Slashdot Mirror

← Back to Stories (view on slashdot.org)

When Wrongfully Accused of Hacking, What Can You Do?

Posted by Cliff on from the legal-troubles-in-today's-corporate-environment dept.

justin asks: "Earlier this week, I went into work I was met at my desk by upper management; they wanted to meet with me. I was not sure as to why but when we got into the office, they set a pile of paperwork in front of me, opened it up to a certain page and asked me what it was. The paperwork was a series of (gimpy) logs showing an internal IP address doing a combination of scanning, and then what looked like hacking, of various boxes on the internet (of these there was the US Treasury among other US Government Organizations). The internal IP address was that of the one I am normally (read: not always) assigned by DHCP. I told them I had no idea what this was, that I didn't do it and that I think I would remember hacking into the US Treasury. I was a contracted employee, so I don't think I have any recourse, I was just left high and dry accused of something that I did not do, and their basic sentiment was 'we will investigate this, do you want us to call you and give you your job back if you are innocent?', This seems rather silly to me since you'd think such things would be investigated, before they would decide to fire me. I'm looking to find out who else has been in this situation and how they dealt with it."

"The logs were in a simple format: 'Aug1 11:27 10.1.0.56.port -> treas.gov.port'. Now there had been some problems at work with the recent MS DCOM/RPC bug, and my machine was compromised either the same day, or the day previous to the day of the events I am being accused of. Additionally, because it was an internal IP address, it could have been anyone with access to ifconfig on their machines (They don't have a link layer dump).

I now have the following questions:

  1. What experiences have other people had that relate to this, what course of action if any did they take in response.
  2. I know the laws aren't very sympathetic when it comes people saying 'yea that was my computer, but it wasn't me', but it can be proved that my computer was compromised in the same time frame, and also the evidence they have is rather flimsy, what experiences have people had in a similar situation?
  3. If someone should try to press charges, where can I find a decent attorney that would actually understand the technology and what I was saying. (As I am now unemployed I'd very much so on a budget)
  4. What should I tell my next prospective employer? Even If they believe me that I had nothing to do with it, that puts one serious doubt in a person's mind.
I'm primarily self taught and with a little less than 3 years experience as a Unix Admin and doing system programming, it is hard enough for me to get a job as it is, never mind with accusations that I was out trying to hack the government on my last job.

Thank you, in advance, for any wisdom, anecdotes or suggestions you can pass along."

11 of 105 comments (clear)

  1. Pre-Paid Legal by Thing+1 · · Score: 2, Informative
    Check out Pre-Paid Legal -- I'm pretty sure that this is a "pre-existing condition" so you wouldn't be eligible for benefits for this case, but they provide legal defense if you're named in a civil suit, or job-related criminal suit.

    I've been using their service for half a year now and am very pleased with it; you can ask an unlimited number of questions, and they'll also write letters and make phone calls at your behalf to resolve issues for you. They also provide traffic defense (parking/speeding tickets, or lawsuits based on injury) and cover you if the IRS decides to audit you.

    It's somewhat like "legal insurance" -- just as you pay a couple hundred a month for health insurance, or car insurance, this provides for your legal needs on a pre-paid, monthly basis (generally about $27 a month) and it covers your entire family.

    In this litigious society we live in, it's great to have coverage for when (not if) you end up on the wrong end of a lawsuit.

    Again, I'm pretty sure this won't help your specific case but hopefully it can help other readers. (And yes, I sell the plan if anyone's interested.)

    --
    I feel fantastic, and I'm still alive.
  2. They have every right to suspend your work... by Zhari · · Score: 2, Informative

    If there is a possibility that someone you employ is using facilities you provide to perform illegal activities, you might feel obligated to relieve them of access to your facilities. i doubt you could perform your job with an abacus, so the next step would be to fire you.

    --
    Hell is other people
  3. Game on... by (H)elix1 · · Score: 3, Informative

    First off, best to be innocent. Second, get a lawyer. Real attorneys are required to play this game properly.

    If the company is terribly illiterate when it comes to technology, it should not take much to truly scare the bejesus out of them. Get the ball moving on a wrongful termination suite. I suspect it will take nothing more than having your attorney formally request a copy of the log files. Move to negotiate, but be persistent. Most small/mid-size companies will settle rather than going the distance. They will posture, however, since they are looking for a quick brush-off. Most people will spend hours at the bar griping about how they were wronged, most never get a lawyer. Much like rebate 'programs', that is what they are counting on. You may get your job back, you may get damages - best to ask for both. Take the time once you do get your job back to find another, however... because this one is done. Exit fast...

