1 In 3 Sysadmins Snoop On Colleagues

← Back to Stories (view on slashdot.org)

1 In 3 Sysadmins Snoop On Colleagues

Posted by timothy on Thursday June 19, 2008 @05:13AM from the and-they-steal-chips-and-soda dept.

klubar writes "According to a a recent survey, one in three IT staff snoops on colleagues. U.S. information security company Cyber-Ark surveyed 300 senior IT professionals, and found that one-third admitted to secretly snooping, while 47 percent said they had accessed information that was not relevant to their role. Makes you wonder about the other 2 out of 3. Did they lie on the survey or really don't snoop?"

31 of 392 comments (clear)

Min score:

Reason:

Sort:

No Ethics by Bandman · 2008-06-19 05:16 · Score: 5, Insightful

It's a damned poor state of affairs that so many people put in that situation of trust betray it.

I've been a systems admin for the better part of a decade, and the only time I've ever accessed the company's assets are when it was warranted.

The same goes for user files. I'm not going to snoop through other people's files. Really, I don't care what boring files you keep, just that they don't fill up the partition they're sitting on.

Do that, and suffer my wrath.

--
Check out my sysadmin blog!
1. Re:No Ethics by The+Ultimate+Fartkno · 2008-06-19 05:19 · Score: 5, Funny
  
  the only time I've ever accessed the company's assets are when it was warranted. I've looked through your log files, and I think you're lying.
2. Re:No Ethics by dtml-try+MyNick · 2008-06-19 05:22 · Score: 5, Insightful
  
  Humans are curious by nature.
  
  If you forbid someone something and grant them acces to it 9 out of 10 people *will* take a look. Combine that with the powertrip most people get when put in a control position it get's to good to bet let alone.
  
  For those reasons alone I never trust any sysadmin anywhere, period.
  
  At work or anywhere else I simply asume some admin will read my email on a bored day and I simply asume he will browse through my files the other day.
  
  --
  Life starts at the end of your comfort zone.
3. Re:No Ethics by kc9fyx · 2008-06-19 05:29 · Score: 5, Insightful
  
  I have to agree with that. Sure, I could look at my user's files, but why would I want to? There's no doubt that I'd see things that no amount of eyebleach would fix. So long as nobody's filling up the server or causing me to get phone calls from network security, I'd rather not know what they're doing.
4. Re:No Ethics by Shakrai · 2008-06-19 05:38 · Score: 5, Funny
  
  Maybe I got snooping out of my system early enough, before I was an admin. I just don't even care what my users email about. I'm too busy actually fixing things to care, unless something breaks.
  Maybe I got snooping out of my system early enough, before I was an admin. I just don't even care what my users email about. I'm too busy browsing /. to care, unless something breaks.
  
  Fixed that for you ;) Not that I'm any better, mind you.... :P
  
  --
  I want peace on earth and goodwill toward man.
  We are the United States Government! We don't do that sort of thing.
5. Re:No Ethics by Southpaw018 · 2008-06-19 05:42 · Score: 5, Insightful
  
  It's not even the eyebleach that's required. It's that peeking through peoples' files will undoubtedly reveal something you shouldn't, aren't supposed to, or (in the case of purely personal information) don't want to know or have no need to know. And once you know it, you have a responsibility to safeguard it - moral, most importantly, but legal as well depending on its nature. Who wants to safeguard other peoples' personal information for no damn reason at all?
  
  --
  ACs are modded -6. I don't read you, I don't mod you, I don't see you. Don't like it? Don't be a coward.
6. Re:No Ethics by stableos · 2008-06-19 05:47 · Score: 5, Insightful
  
  I can't manage my own workload well let alone having the time to snoop around everyone else's crap.
7. Re:No Ethics by foobat · 2008-06-19 06:32 · Score: 5, Insightful
  
  would mod you up if I had points. Yeah i snoop through you files... as in, I run a search to see if you've decided to backup your ENTIRE itunes collection, Hi-def tv series, pictures/videos of your boring family, install massive programs to your home directory that i installed centrally on the file store 4 months ago or other entirely pointless files that do not need to be backed up and is eating up half of that space ON OUR REALLY EXPENSIVE SAN STORAGE otherwise, your files are boring and I have much better things to be doing.
8. Re:No Ethics by omeomi · 2008-06-19 06:32 · Score: 5, Insightful
  
  At work or anywhere else I simply asume some admin will read my email on a bored day and I simply asume he will browse through my files the other day.
  
  It's probably a good assumption, but I have to admit I'm surprised the number is as high as 1 in 3, considering that getting fired for snooping on others' email or files is something that could probably cost you your entire career. Who would hire somebody as a sysop who had been caught snooping?
  
  --
  ZuluPad, the wiki notepad on crack
9. Re:No Ethics by CastrTroy · 2008-06-19 07:15 · Score: 5, Interesting
  
  Get fired for reading the email of other employees? No way. Some companies even hire people to read employee email.
  
  --
  
  Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
10. Re:No Ethics by nicolas.kassis · 2008-06-19 07:45 · Score: 5, Funny
  
  stop posting on slashdot then
Scary by Itninja · 2008-06-19 05:17 · Score: 5, Insightful

I know a place where they have'nt changed the root/admin passwords in years. They have so many servers that it would be "a huge pain" (their words exactly) to change all the passwords. I wonder how much of a pain it would be for a former DBA or sysadmin to snoop around and start publicly posted how much everybody makes?

--
I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
And? by mpapet · 2008-06-19 05:17 · Score: 5, Interesting

Maybe I'm missing the point but I don't see where there is an issue.

In nearly all IT environments, either you trust your IT staff, or you have some killer PKI. Reality suggests management in the typical company wouldn't pay for or be bothered to use, so we're back to IT having super-snooping powers.

--
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
1. Re:And? by LordSnooty · 2008-06-19 05:37 · Score: 5, Insightful
  
  How do I know that the monkeys in Personnel aren't firing up my salary details or absence reports for the hell of it? Techies too have to trust people who have access to information just like they have to trust us. If someone is found to be abusing the access and earning some gain, action will be taken I'm sure. But overall it has to work on trust, or we'd all be drowning in audit trails.
2. Re:And? by Bob-taro · 2008-06-19 05:59 · Score: 5, Interesting
  
  In nearly all IT environments, either you trust your IT staff, or you have some killer PKI.
  The Sarbanes Oxley Act makes trusting your employees illegal.
  
  --
  Prov 9:8 Do not rebuke mockers or they will hate you; rebuke the wise and they will love you.
3. Re:And? by Anonymous Coward · 2008-06-19 07:22 · Score: 5, Funny
  
  Ah, apathy. The cause of, and solution to, whatever. Fixed.
Which is worse? by IronWilliamCash · 2008-06-19 05:17 · Score: 5, Interesting

Given the nature of a sysadmin's job, I think I'd be more worried about the other 2 out of 3 that don't snoop around. A curious sysadmin will find more problems and more possible solutions than one who doesn't care.
1. Re:Which is worse? by Bandman · 2008-06-19 05:44 · Score: 5, Interesting
  
  I think you're confusing the word "curious" with the term my grandma used. "Nibshit".
  
  It's great to be curious. Wondering how things work will definitely teach you.
  
  Being a nibshit will only get you into things you shouldn't.
  
  Of course, at one of my old jobs at an ISP, another admin (who was a nibshit) found a stash of kiddie porn in a users folder. I suppose it's a positive story, since the guy ended up going to jail.
  
  --
  Check out my sysadmin blog!
2. Re:Which is worse? by mandark1967 · 2008-06-19 05:44 · Score: 5, Interesting
  
  Curiosity for certain aspects of network management is far different than "snooping" on employees.
  
  As has been stated, Reading their email or watching them surf does nothing to increase the security of the network.
  
