digg

Join DiggAbout

Donkeys and Elephants and Delegates,oh my!
Check out the most popular Elections 2008 content on Digg.

See the original image at pcworld.com

Nearly Half of IT Workers Snoop in Confidential Files

pcworld.com — Nearly half of IT workers have admitted to snooping around networks to look at confidential information, according to research from software firm Cyber-Ark. "When it comes down to it, IT has essentially enabled snooping to happen. It's easy -- all you need is access to the right passwords or privileged accounts and you're privy to everything that'

Bury
show profanity settings
expand all
  • sterntastic223, on 06/21/2008, -2/+91CoughIdothisallthetimeCough
    • golfguy6, on 06/22/2008, -9/+2Do you live in your mothers basement?
  • sexMeUp, on 06/22/2008, -15/+9I am Jaguar Paw, and this is my forest
  • notBrit, on 06/22/2008, -0/+103And the other half is lying.
    • JamesZB, on 06/22/2008, -12/+2are
    • JKAL, on 06/22/2008, -0/+11no, the other half have done more than snoop around.
    • avisotin, on 06/22/2008, -0/+7Must be a case of the Mondays!
    • desuexmachina, on 06/22/2008, -0/+11Speaking from the other half, I don't snoop in other people's files because mostly they're boring. I've got Digg to read at work, no time for reading about babies and graphs.
    • phlux, on 06/22/2008, -4/+10Thats BS.

      I have been in IT for over 15 years. I absolutely have *never* looked at files that I am not supposed to. I have, and demand of my staff, integrity.

      Any snooping in files that one is not supposed to is *unacceptable* and will result in immediate termination.

      The sad thing is that I think this Survey is BS as I know that pretty much all my IT peers, and colleagues actually have integrity. Depressing that integrity isnt a valued virtue.

      • notBrit, on 06/22/2008, -1/+8So... you have never pirated software. Never used a backdoor. Never used a cracked copy of Windows. Never shared music. Never used torrent files. Never used another person's password. Never used another person's computer without first asking permission. Never gone to a LAN party to play a game you didn't own. Never "tested" software before buying it. Never broke an encryption. And never once, ever opened a folder or a file that contained personal information.

        I call shenanigans on your "integrity."
        • phlux, on 06/22/2008, -2/+4The article was talking about snooping on files that, as an administrator, I have access to.

          I have (had, in previous positions) access to financial information for one of the largest companies in the world. Salaries of its employees, emails that were of classified nature.

          Regardless of how I may choose to obtain software in my personal life - I would never breach the trust of the position I had of authority in such a case.

        • notBrit, on 06/22/2008, -1/+7@ phlux

          Sure, the article was talking about "snooping," but you were talking about "integrity."

          I find it depressing that your definition of the word is limited to how you handle the financial and classified information of your employers and coworkers. As if the software you "obtain" in your "personal life" isn't breaching the trust of the programmer who wrote it.

          Shenanigans stands. Get off your horse.
        • ArmandoM, on 06/26/2008, -0/+1I share music, use torrents, use other people's passwords, and use their computers without asking all the time.

          Not all music is locked down by the RIAA, even though I'm sure they would like it to be that way, I get linux .isos, among other things, from torrents quite often.

          I've tested many, many shareware programs, and either bought them they were worth it, or deleted them if they weren't.

          I've broken encryption on a document when the user couldn't remember the password he encrypted it with. And then pointed out to the user that the password he used wasn't much good if I was able to break it.

          I don't see what's wrong with going to a LAN party and playing a game you don't own. If my friend owns a copy of it, and I play it on his computer at the lan party, is that suddenly against the law? Does this new rule only apply to PC's, or should I be turning myself in for handing the controller to my xbox over to my buddy the other day and letting him play my copy of GTA4?

          I use other people's passwords very often to log into their account to fix something that they've broken, and same for logging onto their computers without first asking permission.

          Actually, come to think of it, I don't have to ask permission, I have permission from the higher-ups to be on every computer in our organization if I need to, without asking for it on a computer-by-computer basis.

