The Bastard goes email snooping
Easy if you try
Episode 12 BOFH 2002: Episode 12
"But how do weKNOW
that they're not reading our email?" a geeky type from payments asks The Boss over an evening beverage at the company bar.
"Because the software doesn't let them" The Boss replies, dipping a tentative toe in technology for a second.
"Yes, but how do we know that they don't change that software to allow them to do it anyway?" he persists.
"Numbers," The PFY chips in sagely.
"Yes. There's what, 600 people working here - all getting email from people all over the country and the world. To look at their email, we'd have to go through each and every mailbox checking all their messages. We just wouldn't have the time to do it!"
"Yes, but you could if you only wanted to read ONE person's mail."
"Well I suppose we COULD, but we'd have to have some sort of reason. You know, something that would make us wonder what a person is hiding..."
"Right, yes, OK! Well I suppose that covers it! Drinks anyone?" he responds hastily.
***MENTAL NOTE TAKEN***
... The next day dawns, and even The Boss is showing an interest - wanting to know if the person in question has a skeleton or two in the closet...
"..and what you're looking for is files which look like they should be there, but really are out of place. Like.... THAT ONE!" The PFY explains, pointing at a folder on the screen.
"PAYSHD.ZIP! Won't that be a Pay.... Schedule file or something? Hardly worth looking into.."
"That's just what he wants you to think..," The PFY murmurs disparagingly. "But your average beancounter doesn't even know his trouser zip exists, let alone Winzip. No, this is progress! 20 megs of premo smut I'd wager!"
"You don't know that!"
"Know it - no. But after a while you get a nose for these things. That baby is just out of place. But don't take my word for it >clickety< >click<. Ah-HAH!"
"What? It's just an encrypted zip file?"
"Yes indeed, and encrypted file, full of smut!"
"It could be ANYTHING!"
"Yes, you're right. Our user has an encrypted ZIP file, which contains an encrypted zip file - and there's nothing suspicious about that..."
"He might just be being cautious."
"Oh, I think you're right there. But lets just see. First, unencrypt the contents >clickety< using his >clickety< NT password."
"I thought passwords were stored encrypted!!!"
"Normally, yes, but for our users, no,"
"It'd make their using their email harder for a start."
"You login to their accounts and read their email!!!?!?!"
"Of course not!"
"No, we use the ADMIN tool to read their email - it's much faster."
"So how having their password it make email reading easier?"
"Oh, well, we can login as them and SEND email - you know, to get more email to read. For instance, I might send one from you to that woman from personnel you were chatting up last week - suggesting a quick candlelight dinner somewhere."
"YOU SENT EMAIL FROM MY... What did she say?"
"No no, I was just using it as an example."
"Mind you, I wouldn't develop a nervous twitch in your eye when you're talking to that big bloke from stores as he's definitely... not interested."
"!" he half gasps.-0
"Sorry about that, just testing the interface."
"But my email is electronically signed with that key you got for me!"
"Indeed it is, but THAT key in turn is signed by an authority just a whisker away from being what's known as a 'trusted' authority."
"Well.. more like a beard."
"Which company was that then?"
"Trusty Amal's Key Registry Services. Two quid for a 64-bit key issued for 50 years!"
"Isn't 64 thingies a little bit.. insecure?" The Boss asks remembering something from technology nursery school.
"In the banking world, yes, but for your correspondence, no."
"Well it's a risk reduction thing."
"How does it reduce risk?"
"You don't have to take the risk that someone will torture it out of you some day. Sort of a proactive escrow."
"So you were thinking of me the whole time?"
The Boss decides to cut his losses here and move on.
"So why are we continuing looking through this user's files if we've found something?"
"Well, it was too easy. And when you're a sad beancounter type, you're sort of expected to spice up your life with a couple of pictures of Barbara Cartland taking on a midget wrestler or two. No, this guy's really hiding something.."
"Oh something that he doesn't want anyone to know about. Cutting Edge Porn, Dirty Stories, A Train Spotter mailing list!"
"Isn't that illegal?!"
"I don't know about the first two, but I'm fairly sure the last one is, and we should be able to find out.... >clickety< veerrrry shortly, as he's used the same password twice."
"What is it?" The Boss gasps.
"It's a pay Schedule file - amounts, people, etc. What a bust."
"So what was he hiding?"
"Well there are several different train timetables in his inbox.." I murmur.
"I'll call the cops!" The PFY says.
Two hours later the police have left, after being most unhelpful. Of course they questioned the bloke concerned, but with the liberal laws these days, people can get away with trainspotting without charge. Personally, I blame the government.
Still, The PFY and I while away the intervening hours thinking up ways to cement The Boss's relationship with that bloke in stores, while the bloke concerned (after the first message anyway) whiles away the hours thinking up ways to cement The Boss in stores.
It's a funny old world. ®
- BOFH 2K+1: The whole shebang
- The Compleat BOFH Archives 95-99
- BOFH is copyright © 1995-2001, Simon Travaglia. Don't mess with his rights.
Sponsored: 2016 Cyberthreat defense report