|
Computer Guys - Hacking into Outlook
Fist off, what I am doing is legal. I own the server, I own the email, all employees have signed waivers allowing me access to the email.
The issue is that an employee appears to be doing something unethical/illegal. Some 'classified' information has become public knowledge, he is the most likely culprit. I need to check his emails and verify that he is not acting contrary to the business interests. There are several reasons to suspect he is doing something wrong, but no proof so far. Issue #2 is that the employee in question runs IT. The 'outside service guy' and the 'passwords' are under his control. I am allowed access, but requesting this information will notify him of my suspicions. I should have had passwords from the beginning but I never bothered. Is there a way to get into Outlook without him? Can I hire an IT guy to hack in after hours? Or another way? I have full access to the employees computer and service after hours. |
It's not terribly difficult to do and it can be done without him knowing.
|
Can you elaborate?
|
It really depends on how the server is setup, are you running Exchange server or is each employee just have their own pop3 email with your ISP?
Does the server run RAID and if so, is the primary drive RAID as well or just a single disk. If it's a single disk, rebooting the server with a special CD in can allow access to the directories and allow you to copy the info needed. RAID just adds another layer to the process. It really depends on how the system is setup. |
What OS is he running?
If he is running XP or Vista, you can slip into his office on a weekend with something like ophcrack and it can tell you the password to his computer based on the password hashes: Ophcrack You can download the live CD and burn it (You can do this by downloading the .iso file and using a program such as CDBurnerXP.) It's pretty easy to navigate the menus. After you figure out the password to his computer you should easily be able to access outlook and possible backup his .pst files if you find something dirty. |
Often if you can get onto the mailserver and have admin access you can run an app called exmerge. This will allow you to export the mailbox to a .pst file and look at it offline.
This doesn't raise any flags on the account itself since you aren't connecting directly to the mailbox. A backup to pst can also be done through Outlook, but if he's remotely decent at IT he won't leave his machine logged in and unlocked overnight. |
1) Who signs the checks? The outside service guy should be under the control of the check signer.
2) Any IT guy or company worth their salt will not try to remotely "hack" your network. They'll want proof of your authority and on-site access. 3) Assuming you find the smoking gun, what then? You'll need an IT company to assume network support ASAP as you will likely sack the current guy and the out-sourced vendor. 4) Reality is, that unless your current IT admin is a moron, he likely covered his tracks and wasn't so stupid as to use the company mail system for that kind of crap. 5) Bottom line is that you don't trust the guy with the keys to your kingdom. That's problem number one. |
A quick google reveals that PSTViewer will allow viewing the .pst and .ost files from his local machine w/o logging into outlook,etc.
Boot his desktop with a Linux LiveCD, copy the .pst and .ost files to some external storage, copy again to a windows machine, run pstviewer, wallah. Note that I know near nothing about MS products... |
Quote:
Quote:
Quote:
Quote:
Quote:
|
I would recommend lining up a replacement you can trust to be impartial about the whole thing who can go in, lock him out completely, do an audit to make sure there are no hidden back doors in, etc. and re-configure all your security passwords/hosts/etc. Then have someone lined up for contract/permament position.
|
Find out if there is an independent computer forensic analyst in your area.... This would be an easy case for a forensic guy...
|
Pull the Hardrive, copy it......open it up. If he's stupid enuff to use company email, he's still got the emails.....no need to go to the server.
|
I thought .pst files were only archives. that wouldnt give him access to the current inbox...
Anyone with SV rights on the network can log into AD and blow his passwords away. although he might suspect something depending on how often you force password changes I'm not as up on it as a few of you are.... as for copying the hard drive The inbox is not stored on the local drive... |
Unless he is exceptionally stupid, you won't find anything.
Lots of ways to send information other than the corporate mail server. A larger problem in my opinion is you no longer have trust for your IT Admin, which is a pretty scary/crappy position to be in. |
I'm sound like a broken record... But you need to find a CFA in your area. A good one could come in at night, get in, get out, and leave no trace... It won't be cheap but it will be done right and let you know if you need to ****can your IT guy....
CFA= Computer Forensics Analyst.... |
Quote:
|
I still don't think it was mentioned, but Exchange server is used and email is imap, then looking at his wkstation won't get you anywhere. It would have to be server side.
|
How about you and SloDave get together OFF of this thread? Pay him a bit to go into the system and find the info you need.
Agree with the above that you need to have another new and good IS/IT person standing in the wings. Personally I would not trust them to do what I am recommending Dave do. Then once the new IS/IT person is in place, get master passwords and such and start things out right this time. |
Ya.... Sounds like you need to get Dave to go on a Canadian Vacation... He really likes skiing. ;)
|
| All times are GMT -8. The time now is 02:04 AM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0
Copyright 2025 Pelican Parts, LLC - Posts may be archived for display on the Pelican Parts Website