          Why? Because my management trusts me not to go snooping where I shouldn't be, and not to break anything. That's the same reason they give me a key that opens every door in all of our buildings. I could go snoop through file cabinets if I wanted, but I don't.

          As for using a cracked copy of windows ever... ok, you got me. I pirated Windows 95 when it came out. My integrity is shot.

          I find it depressing that your definition of "not having integrity" is defined by all these activities that are perfectly legal, not the least bit immoral, and in most cases, part of my job.
      • Technopundit, on 06/23/2008, -0/+1... and a select few are delusional.
    • ChiefUCF, on 06/22/2008, -0/+5No, they're not. I never have, and I have admin rights to the entire company. I've got better things to do.
  • Noncentz, on 06/22/2008, -1/+31... Yeah.... Ive done it, and I liked it to.....
  • optize, on 06/22/2008, -18/+12If we are going to steal stories from slashdot, we should atleast post them the same day.
  • padraic2112, on 06/22/2008, -5/+11I don't think the 1/2 figure is accurate. Maybe if you count outsourced helpdesk support like the Geek Squad. I'd like to see Cyber-Ark's source data, I think this is a misleading figure.
    • notBrit, on 06/22/2008, -3/+12Yeah, 50% is way too low.
    • themisanthrope, on 06/22/2008, -1/+9And *I* think it is too high. As an IT guy myself, ethics are in large part why I do not snoop. The other reason? Just not all that interesting.
      • JeffD, on 06/22/2008, -0/+4How do you know its not all that interesting if you've never snooped?
  • TheKillDoctor, on 06/22/2008, -1/+5 Releasing false positive spam allows us to know all your dirty secrets too.
  • carpespasm, on 06/22/2008, -1/+12Well someone has to keep wikileaks fed. Might as well be the ones who can erase the log files.
  • s6t9eve, on 06/22/2008, -0/+45I access systems i'm not meant to at work all the time, it helps break the boredom of the day.
    • maexus, on 06/22/2008, -0/+6I was going to say, what else are we supposed to do with our down time. Sometimes there just isn't anything to do.
  • plundstedt, on 06/22/2008, -3/+4Been there, seen those emails...
  • DestroyFascism, on 06/22/2008, -8/+4I have never done this, I swear!!!

    I loved it when by boss told me to take the admin account from my email system (Thunderbird) even though that is the server default. As If I can't read it anyway....

    Bosses who know nothing of IT are a good thing most of the time, then sometimes not!


  • Marines920, on 06/22/2008, -2/+13I wonder what IT companies were sampled in this study.... I work in IT for a major bank and our security controls are tighter than a duck's ass (don't ask - I don't know what a duck's ass is like). These companies really gotta monitor who they're giving access to...
    • ThantiK, on 06/22/2008, -2/+3So how tight IS a ducks ass, anyhow?
      • Technopundit, on 06/23/2008, -0/+3Not as tight as it's quacked up to be.
  • jcasaurus, on 06/22/2008, -11/+4I do this ***** all the time.
    • li0n, on 06/22/2008, -1/+3good for you douche, you still need to post something funny to go up.
  • jcaino, on 06/22/2008, -0/+20Sometimes it -is- part of the job. I've had to check mail files for header information, look at proprietary code, examine database queries all in effort to assist the customer. However, being a professional, I really don't care about what the actual content is, I just want to get the issue solved. Besides, I -like- where I work and plan on having an enduring tenure there.
  • t4m5t3r, on 06/22/2008, -1/+13and what, i am in IT guy,i have had a "look" around before one some systems, however if i did anything with that info , it wouldnt be hard to trace it back to me! (in fact in a corporate network enviroment it would take only a fews mins to see who accessed what and when, on an end users PC, it wont be hard for them to know who that last person to deal with their computer was, so i dont realy see the point of this?

    exactly what would people be that worried about other people finding? (as i said you can do much with the info anyway, unless you illegaly broke into somewhere and theres no way of knowing who was there)

    i think this is just a scare story so that managers panic incase some IT guy found their collection of porn! lol
  • LMControl, on 06/22/2008, -1/+28And in related news, the sun will rise tomorrow and swimming in the ocean has been found to get a person wet.
  • MattBD, on 06/22/2008, -1/+2I imagine if you work in a big company and you've got root on the company's servers, it's probably far too tempting to go and look at people's emails.
  • wush, on 06/22/2008, -0/+48salaries.xls
    • BenBenMan, on 06/22/2008, -2/+9SELECT surname, firstname, salary FROM employee ?
      • Densetsu, on 06/22/2008, -1/+15Start -> Microsoft Office -> Excel -> Open File

        Remember, we're talking management and/or HR here. How the hell are those knobs gonna know SQL?
    • Gutterpunk, on 06/22/2008, -0/+2When I used to work as a CSR, I received an email asking me if I wanted to set up a password for my MS Access query, because they feared unauthorized access (the database had all the sales statistic, stock at different stores, etc). I replied that I'd like a password, but seeing as how I was a lowly CSR who was just running queries for fun between calls, and that I was probably the cause of the new password procedure, it might be awkward.

      I never got in trouble for it... (the system was wide open after all) but they blocked my access about 2 seconds after that email...
  • dark1587, on 06/22/2008, -2/+12Yeah... I saw this story on slashdot the other day, and I'm not sure how '1 in 3' measures to 'nearly half'. I think they have a fraction for '1 in 3'; maybe it should be call 'one third'?

    Here's the same story from MSNBC: http://www.msnbc.msn.com/id/25263009/
    • notBrit, on 06/22/2008, -7/+6We're all really impressed that you saw this before us on another site. We're also really impressed that you can do basic math. It's awesome. Thank you.
    • brbubba, on 06/22/2008, -0/+4It's called American's don't understand statistics anyway so what the hell do they care. Stop watching US news and wake up America.
  • mrzack, on 06/22/2008, -8/+3If they snoop inside the NeoCon files, do they also find out the truth about 9/11 being an Inside Job???
    • daza, on 06/22/2008, -3/+2If I bury you, will you go away?
      • ufia, on 06/22/2008, -2/+4You can't blame him. I think he pours windshield washer fluid into his breakfast cereals every mornings. That really mess with the brain cells.
        • mrzack, on 06/22/2008, -2/+2No. I don't drink the fluoridated poisonous water. I don't take the toxic poisonous vaccines that gives you future disease, I don't take the pharmaceutical synthetic toxins that destroy the liver, and NO, I don't watch Television that brainwashes the majority of the American sheeple.
  • knumbknuts, on 06/22/2008, -0/+24In other news, over half of IT workers lie on surveys.
  • jtizzle, on 06/22/2008, -4/+2Don't worry. It's all just 1s and 0s to me.
  • jcwuerfl, on 06/22/2008, -1/+3Strange thing to Digg, everybody does it because we are looking for illegal stuff on our networks duh.. and if you don't you should because you'll be surprised what some of these end users do.
    • sfcaptainrob, on 06/22/2008, -0/+2Exactly. Besides, the stuff that I see that's technically not for my eyes, I would never repeat.
  • kevintmckay, on 06/22/2008, -2/+2and 80% of the other half do it but just don't admit it lol
  • xavier2010, on 06/22/2008, -6/+8Let me ask you this, if you are the I.T. personell of a company ITS YOUR JOB TO SNOOP!
    • jvav2486, on 06/22/2008, -2/+12You didn't ask anything...
      • Ravatar, on 06/22/2008, -3/+1No idea why you're being dugg down.

        In the words of The Emperor: "Rise, my friend."
  • Slackdragon, on 06/22/2008, -1/+7Hey, it was my snoopiness and boredom at work that led me to find some moron was developing a porn site on a shared drive at work. It was so hilarious. Sitting in my cube with a full blown (no pun) porn page up on my terminal screen when I called my supervisor over.

