it under their keyboard. Also dated and written instructions from the offender's manager to rm -fr /~user is a pretty good way to cover yourself - if not the company - it is sometimes comforting to know that some things are "above your pay scale." Now. If you can get management to let you implement this, it is great for keeping the amount of porn / mp3s in the workplace down. Driftnet - basically it sniffs network packets looking for images and mpeg audio in tcp streams and displays / plays them. As the programmer says, "driftnet is an invasion of privacy of a fairly blatant sort." Unfortunately it seems the project has died, I believe the last update does compile w/o problems though. Having it publicly viewable was quite a deterrent. Of course, it is a useful tool if only visible to certain people too. http://www.ex-parrot.com/~chris/driftnet/ As for the "most offensive stuff" - for stuff like kiddie porn, I'd report it to management and then the authorities and CYA every step of the way. Anyways, your question got me thinking. I'm looking into selling some space for offsite backup on my home raid array (I have an older 30Gb array, so small amounts of data - and am thinking of insisting that everything uploaded to the array be encrypted or be subject to immediate deletion - and the keys NOT be given to me. Run this at home, perhaps it will pay for a bump in speed for the DSL. I know plenty of people who only need to backup a small (50-100MB) amount - everything from family photos to term papers to password lists to programs in development and patient records for a small medical office. Mainly I could establish with the consumer that I do not want to see their data - establish trust. I'm not sure if that would sidestep the legal issue - and I'm not sure what the response of the law enforcement community would be. Any thoughts? Thanks KTK -----Original Message----- From: owner-crime@private [mailto:owner-crime@private]On Behalf Of Todd Ellner Sent: Friday, August 08, 2003 11:34 AM To: crime@private Subject: CRIME What do you do with bad stuff? I realize that the lawyers on the list aren't my lawyers. And police officers aren't attorneys. But I have a practical question which maybe some of you have come up against. What do you do when Bad Things(tm) get put on your computer by someone else - warez, vile illegal images, someone else's trade secrets, the sort of stuff that you can get in trouble just for having? Do you erase it and get on with your life, call the authorities and let them deal with it or something else? The question came up when I looked at an old webserver and found that it was full of MP3s. Someone else had come in and put them in an unused corner of the disk. At least I'm pretty sure it was someone else. Nobody in our company has that poor taste in music. But suppose it had been something much worse. The best advice, of course, is "Ask a lawyer". And I will certainly get around to that but would like to take advantage of the specialized experience of this group first. Thanks in advance, Todd
This archive was generated by hypermail 2b30 : Sat Aug 09 2003 - 00:56:07 PDT