Share Tweet Share





If you are involved with computer systems and are responsible for maintaining them then it is quite possible you will see some things which are, er, graphically and emotionally not nice. One such incident gave me very disturbing dreams for a while. However, I am not going to dwell on that. What I am going to ramble on about is a true story (with the obligatory names, dates and places changed to protect the innocent and my rear end) about a battle to uncover and take down a real-life industrial espionage situation. You might think that something like this would be a James Bond type of affair with laser-wielding sharks, golden guns and beautiful women just vying for your attention. Then I wake up and brush the Doritos crumbs off my front then get back to scrolling through the logs. That is what it was all about, the logs.

At one time I was a System Administrator and was responsible for maintaining the company I worked for at that time. As part of my regime, I would regularly go through the internet traffic logs to make sure that everything was on the up and up and nothing nasty was happening. In the years I worked there I found many people doing and accessing nasty things on the internet, some involving children, which really lowers my expectations of humanity. Anyhoo this particular day a particular email address caught my eye.

First a bit of backstory. I had been with this company for many years, in those years I had seen many managers come and go. Something to do with the particular company culture, unfortunately. This time my current manager had come from a competing firm. I guess you could say they were headhunted as they were not a manager at their previous firm. Unbeknownst to me at the time this particular manager had a reputation for really having a good knowledge of what everyone in the industry was doing. To me, he was just another in a long line of managers who didn’t seem to be doing much at all.

Back to that fateful day as I was scrolling through the logs. I had noticed that this particular email address which caught my eye was directed to the competing company. Furthermore, this email address was not part of an email but was being used as a login to access the competing companies email system, remotely, from our networks. Naturally, this woke me up faster than a double espresso with a RedBull chaser. So I started to investigate. Who was it that was logging into the competitor’s system and why?

I found out that the login address used was actually the managing director’s email address and it was his password that was being used. I was shocked. Somebody from our company was logging into the competing companies managing directors account and reading all the emails there. Naturally, I had my suspicions but I had to have proof. So I traced the logs back to this particular managers computer and sure enough, it was from their computer which was doing the logins. So I pulled the history from that computer and found out that this had been going on for a while.

Now that I had found this out I went to the general manager of the company and informed them of what the manager was doing. They were naturally shocked and that is when I learned that this person had knowledge about things that they shouldn’t have had. I was told to keep monitoring this person and record everything they did and the general manager would have a chat with this person.

So I started actively monitoring this company spy and sure enough, I noticed that their activity changed. The general manager had obviously had a chat with them. However, the activity didn’t stop. The spy (who didn’t love me) changed from a clear text login over the normal internet to going through a Tor browser to hide their activity. I guess they were addicted. Of course, as I was actively monitoring their actions directly from their computer, I could still see the logins although after that the activity was then encrypted. This proved to me that they actively tried to hide their actions and were aware that they were being watched. This didn’t bother me and I kept the logs and kept the general manager informed of what was happening. It turns out that the general manager was also friends with the managing director at the competing company so they were also informed of what was happening. Anyhoo, this kept on for a few days and then one day I got a phone call.

It was the general manager and they told me to lock the spy out of the system straight away. I have to say that it was with a certain amount of glee that I did so. After all, this spy was defiling my computer network and pretty much flouting their disregard for the company and its rules. I can still remember the look of puzzlement on their face (we were in the same room as this spy happened to be my manager) for a couple of seconds. That didn’t last long as immediately a group of police burst into the room and took them away, in cuffs.

After that I didn’t hear anything for a long time then news trickled down through the grapevine that there was a court case and this person lost. As they should have. I don’t know if they went to gaol or not, however, I at least got some satisfaction that I managed to nab a spy doing real-life industrial espionage. All I got from it though was thanks, meh.

The moral of this story I think should be this. It doesn’t matter who’s computer system you are on, if the System Administrator is doing their job properly they will know exactly what you are doing on their computers and they will catch you if you are not doing the right thing. Have any of you had a similar experience? Tell us your thoughts in the comments below.