Computer Guys - Hacking into Outlook

1990C4S · 10-11-2010, 12:11 PM

Fist off, what I am doing is legal. I own the server, I own the email, all employees have signed waivers allowing me access to the email.

The issue is that an employee appears to be doing something unethical/illegal. Some 'classified' information has become public knowledge, he is the most likely culprit. I need to check his emails and verify that he is not acting contrary to the business interests. There are several reasons to suspect he is doing something wrong, but no proof so far.

Issue #2 is that the employee in question runs IT. The 'outside service guy' and the 'passwords' are under his control. I am allowed access, but requesting this information will notify him of my suspicions. I should have had passwords from the beginning but I never bothered.

Is there a way to get into Outlook without him? Can I hire an IT guy to hack in after hours? Or another way?

I have full access to the employees computer and service after hours.

slodave · slodave's Garage

It's not terribly difficult to do and it can be done without him knowing.

1990C4S · 10-11-2010, 12:28 PM

Can you elaborate?

slodave · slodave's Garage

It really depends on how the server is setup, are you running Exchange server or is each employee just have their own pop3 email with your ISP?

Does the server run RAID and if so, is the primary drive RAID as well or just a single disk. If it's a single disk, rebooting the server with a special CD in can allow access to the directories and allow you to copy the info needed. RAID just adds another layer to the process.

It really depends on how the system is setup.

RedBaron · 01:04 PM

What OS is he running?

If he is running XP or Vista, you can slip into his office on a weekend with something like ophcrack and it can tell you the password to his computer based on the password hashes:

Ophcrack

You can download the live CD and burn it (You can do this by downloading the .iso file and using a program such as CDBurnerXP.) It's pretty easy to navigate the menus.

After you figure out the password to his computer you should easily be able to access outlook and possible backup his .pst files if you find something dirty.

MysticLlama · 10-11-2010, 01:02 PM

Often if you can get onto the mailserver and have admin access you can run an app called exmerge. This will allow you to export the mailbox to a .pst file and look at it offline.

This doesn't raise any flags on the account itself since you aren't connecting directly to the mailbox.

A backup to pst can also be done through Outlook, but if he's remotely decent at IT he won't leave his machine logged in and unlocked overnight.

KaptKaos · 10-11-2010, 03:17 PM

1) Who signs the checks? The outside service guy should be under the control of the check signer.

2) Any IT guy or company worth their salt will not try to remotely "hack" your network. They'll want proof of your authority and on-site access.

3) Assuming you find the smoking gun, what then? You'll need an IT company to assume network support ASAP as you will likely sack the current guy and the out-sourced vendor.

4) Reality is, that unless your current IT admin is a moron, he likely covered his tracks and wasn't so stupid as to use the company mail system for that kind of crap.

5) Bottom line is that you don't trust the guy with the keys to your kingdom. That's problem number one.

id10t · 10-11-2010, 03:56 PM

A quick google reveals that PSTViewer will allow viewing the .pst and .ost files from his local machine w/o logging into outlook,etc.

Boot his desktop with a Linux LiveCD, copy the .pst and .ost files to some external storage, copy again to a windows machine, run pstviewer, wallah.

Note that I know near nothing about MS products...

1990C4S · 10-11-2010, 04:12 PM

Quote: