Hope me, I feel like I'm in a bad movie
April 15, 2010 6:33 AM   Subscribe

An unethical employer that I have been planning to leave has gained access to my email account (yes, I signed on to my private email from my work computer and obviously they had some kind of keystroke reader) and it appears has compromised all of my personal information. Do I have recourse?

I have been employed for four months at a company that I became increasingly aware of their level of unethical behavior. A few weeks ago I started looking for another job. No personal phone calls are allowed on the job, but I was contacted about an interview by email and responded on company time. I was called in on this, but told they got their information from a contact at the potential employer. When I got home I saw that my email address was accessed all through the day by another unknown IP (not work or home) and an offshore IP. My employer has a very nefarious IT guy he regularly does business with. When I saw this I immediately remembered something the owner of the company said to me at the end of the day while ostensibly speaking to me about hoping I'd continue employment with the firm. It was worded awkwardly, but now I see it was a backhanded reference to a very private email I had received, but never accessed at the office.

Is there anything I can do? I feel absolutely violated. I expect the outcome will be that I will be toyed with for a while then fired (this man is very sadistic). I am not in an economic position to take the loss of a job lightly. I am a contract worker and not able to get unemployment.

What records should I try to keep if any? Do I have any rights? Do I really have any proof?
posted by anonymous to Work & Money (19 answers total) 6 users marked this as a favorite
Significant information is available through this previous AskMe question, particularly the comment quoted here:

"From a rights perspective, the ECPA only protects individuals' communications against government surveillance conducted without a court order, from third parties with no legitmate access to the messages, and from the carriers of the messages, such as Internet service providers. However it appears to provide little privacy protection to employees with respect to their communications as conducted on the equipment owned by their employer."

You need to talk to a lawyer, possibly your DA (assuming this occurred in the USA) to determine for sure whether you are the victim of a federal-level crime. I am no expert but my reading has led me to believe that unauthorized access of a private email account (rather than one operated by your employer) is a federal offense.
posted by BigLankyBastard at 6:52 AM on April 15, 2010

You sound a bit paranoid to me, but maybe you have good reasons for it.

You should start by changing the passwords on everything, starting with the mail account, then all the other accounts that ever had passwords sent to that mail account. Take a screenshot of the access time/ip addresses if you still have that. Next time you're at work, write down your work IP(s). As far as other things, document what was said and when. Resist the urge to taunt them or let them know you know what's up.

That said, if you feel this way about the employer, you should leave ASAP.
posted by beerbajay at 6:52 AM on April 15, 2010

Of course, make notes of your conversations, contact your email provider's support group and have them preserve the access logs and ask them for further guidance w/r/t how to proceed with possible charges etc. CHANGE YOUR PASSWORDS.

Any accounts and passwords pertaning to any business you conducted online from your work PC (banking, bill-pay, Facebook) should all be considered compromised and be changed or terminated ASAP.
posted by BigLankyBastard at 6:55 AM on April 15, 2010 [1 favorite]

Former "Access Hollywood" anchor Larry Mendte was fired from his job as an anchor at the CBS station in Philadelphia because an investigation showed that he had been accessing his co-anchor Alycia Lane's private emails without her permission or knowledge. Mendte's acts actually helped get Lane fired from CBS3. He pled guilty to the charge of accessing a protected computer without authorization.

So if you can get the police and the DA interested in your case, you might could do something with it. Document all you can in the meantime.
posted by inturnaround at 7:05 AM on April 15, 2010

This old question might be relevant. In general, what they are doing is likely illegal.
posted by procrastination at 7:07 AM on April 15, 2010

Also change you security questions for the previously mentioned login sites, those might be compromised as well.
posted by BobbyDigital at 7:14 AM on April 15, 2010

Let's talk forensics. If you contacted a lawyer, what are the chances that, "hey, your machine needed to go in for repairs, we had to format you drive" will happen the second your employers catch wind of this? High.

So, how much physical access and alone time can you have with your computer? Do you have a computer-whiz buddy?

If you do have some, what about this? Rent a camcorder, maybe two. Get a spare large hard drive. Connectors also exist which allow you to (and forensic computer specialists do this as a matter of course) connect to a drive in read-only mode, or so I have heard. Get a nice antistatic bag, some tape, some padding, and a box with a label.

Videotape yourself opening up the machine, connecting the old hard drive in read only mode and the new hard drive. You would probably need some kind of Live Boot CD, too. Copy the old hard drive to the new drive. Disconnect and put things back the way they were. Put the drive in the bag, seal the bag, tape over the bag, write on the tape, put the bag in the box, mail the box to your lawyer. Videotape yourself even unto mailing the box to your lawyer.

The tape length might be an issue, depending on how fast you can copy the drives. If you have two camcorders going, pointing at you from different angles, stagger the start points so that you will A.B.C., Always Be Camcording. At that point, you have some decent evidence. Not ironclad. You could then have your lawyer hire someone to scan for a keylogger. If a keylogger has been found, and your email has been intruded upon, you may have a case.

The logistics on this will be complex. You will want to find a lawyer who has buddies who know computer forensics. You will have to keep track of the equipment you use. Your computer-law-savvy lawyer will have to okay your plan. And so forth.

This idea could use a lot of work, don't get me wrong, but this is all about evidence. Without it, you have nothing.
posted by adipocere at 7:18 AM on April 15, 2010 [2 favorites]

Proof may be hard to come by, depending on how much retention of records Google does and will let you have access to.

First and foremost, as noted, change all passwords you ever used from work. Change all security questions. Make sure the email address for notifications from those sites is what it should be and no one's changed anything on you. Check your home machine for any malware or trojans.

After you've re-secured yourself, contact Google about this and ask what IP records they can send you. Once you have that, do a DNS lookup on those IPs and find out who they are and who owns the domains they're from.

You may wish to speak to the local FBI office on this, by phone. If they do this to you, chances are they do this to other people. Also, the foreign IP address may be more interesting to them depending on where it is. On the other hand, they may not have much interest in it, but you can at least bring it to their attention.

Finally, say nothing at all about this at your workplace. Not even when you leave. Act as if it did not happen. Do not give them a reason to try to sanitize things. They may be just competent enough to hack your email with the keylogger but not competent enough to clean up after themselves cleanly.
posted by mephron at 7:25 AM on April 15, 2010

If you are concerned that they may change your password and lock you out of your email, set up a new account (not at work, of course) and have all of your email forwarded to that new account. This would only be a short-term fix, of course, but at least you would have access to your current email until they disabled mail forwarding.

A friend's ex-girlfriend hijacked her email and changed the passwords out of spite. It caused serious consequences for my friend, as she was job-hunting at the time and had no idea who was emailing her (and also could not get into her Google Calendar, et cetera). Since then she has always had a secret email account, just in case.
posted by amicamentis at 7:36 AM on April 15, 2010

Abandon that email account and change the default email on all your other accounts to a new email address. This prevents them from going to your bank's site, clicking on "forgot password" and having it sent to your old email, which they already have access to.
posted by desjardins at 7:40 AM on April 15, 2010 [2 favorites]

In your personal email account, search for "password" and for your commonly used passwords. Chances are, you'll find new account emails containing your password for other websites. Change those too.
posted by clearlydemon at 8:37 AM on April 15, 2010

We went through a lot of things like this at a former employer -- nthing change all your passwords, all your related passwords, etc. Download your mail stored in the (webmail, I presume) to your local drive at home, FROM home, and then delete it all before changing accounts. If you use Gmail, it's very easy to download all the contact info from everyone you've been corresponding with and then move over to a new account.

Also, screenshots of the foreign IP accessing your account, just in case...
posted by bitter-girl.com at 8:45 AM on April 15, 2010

IAAL and I deal with electronic evidence on a daily basis, but I don't know who the OP is and the OP is most definitely NOT my client.

OP, please, BEFORE you act on adipocere's advice, consult with your own lawyer and ask him specifically about the Electronic Communications Privacy Act and whether forensically copying the computer hard drive you are using at work would subject YOU to termination, or even liability for violation of the ECPA. Regardless of how nefarious the employer is or is not being, engaging in a black-bag forensic acquisition (especially involving a third-party "computer-whiz buddy") would probably be very dimly viewed by most employers.

Also, forensic acquisition of a hard drive is not something that should be done lightly, let alone by someone's "computer-whiz buddy" in a black-bag job. I have had forensic acquisitions messed up by in-house client IT who thought they could do it right more times than I care to count.
posted by QuantumMeruit at 8:51 AM on April 15, 2010 [6 favorites]

At least in NJ what your employer appears to have done would be improper. It may also be an ECPA violation. Monitoring your work provided email is one thing, but accessing your private email without your authorization is another. Lawyer up.
posted by caddis at 9:16 AM on April 15, 2010

Not to be a wet blanket, but...

1. This will be very hard to prove, unless you can associate the foreign IP with your employer. Gmail accounts get hacked all the time by offshore spammers; they do it by guessing your password or your "security" questions.

2. Changing to a new email account doesn't accomplish anything. Just change your password (and make it a strong password -- random characters!) and stop accessing it from work.

3. As others have said, talk with a lawyer before you try to gather forensics by duplicating the hard drive. If there is a key logger, you should be able to find that, but a key logger by itself may not be illegal; you need to ask a lawyer.
posted by qxntpqbbbqxl at 9:19 AM on April 15, 2010

If you are serious about wanting recourse then talk to a lawyer FIRST, even before changing your email passwords. A competent lawyer will know exactly how to set things up that will maximize your chances for redress.
posted by forforf at 10:07 AM on April 15, 2010

I'm a little torn on the forensics, because The Right Way to do it involves someone with any number of specific certifications taking the machine and it going through a whole set of procedures. I doubt you can get away with that. If these guys are as skeezy as you think, they would not hesitate to wipe your box, at the very least, and you would have a hard, hard time making a case. So at some point you and your lawyer have to balance out imperfect procedures against the risk of going aboveboard and getting absolutely zilch.

And yeah, I should have put in bold the part at the end of my answer, which was Your computer-law-savvy lawyer will have to okay your plan. Abso-freakin'-lutely. Until then, play along, doobie doo, I am a clueless little employee, la la la.

Also, I am adding "black bag" to my personal phraseology.
posted by adipocere at 10:24 AM on April 15, 2010

From the OP:
Hi - OP here. Thanks everyone for your excellent advice. Fired today as expected, or told by seeking other employment with a potential competitor I had nullified my contract I think the hacking was done as a ploy to get dirt on me to keep me from whistle blowing. I am not sure what my next step will be, but appreciate all your time and knowledge.
posted by jessamyn (staff) at 10:29 AM on April 15, 2010

Oh man, OP, guess I can't say "so sorry" but I am sorry you had to deal with those assholes.

I do a lot of surfing/emailing at work, but so far our IT people are ethical and super-busy enough that I've felt pretty safe.

Hope you find a better place soon.
posted by emjaybee at 6:38 PM on April 15, 2010

« Older Twinsies!   |   Where have web manners gone?! Newer »
This thread is closed to new comments.