    She freaked out! Started tell me I could get fired for having that on my computer. I said, "Really? Well, look at the URL, and tell me, who's going to get fired for having an entire SITE on the S: drive?"

    She clicked through a few more images in disbelief (or curiosity) before closing my browser and assuring me she would take care of it. The next day, all that had happened was the folders the site was being developed on were locked. I asked her what happened, and she was told "It's being handled."

    So to me that means upper management knew about it and didn't expect anyone to find it. Which would explain why they were so stingy with their server bandwidth as far as letting us Technical Service Reps use the internet to find solutions for problems.


    • theNazz, on 06/22/2008, -0/+5Just wait until you find out that she is featured on some of those pages...
      • Slackdragon, on 06/22/2008, -0/+4Oh, God, I hope not... All women are -not- created equal. Let's just say her assets were not physical. She's a very brilliant woman, but not the kind of person you would pay to see naked.
        • Mpwns, on 06/23/2008, -0/+1people pay for porn on the internet? get out! since when?
  • virginian9000, on 06/22/2008, -1/+4Of course! the I.T. people usually have access to a lot of confidential files.
  • hicrokee, on 06/22/2008, -3/+0I did it too long time before……
  • thetayloreffect, on 06/22/2008, -1/+8You learn a lot about your coworkers very quickly when you're digging around in the SPAM quarantine for false positives. It never ceases to amaze me how many people use their company email for personal business... and it amazes me even more when they have the ***** audacity to complain about personal items getting filtered by our SPAM appliance.
    • digdug2020, on 06/22/2008, -2/+1You don't know what you are talking about. I get over 100 spams a day because in my early days on the internet I was dumb enough to put my email on usenet. I can't get rid of that account, so basically I have to whitelist the individuals who still email me there, and everything else goes to a spam folder. It's easy for the porn sites to get your name on a list and once that happens you will get slammed with porn. Has nothing to do with whether or not you were stupid enough to give them your email in the first place. One misplaced email address and it's over with. You truly don't understand the nature of spam do you?
      • Gutterpunk, on 06/22/2008, -0/+1You truly don't understand the nature of an Exchange server do you?

        /oh, and reading comprehension. thetayloreffect wasn't saying that people are dumb about SPAM, he said that people are dumb when it come to their personal life in a corporate email setup.
  • AzzidReign, on 06/22/2008, -2/+3What ever happened to honesty?
    • webcrumb, on 06/22/2008, -0/+4That went out of fashion along with good food and community spirit.
    • digdug2020, on 06/22/2008, -0/+1You do understand that you shouldn't be doing non-business related stuff on your work account don't you? I'm sure no one cares about the occassional personal email, but otherwise you are at work to do work. IT people are doing their jobs when they monitor email. It's a gray area if they randomly go into people's email and look though; obviously if someone triggers some keywords like "myspace" or "[insert corporate competitor here]". Especially if it's someone they don't like.
      • Gutterpunk, on 06/22/2008, -0/+1"confidential files" =/= "personal emails". IT people have access to your payroll, your SSN, any info you gave to your employer.

        Oh it's digdug2020 again... Forgot how to read did you? Apparently you answer posts with no relevance to what you are replying whatsoever.
  • kmattso, on 06/22/2008, -1/+5We must fight back against snoopers and install snooper snoopers.
    • sfcaptainrob, on 06/22/2008, -0/+5But then who will snoop the snoopers who are snooping the snoopers??
  • dukeochutney, on 06/22/2008, -1/+2except when its your job to make sure your retard HR isnt perusing pr0n at work and installing applications like DVD Shrink to 'backup data dvds'
    • jparkinson, on 06/22/2008, -0/+4If your end users can install their own applications you're just asking for ***** problems.
    • dukeochutney, on 06/22/2008, -1/+1just the local admins who are supposed to be responsible and not installing illegal apps.
  • Leomarth, on 06/22/2008, -2/+5If IT professionals want to snoop around with limited amounts of information, can you imagine what government does with access to many times more information than this?
  • DrPh0bius, on 06/22/2008, -2/+1Nearly half admit to doing it, and slightly less than half are lying about not doing it. :)
  • talan64, on 06/22/2008, -2/+1I don't believe that number......My guess is it's closer to 90%
  • jdpalite, on 06/22/2008, -2/+2I know about 8 domain administrator passwords (each for different client networks, including my company's network) and I have to say that I have never done this.

