Tags:



How Helpful Are the Computer People?
September 18, 2007 4:41 PM   RSS feed for this thread Subscribe

How readily do the Computer People at large corporations agree to cooperate with requests for NON-criminal investigations of e-mails sent from these companies?

[Sorry in advance for the long post!]
I work part-time at a large corporation (I'm talking LARGE, like the IBM of its product line), as well as at another part-time job at a major hospital (the two jobs are not related to one another, I just have to work two jobs to pay the bills). Some time ago, I sent an angry anonymous email--from a throwaway hotmail address, but from my desk at the giant corporation-- to the administration of the hospital (i.e., to my other job). The e-mail blew the whistle on some seriously unethical behavior I observed on the part of some surgeons practicing there.
As I anticipated, the shit really hit the fan when the hospital admin got the email. Now word around the hospital is that the surgeons I squealed on are (understandably, from their perspective) none too happy. Neither is, from what I'm hearing, the director of their division, who is hell-bent on finding out who sent the damning e-mail.
I tried using the standard "IP trace" websites for tracing emails, and the IP comes up as the company I work for, all right-- but at their headquarters in another state.

Nobody involved at the hospital knows I work for the giant corporation, so I'm not worried anyone will put two and two together and trace the email back to me by tech-related means. What's keeping me awake at night is the idea that the director at the hospital will call someone at the giant corporation and ask for the email to be traced under some other pretense (e.g., that he received a threat from someone at the giant corporation).

Which brings me to my question: are the people with access to IPs at the giant corp very inclined to go along with something like this? Would they be easily swayed by a smooth-talking professional at a major hospital?

Two bits of info in case it matters: 1)I am an exemplary employee at both workplaces, and although I couldn't be fired for the email at the hospital, it would be very uncomfortable to keep working there if the surgeons ever found out it was me who sent it, and 2)I have to log in with a personal ID to every computer I sit down at at work, so if the internal IP is traced to a computer I used, the times I was logged in there could easily be matched to the timestamp in the email.
posted by anonymous to computers & internet (17 comments total) 5 users marked this as a favorite
well you pretty much blew it by sending it from your work but the damage is done. You'll probably be found out and fired...big corps are like rat kings and will feast on their own you know that.

Or not...it's pretty much out of your hands at this point and all you can do is sit and wait...not like you can make inquiries on the progress of the hunt or you'd give yourself away even more.
posted by evilelvis at 4:48 PM on September 18, 2007


Try this: call a random big corporation, tell them you got a threatening email and see if they'll help you. Most likely big corp isn't going to risk revealing any information. I'm sure big corp would cooperate with a criminal investigation but it doesn't seem like that will be the case here. In my experience, big corp employees are usually well versed in cover-your-ass.
posted by sexymofo at 5:07 PM on September 18, 2007


except this sounds like the hospital traced it to one of their vendors...so the hospital probably has some clout

I am backtracking on my first message, that this will probably only matter if someone at the hospital "knows someone" at the big corp or is so pissed off that they threaten to take their business elsewhere...
posted by evilelvis at 5:11 PM on September 18, 2007


Isn't this what whistleblower statutes are for?
posted by thehmsbeagle at 5:29 PM on September 18, 2007 [1 favorite]


Most large corporations don't trace this kind of thing much, although it can and does happen. Everything you do on an Internet or a network is logged, so you probably shouldn't do anything online you wouldn't want people to know about.

Chances are this blows over. Most companies won't release any kind of data to the outside world without someone paying for it or the promise of bigger hassles. Even then, its pretty easy for an IT department to tell some angry random guy it trashed its logs, etc.
posted by Deep Dish at 5:36 PM on September 18, 2007


Not very likely. The techs will have signed a NDA that will cover this information, releasing it to anyone outside of the corporation could get them in trouble. Besides, they're probably overworked and stressed out anyway, and finding out info for some random stranger (at a risk to their own career) is much less important than keeping systems running. If anything they may send it over to legal, and without a subpoena or court order legal will politely tell the administrator to take a hike. There's nothing the company can gain, and releasing it could open them up to some sort of liability.

