General discussion


Attack From the Inside

By hammock ·
Attack from the inside
I have a web developer that has access to the FTP domain passwords and is holding me hostage. I have worked long and hard, invested a great deal of money, and would hate to start from scratch. He has refused to give me code,backup or mirror the system in a place that so that I have access to it. His irrational behavior is out of control, and I am his hostage at this point, overpaying him for work that is not honest. It turns out the "automated" system is monitored by him, and he manually replies with the requested downloads. I told him that if some areas were over his head we could sub it out for him, but he won't let anyone else near it. Is there anyway that I can get this code and site backed up and move on?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Iris from eEye Security may help

by sbnetsec In reply to Attack From the Inside

I don't know if you have the power to monitor your network traffic but I suggest that you use Iris from eEye security.(Iris allows you to capture the password and the code and also reconstruct any network traffic in real-time, all with the push of abutton.)

"Iris is an advanced data and network traffic analyzer, a "sniffer", that collects, stores, organizes and reports all data traffic on your network. Iris is revolutionary because it delivers never-before-available functionalities that make network administration easier than ever. Iris is indeniously designed to help IT personnel proactively monitor their organization's networks. Unlike other network sniffers, Iris has advanced, integrated technology that allows it to reconstruct network traffic in real-time, all with the push of a button"

Please go to to read more about this product.
I hope this help or may be I did not understand your problem.

Collapse -

Legal Recourse

by tstorme In reply to Attack From the Inside

If you have entered into a legally binding arrangement with him, and he is refusing to acknowledge his responsibilities, you do have legal recourse against him.

I'm assuming that. from the tone of your post- this is your intellectual property andthat you have refused him access and control of the enviornment, and that he has refused to accept it.

My advice- contact your local law enforcement agency, have the issue investigated and potenmtially have charges filed against him- this seems to be a substantial case of threatening and extorting behavior- it is a crime.

You may wish to take a look at Title 18 U.S.C. 1029 in Federal Criminal Law code dealing with Fraud and Related Activity in Connection with Access Devices.

Tracy Storme, ACE, A+, MCP
Digital Sanctuary IT Investigations

Collapse -

Take quiet action.

by MadMark In reply to Attack From the Inside

Assuming that you are the IT Manager, I believe that you need to act, quickly and quietly.

First get out your company's policy manual. Talk to management and/or HR. If he is in violation of policy, let them know what your plan is, and make sure that it is approved. They may be reluctant to take it to law enforcement, however you may find that this character has been up to more than is apparent. You may want to contact a good consultant if you don't have a Informatio Security Departmentto do forensics work and maintain a solid 'chain of evidence'. Document EVERYTHING, ledaing up to the issue, and including the remedial actions taken.

Grab Iris as the firt poster recommended.
Is this guy a contractor? 'Inside' is not a clear definition. Laws and policies usually handle these 2 types slightly different, however, if it IS your company's code, he has no right to keep you from it, unless someone signed it over to him.

Once you have the passwords from Iris or other means, (babseball bats work, but they are a bit messy) login and audit for backdoors, modems on the LAN and 'extra' accounts. Come in early the next day, or stay late and change or delete them. ALL. Make sure that he has no recourse.

You may want to also review and secure other accounts from having similar rights, at least temporarily, so that he can't just 'borrow' an account form a nearby friend. Finally, restrict his rights or access accordingly.

If it is warranted, remedial action should come from HR, Management or law enforcement. I personally wouldn't trust him with ANY kind of access again. He has compromised your trust. He IS the weakest link. Goodbye.

If forced to work with him, I would scrutinize his activity withIris or Sessionwall for the duration of his tenure, and write it up so the next manager is aware.

Related Discussions

Related Forums