    Hell, I've seen folks busted for robbing us blind get a years wages for 'wrongful termination'. The mind boggles... evidence is overrated.

    --
    +++ UGUCAUCGUAUUUCU
  4. Lawyer by rmohr02 · · Score: 2, Informative
    If someone should try to press charges, where can I find a decent attorney that would actually understand the technology and what I was saying. (As I am now unemployed I'd very much so on a budget)
    This seems like something the EFF could help you with. I would not expect them to pay for your defense, but they would help you find someone.
  5. What to tell... by Fished · · Score: 2, Informative
    Regarding the more important question here, viz. "What do I say about THIS in an interview?", the key question is were you officially terminated, was your contract canceled, or were you asked to quit? It makes an enormous difference. If you were officially terminated, and your next employer asks, you will have to tell them the truth. If your contract was "canceled", you should just say that you "came to the end of the contract." Most interviewers will leave it there, especially in this economy. If you were asked to quit, say "I quit, for reasons I must keep confidential." If they press in either of the latter cases, you can stick to confidentiality, and maybe mention that the contract was terminated through no fault of your own.

    It is *highly* unlikely that this company will reveal anything regarding the nature of the incident to any other company. Most companies of any size have a "neutral reference policy" that allows them only to say "yes, he worked here from date x to date y." I would suggest not using your manager as a reference, but I would not suggest saying that your new employer may not contact them, since they probably won't tell anything damaging and to refuse the right to contact will damage you.

    As far as getting your job back, forget it. That's the problem with being a contractor - it's easier to get rid of you than deal with you.

    (p.s. Don't tell anybody, but I have a degree in HR -- easiest B.S. to get in a hurry -- so I'm not totally blowing smoke here, although I've never worked in the field.)

    --
    "He who would learn astronomy, and other recondite arts, let him go elsewhere. " -- John Calvin, commenting on Genesis 1
  6. First thing to do? by Wan2Be · · Score: 2, Informative

    Call your local employment commission. That's what they are there for. They do have employee advocacy people, and you've already paid for them with your taxes.

  7. Be sure to review my case by merlyn · · Score: 4, Informative

    See the web archive of the case of Randal Schwartz.

    --
  8. Twelve step program for people like this by Ratbert42 · · Score: 3, Informative
    1. Shut up.
    2. Shut up.
    3. Shut up.
    4. Shut up.
    5. Shut up.
    6. Shut up.
    7. Shut up.
    8. Shut up.
    9. Shut up.
    10. Shut up.
    11. Shut up.
    12. If you absolutely must (and I mean, as in the FBI shows up and wants to chat), hire a lawyer and tell them the truth about everything except how much money you have.
  9. Re:All together now: by rmohr02 · · Score: 3, Informative

    Well, he does ask where he could find a lawyer that would actually understand the issues. I would recommend contacting the EFF--they should be able to put him in contact with a knowledgeable lawyer.

  10. Advice & Sympathy by bwt · · Score: 3, Informative

    I've been in a similar situation: contractor (military, no less) wrongly accused, had to leave the site, wasn't sure if I'd have a job, etc...

    The advice I can give you is:
    1) Cooperate fully. Be honest. Be forthcoming.
    2) Deny clearly, forcefully, politely wrongdoing
    3) Remind them that the world is full of black hat hackers, some of whom have tremendous skill.
    4) Ask them how to clear your name and how you can help achieve that.
    5) Remind them of your benefit to the organziation -- acomplishments etc.
    6) Tell them you understand this needs a full investigation. Tell them you have confidence in them to gather the evidence that will clear you.
    7) Remind them that a false positive might be them next time.

    Some advice on your specific question:

    1) Do you know what you were doing at that particular time? Where you in a meeting? On the phone? Using another machine? Find proof: coworkers at the same meeting, phone records. Look at file timestamps. If one of the offending timestamps occurs in a period where you can prove you weren't using the computer, you are cleared.

    2) Ask for network logs connecting to your machine. If this is a normal PC, there should be any from strange places. If there are, that was the bad guy, not you. If they don't have such logs, point out that keeping logs is critical for clearing the innocent and exposing the criminal.

    3) If you are on a Unix box, ask that chkrootkit be run to identify if you've been hacked and had a rootkit installed. Hackers often install rootkits to avoid detection and this program finds them.

  11. Re:Don't flinch when you are walked into "the talk by bitMonster · · Score: 3, Informative

    It is so that you can have copies of the exact documents that they are using to accuse you. His point, I believe, is that these documents may be very difficult to get in a legal proceeding, particularly if it's bogus.