My boss is spying on me

Question

My boss is spying on me. I'm running ubuntu 17.04, the firewall is up, ssh is off, x11 has notcp set. I'm not an expert, but I can't find how he gets into my computer. Either he has a RAT (he installed the pc) or he is using an exploit. What can I do to gather evidence and after that lock him out of my pc.

I already tried to talked to him, but he denies everything. The thing is, I saw the tool he used. Spying on employees is illegal in my jurisdiction. I'm ready to post configs, logs, the works.

Can you send logs, etc, more details. Also, could you direct us any evidences of this happening? — Shritam Bhowmick, Jun 21 '17 at 18:35
If this is genuine report him to the authorities. If it's a genuine break of the law then your duty is to report it — ISMSDEV, Jun 21 '17 at 18:39
Could have been anything, I saw what I had on my screen, so that's that. Which logs specifically should I post? My thinking is, that he uses AMT... — mike, Jun 21 '17 at 18:39
Stop talking about it with him. Start capturing packets and looking for evidence of his activity. The proof is always in the packets. — Ivan, Jun 21 '17 at 18:43
How did he manage to install a spyware program in your own PC without letting you know? — defalt, Jun 21 '17 at 19:41

score 3 · Answer 1 · answered Jun 21 '17 at 18:58

Suppose you do collect some evidence. What are you hoping to accomplish? You really want to keep working for someone who installed spyware on your computer and lied about it? Do you truly think this relationship will flourish as a result? And you think this will stop once you "lock him out"?

Your first step needs to be contacting an attorney trained in employment law. At the very least, you might have some damages owed to you. From him you will learn what burden of proof you need to bear in order to pursue a legal case if you can't shake your boss down for money.

Evidence collection is hairy. Attempts to collect your own may not be admissible in court or your methods discredited, as you are not trained in evidence collection. Furthermore you could open yourself up to being sued yourself-- depending on the contents, attempts to upload pcaps or logs offsite can yield claims of intellectual property theft against you.

So you really need to consult a local attorney who can guide you through what is less a technical issue and more a legal one.

0xSheepdog · Answer 2 · 2017-06-21T19:03:37.177

0

So there is a serious ethical dilemma here that you need to consider.

If this perceived activity is illegal in your jurisdiction, then you should report it to the authorities -- starting with HR or someone at a high enough level within the company. This can be bad for you professionally, so you should be completely certain your are correct that he is spying on you without cause before you do anything. I am not a lawyer and this IS NOT LEGAL ADVICE; if any if this is unclear you should stop discussing it on the Internet and seek qualified legal counsel in your jurisdiction.

Is it your job to investigate his possible breach of company policy and criminal law? If not, anything you do could be construed as unlawful use of a computer (criminal activity in many places). That may not be precisely true, but if it goes to court in front of a jury that is how they may see it and you could be hung out to dry.

If you do not already have the technical acumen to KNOW how to determine if you are being monitored, then asking on the Internet for help figuring out how is very likely to end up getting you into (more?) trouble.

edited Jun 21 '17 at 19:03

answered Jun 21 '17 at 18:58

0xSheepdog

765
5
13

You're giving legal advice ("go to HR/the authorities") before you disclaim responsibility. HR is not there to protect you, it's there to protect the company *from* you. Many a sexual harassment allegation filed with HR has backfired on the complainant. Step #1 needs to be retaining independent council (who *can* give them legal advice, and may very well advise them to go to HR, but at least it will be an informed decision with awareness of the legal consequences). – Ivan Jun 21 '17 at 19:16
1

@Johnny "got to HR/authorities" is not legal advice .... and HR is there to protect the company from the boss, too. – schroeder Jun 21 '17 at 19:21
@Johnny Maybe you didn't read the line that says "this is not legal advice"? You can mince words all you want, but there are basically three reasonable options: 1- do nothing, 2- go to HR/company/law-enforcement, 3- get external attorney. The OP can prioritize however they want. – 0xSheepdog Jun 21 '17 at 19:37
@schroeder It is most definitely legal advice in that making any kind of statement to HR or the police becomes something discoverable in court, the specifics of which can later be used against you. – Ivan Jun 21 '17 at 19:40
1

@Johnny "Legal advice is the giving of a professional or formal opinion regarding the substance or procedure of the law in relation to a particular factual situation." There's a difference between 'legal advice' and 'advice that could impact a potentially legal situation'. What this is not *not* legal advice. – schroeder Jun 22 '17 at 06:39

score 0 · Answer 3 · answered Jun 21 '17 at 19:09

0

You can check for open or active AMT ports with nmap and tcpdump. https://software.intel.com/en-us/documentation/amt-reference/manageability-ports

You can check for running keylogger software (but not if they were compiled into the kernel).

Save traces. Your goal is to gather evidence to prove beyond doubt (to HR or to the proper authorities) that spying is happening.

answered Jun 21 '17 at 19:09

brirus

176
2

Anybody know, what `/usr/lib/xorg/Xorg -core :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch` does, exactly? – mike Aug 01 '17 at 11:02

My boss is spying on me

3 Answers3