If your mega corp has a company culture that's prone to witch hunts, you should maybe be more afraid of them. Even if they don't give the hospital the time of day, this could trigger some sort of internal investigation.
posted by TungstenChef at 5:37 PM on September 18, 2007


except this sounds like the hospital traced it to one of their vendors

Hotmail includes the IP address of the system the message originated on in an "X-Originating-IP:" header. Which is a good reason to use a throwaway fastmail account for whistleblowing, rather than hotmail. Maybe next time.

BigCorp probably runs a proxy server for all outbound http requests; if so, it'll be fairly simple for their IT staff to see who was hitting hotmail at the time the message was sent. I wouldn't expect them to bother, though, unless there's some relationship between the division director at the hospital and someone fairly high up at BigCorp.

BigCorp probably also has a policy about personal use of work computers. Depending on how lenient it is, you might want to go to your manager and explain the situation in advance, as a courtesy in case they get called to the carpet by someone higher up because of this. Pre-emptive explanations will probably sit better than "oh shit you caught me" ones, and with a sympathetic manager, you could end up with an advocate with some internal political clout, should it come to that.

Or you could hope it blows over. And next time, double check that your throwaway email account isn't leaking information about you.
posted by hades at 5:48 PM on September 18, 2007


Don't log on to the account again, as you used a web based server it's unlikely that you communicated directly with the hotmail server with your desktop IP address. Mose than likely you were proxied by the corporations gateway or proxy servers which may or may not be logging http traffic and correlating user activity to sites viewed/etc.

Assuming there is a proxy and what type it is, the proxy servers logs can be reviewed to determine who communicated with the hotmail service, this can be via DHCP issued ip address or username/password for the proxy service.

If it's the DHCP address unless they keep records of leases you're fine, if they don't keep records of leases there's no way to determine specifically where the email originated. If they have usernames and passwords for the proxy, it can be determined with less effort.

With that said, it's pretty unlikely anyone is going to go to the effort to run through all this without a court order, request from VIP/etc. You're more likely to be traced via the information you used to create the account than via the systems you sent the email from.

Clear the cookies and the browser cache on the machines at work and act like nothing has happened.

Stop doing stupid things on work computers, I'm nearly positive your AUP of the computing resources forbids shenanigans such as this, don't give the business a reason to can you.
posted by iamabot at 5:59 PM on September 18, 2007


well, my extremely large BigCo has a very transparent policy: you have NO assumption of privacy or anonymity on their network. We like it like that. All chips are on the table. What we do is then run proxies on our home machines and hit them across https. That gets around any logging we assume is taking place.
posted by nikko at 6:30 PM on September 18, 2007


"well, my extremely large BigCo has a very transparent policy: you have NO assumption of privacy or anonymity on their network."

Yeah, but I doubt they'd hand the non-private information over to a third party without legal compulsion.

I know that, where I work, if an unrelated company called me up with this exact issue, I'd tell them to get bent. And my boss (the IT director) would back me up. You show us a warrant if you want any of our data, otherwise you get nothing.
posted by CrayDrygu at 7:20 PM on September 18, 2007


its pretty easy for an IT department to tell some angry random guy it trashed its logs, etc.

Especially since most actually do. There's no need to keep logs around any more than is necessary to troubleshoot problems with the IT infrastructure, unless your legal department tells you to do so.

But any corporation worth its salt isn't going to be handing out network logs to anyone without a subpoena.
posted by oaf at 7:48 PM on September 18, 2007


In theory BigCorp's IT should base its response on its security policy, which should have been written in accordance with the laws of your location & industry. Usually that means they'll only assist a third-party civil investigation if they have a legal justification for doing so, something they can point to if after being fingered, you come after them with a lawsuit.

Like CrayDrygu says, just because it's not considered private within the company doesn't mean they'd be willing to share it with an outsider without a compelling reason.
posted by scalefree at 8:13 PM on September 18, 2007


BigCorp probably has a lot of people hitting Hotmail at the same time. Unless they're really tracking stuff, I doubt you have anything to worry about. Just whistle right along unless for some reason they pop you. And heck, if it's really a BigCorp, you can just transfer to a non-surgeon part of the company.
posted by rhizome at 9:26 PM on September 18, 2007


I've been that IT guy, investigating who sent an e-mail. But this was for someone who MY BigCorp was considering firing for other reasons. I seriously doubt I would have been doing that if there hadn't already been some serious wrangling between my BigCorp's legal and the Other Places' legal, most likely involving a subpoena.

That said, I think you have to prepare for the small but non-zero possibility you'll be found out. Personally, I'd not be surprised if somebody figures out who you are just based on the company name. You can't have kept it THAT secret, after all, not with juggling two work schedules.

In short, you may want to update your resume, and consider finding one job to replace your two.
posted by dhartung at 10:14 PM on September 18, 2007


next time use an anonymizing proxy or simply tor but either only from a public wifi spot or something like that and not using a company computer. consider deleting the hotmail account from some place not connected to work or your home but never again log on to that place from work. delete cookies and your browser cache/history. these traces may very well be still on your office machine.

in the event that they do fire you, do not sign anything, do not admit anything, deny it all and talk to a lawyer. they will have to prove many other things beyond that it was your computer - namely that you were sitting in front of it and not a coworker. that is why they will in this case most likely use another reason to get rid off you - tardiness, personal web surfing, etc. this is the time to make sure all your i's are dotted and you are an exemplary employee. start collecting evidence for what a stellar employee you have been apart from this, just in case.

if nothing happens (it is quite a task to find out who you are, let's not get too excited), consider it a close call and stop doing these things from work. I'd also suggest that you visit no sites at all
posted by krautland at 10:19 PM on September 18, 2007


The question I keep coming back to is - how likely is the Director to try calling the Big Corp? As far as you know, the Director hasn't even discovered the connection to BigCorp yet. He may well see it's from a Hotmail account and not even bother trying to trace it. If he does do the IP trace like you did, and the BigCorp is as large as you suggest it is, he may decide searching for the culprit is like finding a needle in a haystack. Case closed.

If no one at the hospital knows you work for BigCorp (really? no one?), then you're probably pretty safe. Certainly the email could be traced, but would the Director go to that much effort?
posted by crossoverman at 6:06 AM on September 19, 2007


Former BigCorp IT guy here. From my experience, I would suggest that nobody in your BigCorp IT department is going to give an outsider the time of day, much less carry out an investigation involving multiple groups within the department (at least 3, at my old job: Networking for the DHCP log, Security for user login tracking, don't even know who maintained web proxy logs). I mean, IT staff are usually busy deflecting perfectly valid internal requests...

Moreover, an IT person passing info about users to a third party would be an instant-shitcan offense - imagine the liability to BigCorp if the info was wrong! - and wouldn't be undertaken on anything less than a direct order from a C-level executive, with signoff by the head of HR, review by Legal, etc etc. So unless one of these surgeons saved your COO's life, or they get a subpoena, it ain't gonna happen.

And I doubt BigCorp is going to fire you for one violation of a computer use policy that everyone else is constantly violating as well. The hospital will find an excuse to fire you if you've pissed off someone important.

Last thing: please don't tell me you posted this AskMe from a work computer...
posted by a young man in spats at 8:34 AM on August 11, 2008


« Older How do I send SMS messages to ...   |   recently started going to ther... Newer »
This thread is closed to new comments.


Related Questions
Help me be a tattletail without getting told on June 9, 2008
What is your favourite blog? March 30, 2008
What are some good blogs/sites that are like... February 21, 2008
What are the most intellectually stimulating... November 20, 2007
How can I narc and still keep my job? December 20, 2005