Slashdot Mirror
1 In 3 Sysadmins Snoop On Colleagues
klubar writes "According to a a recent survey, one in three IT staff snoops on colleagues. U.S. information security company Cyber-Ark surveyed 300 senior IT professionals, and found that one-third admitted to secretly snooping, while 47 percent said they had accessed information that was not relevant to their role. Makes you wonder about the other 2 out of 3. Did they lie on the survey or really don't snoop?"
It's a damned poor state of affairs that so many people put in that situation of trust betray it.
I've been a systems admin for the better part of a decade, and the only time I've ever accessed the company's assets are when it was warranted.
The same goes for user files. I'm not going to snoop through other people's files. Really, I don't care what boring files you keep, just that they don't fill up the partition they're sitting on.
Do that, and suffer my wrath.
Check out my sysadmin blog!
I know a place where they have'nt changed the root/admin passwords in years. They have so many servers that it would be "a huge pain" (their words exactly) to change all the passwords. I wonder how much of a pain it would be for a former DBA or sysadmin to snoop around and start publicly posted how much everybody makes?
I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
Maybe I'm missing the point but I don't see where there is an issue.
In nearly all IT environments, either you trust your IT staff, or you have some killer PKI. Reality suggests management in the typical company wouldn't pay for or be bothered to use, so we're back to IT having super-snooping powers.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Given the nature of a sysadmin's job, I think I'd be more worried about the other 2 out of 3 that don't snoop around. A curious sysadmin will find more problems and more possible solutions than one who doesn't care.
Did they lie on the survey or really don't snoop?"
I say most lied. Knowledge is power and it would be too damn tempting when you could have your finger on the company's pulse.
It would also explain the smug look. (kidding!)
If you've never been modded as "flamebait" or "troll," you've never tried to argue a minority viewpoint here!
They probably have a life. It's pretty pathetic to have to get one's jollies snooping on others rather than actually doing something.
Great minds think alike; fools seldom differ.
So in other words, a significant majority of sysadmins are honest. Given that they have "the keys to the kingdom" in the words of the article, that's pretty impressive.
Loose lips lose spit.
According to that survey, 2 out of 3 sysadmins realize that spying in a CLI (career limiting move) if they get caught. That, and the whole ethics and honour thing, are why we are able to manage the confidential data without snooping.
Feed the need: Digitaladdiction.net
Come on people, for 'computer nerds' it's amazing how little logic you collectively display.
The company that sponsored the "poll" makes products for encrypting information and compliance with SOX..
Do you think they'd release a study that DIDN'T imply your information was in jeapordy?
This is simply marketing hype, don't fall for it -- it's positioned to get executives to suspect their IT staff (in my company's case, very respectable and honest IT staff) --
1 in 3 is a completely made up number for the benefit of the company trying to SELL PRODUCT
of those SysAdmins who feel it necessary to snoop on people? If you're bored, get out of Admin Pack and head over to /. or Technet (if you are of the MS persuasion) and learn something new. I don't care who you are or how good you are, you don't know EVERYTHING...
Maybe it's just me, but I just don't get it...
I probably have access to more account information and networked shared space than most people, but I have no urge, need, or desire to see what's in their accounts or shares. (Beyond making sure private data is secured and there isn't pornography or other bad files out there using up all our networked drives. That's one of my monthly chores)
Only reason I'm here right now posting is because I'm in the middle of a scan. Our scans take 6-7 hours to run (with the process set to realtime priority) so about the only thing my computer is able to do is browse the web (slowly, I might add)
"Could" I snoop? Sure. "Would" I? Never. That's one of the reasons why I have this job.
Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
Not really. Often, a sample size of only 30-40 will be sufficient to draw conclusions of statistical significance. Even if we assume a moderately heterogenous population, a sample size of 300 ought to be fine, especially to draw the kind of conclusion that the article draws, namely that "many admins snoop" -- not all, or even necessarily a majority, but a large number. Thought of another way, when polling organizations like Gallup conduct a survey, their sample sizes are often right around 1,000, and they are modeling the entire population of the US, which is both larger and more heterogeneous than the population of admins in the US. You don't need super-large samples to get good data, and the utility of adding one more data point into a sample decays exponentially.
Rhapsody in Numbers
I don't snoop. Truth be told, I don't really care about anyone or what they're doing. Besides, most sysadmins are lazy. Good sysadmins do their best to automate as much as possible so they have to do as little as possible. Do you seriously think we want to create more work for ourselves?
The other 2 know better than to out themselves as snoops on any kind of survey... I mean what is the guarantee that the survey wasn't a snoop by the employer to catch "honest spies"?
stuff |
I host for a few friends of mine, and I don't really snoop unless their disk space crosses threshold. Then I ask if they'd reduce application XYZ's data footprint because it's encroaching on other users backup space.
In non-shared, it's more often snooping of port activity for security audits. Hey, you don't need that derelict FTP server running. Mind shutting it off so we can get VISA certification?
I made the mistake of looking at a co workers pay who I thought was equal in status to me. BIG MISTAKE. After finding out he was paid several hundred dollars more than me a paycheque for doing basically the same job, I never looked at him or the company the same way again. I left that company not too long after, partly because I felt ripped off. Its very hard to unsee things sometimes.
As for internet history or watching peoples screens while their back is turned, I would never do that *TO A PEER*. Its just a respect thing. I have definitely been told to monitor subordinates internet accesses as well as various people throughout the companies I have worked for. Ive gotten people fired for looking at facebook on work hours, but thats part of the job in some corporations. I wonder if the article is talking about peers (in the IT department) or extra-departmental persons whom you could legitimately be instructed to snoop on.
As a potential lottery winner, I totally support tax cuts for the wealthy
Yeah, I definitely have done it. No matter how you define it.
/home
I CAN say that I have never logged into systems I wasn't allowed in, but I have
cd
and looked around.
However, I have never USED the information. I never really found anything incriminating, except TONS of porn. Hey, if you have a proxy server at work, all the porn you view is cached on the proxy. Our proxy used to show the file owner, ha ha, you are busted. I never busted anyone however, just backed up the porn to CDs and deleted it. Anyone want some old CDs?
Also, I used to work nights. If you just turned me down for a raise (poor-mouthing how bad the company is doing), do not leave your 6 month $14K bonus paperwork lying around on top of your desk. I was just delivering reports, but damn, I lost all respect for you. That is why I do not work for you anymore.
- I live the greatest adventure anyone could possibly desire. - Tosk the Hunted
As far as I know, sysadmins are bound by privacy laws.
And if those are the same laws that apply everywhere I've worked at, then it doesn't matter if they access my files or read my email.
As long as the info is not made public, used maliciously, discussed between colleges, then it doesn't matter.
It's not what you know, it's how you use it.
Of those 2 out of 3 left, 4 out of 5 were found to have lied on the survey. Of those that lied, it was found that 2 out of 3 only snoop on those they think they have a romantic connection with and considered it not snooping but pre-mutual love investigation. Of those that act and are rejected, 50% continue to snoop to plan murderous intentions that later end in the woman of said attraction kicking said admins ass. Makes you wonder where all these stats come from really though doesn't it..
At a previous sysadmin job, I never snooped on colleagues.
However, as part of my duties, I was instructed to monitor some individuals and to scan for specific keywords in the logs.
No sig. Move along - nothing to see here.
Marking this redundant would be redundant itself - I'm just chipping in my $0.02.
I very much have the ability to spy on my colleagues in my position in IT. There are inevitably times when I see personal data on people's PCs. But I don't snoop because it's really much easier that way.
You can rationalize this to not having time, being caught, having ethics, not having to hide something big or decide whether or not to, etc, but really they all factor in. It's just not worth the trouble and risk in general.
Thankfully where I work we have policies that prevent us from ever knowing user passwords, and various others to keep us from having too much control over their accounts in the wrong ways, or having to know things we don't need to.
Not if they're Spartans.
Given that anyone with both the access and the inclination will have harvested any information they want long before they hand in their notice, having them escorted out is going to be ineffective. From that position, threatening dismissal will not be an effective deterrent, especially now that it's so hard to put allegations into a job reference, unless there's a criminal case that's been proved.
Probably the only industry where safeguards come close to working is in the financial sector - where the regulations about insider trading make it hard to exploit privileged information without getting caught. However, that's a legal solution, not a technical one.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
Maybe they are unaware of Slashdot.
When our name is on the back of your car, we're behind you all the way!
At least those, including cashiers and bank tellers, who have to balance the drawer at the end of the day...
rj
At many jobs, I have had access to my boss's, and his boss's (etc.) e-mail since I ran the e-mail server. I am not going to make any legal admissions here, but why wouldn't I read it? I would find out ahead of time about such things as layoffs and that type of thing. Being that I am a wage slave, I want to know about this sort of thing. This is like the "ethics" of slave snooping on their slave master. I am waiting for a Lenin/Pol Pot type to come along and wipe out these bosses, company boards, majority shareholders and the like, so the e-mail snooping is a no-brainer.
There's surely one way to know. But who watches their sysadmin's sysadmin?
--
make install -not war
To be exact, a sample of 300 should have a sampling error of around 5.8% -- a reasonable accuracy. A sample of 40 should have a sampling error of around 15.7% -- maybe suggestive of general tendencies, but if this were the sampling error in this survey we'd have a small but significant possibility that the actual ratio is close to 1:1. These numbers assume the sample is truly random.
when polling organizations like Gallup conduct a survey, their sample sizes are often right around 1,000, and they are modeling the entire population of the US
Size of the population being sampled isn't much of a factor, really, unless the sample size is approaching the population size. I think there are way more than 300 sys admins, so population size doesn't play a role here.
more heterogeneous than the population of admins
It seems to me that that carries a prior assumption about the thing you are trying to measure, i.e., that you believe this characteristic correlates with factors that are known to be fairly homogeneous in the population of sys admins. That may be the case, but it would require independent confirmation if you want to base an argument on that correlation.
I'm a sysadmin, and I don't snoop at all. Sure it's "honorable" and "ethical" not to, but I feel that the more real issue is that the more privileged knowledge you have, to more responsibility you have. I know my own passwords and the network passwords, that's it. If someone tries to tell me their password for convenience, I tell them "I don't want to know it, keep it to yourself." I have enough shoulder-crushing responsibilities as it is, I don't want to know more shit that would put me in a position of necessary action. Say that I'm not living up to my potential, and that my company would want someone more proactive, but I'm pretty damn proactive when it comes to my job responsibilities and the responsibilities of my department. This isn't to say that when I'm tracking down legitimate problems and they lead me to a user's personal data or habits that I don't go there; that's part of my job, but there is a thick line that I never cross. This all assumes that the admin would take responsibility for the information they gained by snooping, which I would feel compelled to do, and for that I don't have an explanation. On the other hand, I used to work with an admin who snooped, I knew about it and he knew I knew about it, but I really didn't have a problem with it. It led to some catches, too, but I still never took part in it. I think some people just have an aversion to invading other people's personal space, and some people don't. Apparently that ratio for sysadmins is 1/3.
I am Bennett Haselton! I am Bennett Haselton!
It's not linked in the article, and it doesn't appear on Cyber-Ark's website, at least not in the PR or white paper sections.
Ok, here's the thing...
After you've flipped through dozens of inboxes and home directories as part of your job, you know how pointless it is to do it for fun. People are boring. They have boring mail. They have boring files.
See that "Preview" button?
Alright, TFA says "IT Professionals" of which I bet only 1/3 has access to such info. That would imply all snoop that can.
I don't buy that.
Members of professional organizations such as the IEEE Computer Society Have promised to follow a "code of ethics and professional conduct".
As a member, and having read the document, I understand that it is ethically wrong, a career limiting move, and not worth violating my promises just to satisfy my curiosity.
Strictly from the P-O-V of a UNIX admin.
/. -- shutup :P) ::eyeroll::
1. 300 is too small a sample. Far too small.
2. No breakdown on size of shop per admin. My SA/server ratio is 1:100, which means very little time. (I MAKE time for
3. No breakdown on 'admin' roles. If this is a mom-pop-shop admin survey, then I guess it makes sense. Cisco riders can't touch a server in my shop. Neither can the Domain/AD Admins.
4. MSNBC? Now -theres- credibility.
5. These shops obviously don't log admin activity. Someone needs to watch the watchers.
6. I am not a snitch. I don't get paid to snitch.
7. auto_home FTW, baby!
8. 1 out of 3 survey topics are meaningless.
I've been a system administrator for about 10 years now and I've never really found snooping to be interesting. I even tend to look away when people type their passwords, open files with their personal finances or other information. I show them how to use encrypted FUSE file systems. In general, I don't care about someones personal files unless they're taking up too much space.
However, I should say, from time to time you stumble across "information that (is) not relevant to (your) role," unintentionally. That can't be helped, but it is possible to not abuse the situation.
I've sys admin'd for over a decade and can say that I've never intentionally spied on a colleague. However! I have stumbled onto quite a lot of unusual and interesting things. Some of these things I chose to ignore, some I reported, and some I think might have even been planted for me to find.
Also, I was never asked to spy on a colleague by an employer. Basically the rule was, as long as you're getting your job done and you're not breaking any laws or offending any coworkers, why should we stop you from doing as you please?
No sig for you. YOU GET NO SIG!
It's much more than schools. Read any
The trick is to keep your automated scanning away from the prying eyes of all the other systadmins, who might just stumble across it while they're installing their own methods of getting one step ahead of the rest of the crowd.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
Actually the insider threat is more of a problem than external hackers. That has been proven time and again.
Funny how people keep forgetting that lesson.
It doesn't apply to private companies.
I finally updated my sig, but now it's lame.
Today a DBA came to me and asked why the partition filled up. I had to drill into oracle to find the answer (Oracle trace files. Let's just say I've worked with smarter DBA's). Was that snooping? Granted, that was in the realm of solving a problem.
As an email admin, I've routinely seen subject lines of emails that made me raise eyebrows. It was almost always in the context of looking for a missing email. Is that snooping?
Personally, I'd REALLY like to see the data. 1) What does '300 Senior IT Professionals' mean? 2) I'd REALLY like to see the survey questions asked.
I often tell people that, as a sysadmin, if you don't trust me, fire me now, and escort me out the building. I have more than enough power to do irrevocable damage to the company.
Zapman
Yeah thats just what I want to do..... I dont like reading my own email, nevermind someone elses.
Then they are not sysadmins.
The other one is easily tricked by slanted survey questions posed by a company with a vested interest in selling security products designed to prevent snooping.
"Have you ever, in the course of your work, sought out or been exposed to confidential information which you were not supposed to see? Examples would include personal files, documents or misdirected mail."
"I don't look at anyone else's files, but as the postmaster for our domain I personally receive every bounced email and those sometimes contain information which should have been kept confidential. I don't read any of it because that would be wrong, but it does wind up in my mailbox."
"Okay, we'll put you down for 'Snoops on his coworkers' then, and I'll have the rest of our sales team take your manager out for lunch to discuss this. Thanks!"
Funny story that. I was hired because I am a sysadmin with the morals of a mercenary(I actually provide complete security protection for hardware, software and even physical security for wetware if needed) and the head of the company accidentally CC'ed someone in the company whom she had badmouthed in the email. The very next thing heard when she realized it was an announcement over our intercom system "All staff please step away from your computers, I think we have a virus; Eric, please report to my office". I got the detail of removing the email, while he was watching no less, and making sure he couldn't retrieve it. Funny thing is, this was on Mac OS 9 and there were almost zero viruses. Other times the owner would have me forward email from the sales staff to her. Now as for outright snooping, nope I never felt the need but I was more than willing to do it for pay.
0x09F911029D74E35BD84156C5635688C0
What's on your corp. servers is nothing compared to whats on your coworkers home machines. Try fixing a few of those for a while and you'll quickly develop an intense desire for eye bleach.
In 20 years of working on corp. machines I never encountered what practically jumps out at you when you work on home machines. Now I just tell people my employer won't allow me to work on coworkers home machines.
"The ferrets, they're every where I tell you!"
The parent will never reply to you, because the kind of people who say ignorant garbage like that like to imagine that gays don't actually exist and that you're just having sex with your own gender to piss other people off, because they think you're exactly as self-righteous as them.
You know what, I have too much karma, I think I need to change my sig to +5, Truth.
+5, Truth
At least those, including cashiers and bank tellers, who have to balance the drawer at the end of the day...
.25c respectively. Do that to a 100 customers over an 8 hour shift (in an industry where a lunch/dinner rush might see you do 100+ transactions an hour.)
Only the truly stupid pilfer straight up. The smart simply ring in a return. Or ring in a transaction, collect, and then void it, etc, etc.
Then the discrepencies don't show up in drawers cash balance but rather show up in month end inventory reconciliation which is virtually impossible to trace back to the cashier.
With more complex businesses there are more complex schemes... coupon tricks, currency rate exchange tricks (living near the Canada/US border had all sorts of games to profit from currency exchange), and so on.
Or they simply shortchange customers and then pilfer a bill. This is shockingly easy to do. Of course it requires that you work in a high volume cash transaction scene like fast food. I was in entry level management in fast-food putting myself through university and in that time I knew of cashiers who'd take 20-40 bucks a night, and their drawers would balance to within a dime simply by shortchanging and keeping track. Say a bill for a combo is 5.17 after tax, change owed from a 20 is 14.83. Hand back 13.53 or 14.58 taking 1$ or
In the odd case where you get caught by the customer, they'd apologize and cheerfully fix the error.
All that remains is to pilfer a $5 or $10 whenever you've accumulated it. (And this can be stealthed too by getting a partner (conspiring coworker going off shift or going on break maybe) to come in and order a $1 coffee, and then give them 29$ change insted $19 for their $20, and then pick up your cash from them after shift.
$20-40 bucks a night might not seem like much, but it amounts to a $2.50 to $5.00/hour raise (assuming an 8 hour shift) in an industry famous for 5 and 10 cent raises, and ends up amounting to stealing $4k-8k per year.
Worse the effects of this are invisible, because you are stealing from the customers not the employer and is very hard to isolate. And your only shot at catching them is if you are specifically watching for it, and doing random drawer audits midshift and looking for OVERAGES -- something which is very difficult in a busy fast food environment.
Plus its hard to fire someone when you audit their till and find it up $3.00.
Well now that I've educated a whole new generation of crooks... I'll get back to work.
I've been a system administrator for years, have never snooped out anyone's stuff. I value my integrity far more than I value the contents of your files.
Warning: This signature may offend some viewers.
Professional SysAdmins don't snoop.......come on, the level of responsibility we take on for our clients or employers business requires absolute integrity, so much so that even if an employer requires me to snoop on an employee I wouldn't do it w/o a formal signed request with a limitation on what was being searched and for how long along with a justification for the search (e.g. employee suspected of passing on confidential data to competitor). Also, keep in mind that there are substantial complications that might arise when professionals find out information they don't want to know about clients or other employees.....If I find out someone is doing something unethical or illegal I maybe required to immediately report it possibly costing me a client, colleague, or job. A good sysadmin sort of has to act like a lawyer and his goal is to assist his client and only know what he needs to know.
I don't know how this study was put together, but it sounds like they weren't interviewing professionals or experienced admins.
I don't think this constitutes "snooping". It's your job generally to ensure that company resources aren't being wasted by personal files such as music collections, videos, photos etc. Most of the time you are just looking for particular filetypes in excessively large profiles.
As far as software installs go, it isn't important from a licensing and security standpoint to identify illegal or insecure software that an employee has installed. Just as it is to identify rogue network hardware.
I don't think finding out that salesman Bob likes Britney Spears is in anyway a moral conflict. Reading through employee mail or accessing documents you have no right to (human resources for example) - now that is snooping.
Sometimes my arms bend back.
When I'm interviewing people for a sysadmin position one of my primary concerns is honesty and integrity. The problem is that everyone asked to their face will claim to have high integrity. I try to approach the issue indirectly with neutral questions as, "Where do you draw the line on observing user activity?" Several times I've had them answer very vaguely or ask me questions about the question - apparently in an attempt to ferret out what kind of answer I am looking for. This type of error-prone and subtle indication seems the only way to find out. ;)
The human API is very poorly documented. Is there a better way?
Hello all, My name is Mark Fullbrook and I am the Director of Cyber-Ark for the UK. I'm the person that is quoted on what was originally meant to be a small localised press release but has turned (somewhat) into a global debate.
For those that are wondering about the conditions surrounding the survey, it took place at this years Infosecurity Europe Event in London. The survey was a face to face question and answer session with people who had confirmed that they were of administrator level or above. The survey, which was anonymous, consisted of a number of questions around administrative privileges and the transfer of highly sensitive information both within and between enterprises.
We, as a company, were not suprised by the results. In my role, I have the pleasure of dealing with a huge number of the worlds largest companies. I am always suprised at the desire to control adminstrative and privileged access, but I am often told that it is very difficult thing to do when you consider there are in many cases, more Privileged Identities than users!
For those who have mentioned that this is a survey by a company that "sells" a solution to the problem highlighted, then I plead guilty, but I hope that this does not bring the results into disrepute. If we had wanted to make an impact we could of used a LOT higher figure than 1 in 3! The results are a factual representation of what we found from this cross section of attendees of Europes largest IT Security event.
I welcome the thoughts of all of those Admins that have highlighted the need for honesty and integrity, you are of course, the majority. However, you will all admit that sometimes you have to protect from the minority and any solution (ours or someone elses) that can control and audit access for privileged users without impacting how they go about their job surely must be a good thing.
Please feel free to contact me via this response.
Many thanks
Mark Fullbrook
While 1 out of 3 does seem a bit high, the simple solution to this is to do your personal websurfing and emailing when at home. This is doubly applicable to where I work, because being a government institution, a huge chunk of our data (specifically, email) is subject to FOIA requests and as such not only the system admin can read your messages, but if they get a hankering to any random guy on the street can too.
For this reason specifically, we actually setup "flags" that would set aside messages if they contained image attachments or certain keywords, and we had a person delegated to sort through all the flagged messages to make sure that nothing was passing through that would result in negative publicity if it turned up in our email. I was assigned this task for a while, and when it first went into effect we caught several instances of pornographic joke messages and such going through the system.
Since I was (at the time) tasked with the IT orientation session for all incoming employees, the best advice I gave to them was that we can and do monitor email communications, as well as what web sites they visit, and as a good practice, don't write anything in email or browse any website that you wouldn't want to show up in the local newspaper, because in our situation it very well could end up there.
"People who think they know everything are very annoying to those of us who do."-Mark Twain