    Now if it's part of your job to poke around and look for unauthorized stuff, that's different, but that's not what they're talking about in this article.
  • WarZpriTe, on 06/22/2008, -2/+2The only confidential files Ive seen are ones I have been invited to look at for one reason or another (help, damaged file, whatever)
    Im in charge of our e-mail server, and I need to monitor our file system for unauthorised data, do I "snoop"? No. I find offending files and remove them.
    Obviously people who feel that the number is higher than "nearly half" are either unethical IT staff trying to make themselves feel better because they do it themselves, or paranoid users trying to build a conspiracy against their IT staff.
  • RationalXubrnce, on 06/22/2008, -3/+3 Does *.jpg count as looking for confidential files?
  • futureisours, on 06/22/2008, -2/+1I make sure I only look at party pics, nothing else.
  • pauls88, on 06/22/2008, -3/+1I found a guy called Chris Maz Stocking last week, we all had a laugh.
  • Displace, on 06/22/2008, -2/+1Cyber-Ark makes security software. Of course their research says that.
  • acceleriter, on 06/22/2008, -0/+5And just coincidentally, mind you, the people behind the study can sell you a solution to the threat! What a lucky happenstance!
  • my10cent, on 06/22/2008, -3/+1lol dugg down for irrelevant, people are nosey and can not be trusted, that is the worlds oldest fact.
  • nebkiwi, on 06/22/2008, -6/+3Well I have just been asked to leave my school after I was caught using a teachers password and going onto a server without permission. going onto the server apparently was "unauthorized" access, even though the server was on an open network without any passwords. The passwords are just so simple to guess and I only used them to run programs with the "run as" function because the software they used was crap. the network was so weak it was so easy to do anything yet they made out i had been "hacking" and using unfiltered internet was against the law because I was under 18 and they were responsible for me, its easy to get unfiltered just change proxy settings in the browser, which is open to all students.. its pathetic, if it was such an issue they would of made it secure in the first place.. I actually think they were embarrassed to think a student knew more than them, I had to explain was CMD was in the interview, such a bunch of noobs.
  • BaNZ, on 06/22/2008, -1/+5I'm a sysadmin and the only time I check their personal files is when their roaming profile is broken. Last week there was a fit girl which had 10 gig of personal pictures. So I proceed to check if she has got any dodgey files. Just 2 gig of mp3 so I just delete them. No bikini shots ;(
  • thedude42, on 06/22/2008, -1/+1Buried: sooooo not news, and if this is news to you, it's not of your concern. Unless it's your company you didn't know this was happening in, in which case, you're fired.
  • gnotDigger, on 06/22/2008, -0/+2If you want to watch "anal sluts vol. 4" with me you just have to ask, sheesh
  • StatiK69, on 06/22/2008, -1/+1This article is not accurate. The company that did the "survey" is also an identity security firm. Of course they'll load the results in their favor to scare people. First main stream media and now this.
  • NavS, on 06/22/2008, -0/+9I don't look in peoples stuff, because I don't give a *****.
    • bobsalt1, on 06/22/2008, -0/+2lol- thats my opinion as well. I tried it when i first worked in IT years ago. I was bored in about 5 min
  • x8sam8x, on 06/22/2008, -0/+0This is nothing new, it's what you do with that information.I work for Dept. Of Defense and I see a lot of things that are confidential and above as in secret and top secret but I'm not gonna open my mouth.
  • Fetching more discussions...
    Show 51 - 55 of 55 discussions
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.