  (on a windows network)
  
  You wanna be curious? Fine. Go pull a listing of the 8000+ databases on the network share and check their properties to see if they are secured correctly so the HR data contained in some of them isn't available to be seen by the "everyone" group.
  
  Go search for old, out dated data files that haven't been accessed in 5 years, or personal multimedia files sitting on your shared space because the users want to listen to music all day long but are too cheap to bring in a $6 radio.
  
  These are some of the things a decent Admin would and should look for (among others) but that power does not justify snooping on people because you're too bored to crack open a tech manual of some sort or read a tech-site online
  
  --
  Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
3. Re:Which is worse? by malkavian · 2008-06-19 06:00 · Score: 5, Insightful
  
  I've been a sysadmin for ages (started on that track in the early 90s, so a good 15 years already), and can honestly say, I can't be arsed to snoop people. The only time the records are examined is when I'm officially requests to investigate at the behest of the directorate, with agreement of HR and if appropriate, the relevant unions.
  Part of the reason being that I am too damn curious, except not in the "curtain twitcher" way of spying on people around you. I'm always probing the systems to see if they're happy or not, and seeing if I can tweak them to be more secure, or perform better.
  I'm also happy with my illusions of them being pleasant, professional people with no hangups or problems (unless they enter the 'mates' category, in which case I either ask, or listen, or both). Saves a lot of friction, and lets me get on with what needs doing.
  The biggest reason though, is that I think the world should be a better place than it is. I like my privacy, and think it's something valuable. Therefore, I show people the respect I think they should have, and politely decline to riffle through their private information. If I can't meet my responsibility for privacy, I have no business claiming the right.
  There comes a point where it's asked "Who watches the watchers..".. And I'd have to say they're damn poor watchers if they can't watch themselves.
  To be a sysadmin in a sizable environment, you need people on your side; you need them to trust you, and have a bit of faith in you.. Otherwise, the first big disaster that happens (and we all know they do, no matter how much you plan), you WILL be strung out to dry by everyone with an axe to grind, rather than having their support and help at the time you need it most.
They have a life by Mikkeles · 2008-06-19 05:21 · Score: 5, Informative

'Makes you wonder about the other 2 out of 3. Did they lie on the survey or really don't snoop?'

They probably have a life. It's pretty pathetic to have to get one's jollies snooping on others rather than actually doing something.

--
Great minds think alike; fools seldom differ.
1. Re:They have a life by gedhrel · 2008-06-19 05:47 · Score: 5, Insightful
  
  Agreed. The "makes you wonder" comment makes you wonder about the professional ethics of the submitter.
  
  There are three basic reasons why sysadmins don't snoop, in increasing order of importance:
  
  1. It'd get you fired.
  2. There isn't time in the day.
  3. Basic bloody professional standards.
  
  My institution recently underwent a long (very long) pay restructure. At about the point where things were finally settling down, the DBAs were hauled in and "reminded" that exposing or snooping through the resulting data would be a Bad Thing. My instant reaction was, "that's a fucking insult;" didn't think much of the middle-managers involved in passing on that message for not standing up for their staff. However, I think the reflection upon the personnel staff who issued the memo in the first place is that they are greasy, underhanded slime balls.
  
  So no change there then.
2. Re:They have a life by g0bshiTe · 2008-06-19 06:02 · Score: 5, Funny
  
  It's pretty pathetic to have to get one's jollies snooping on others rather than actually doing something.
  Could you please explain Youtube then.
  
  --
  I am Bennett Haselton! I am Bennett Haselton!
Sysadmins mostly honest by fyoder · 2008-06-19 05:24 · Score: 5, Insightful

So in other words, a significant majority of sysadmins are honest. Given that they have "the keys to the kingdom" in the words of the article, that's pretty impressive.

--
Loose lips lose spit.
Makes you wonder......? by Jailbrekr · 2008-06-19 05:24 · Score: 5, Informative

According to that survey, 2 out of 3 sysadmins realize that spying in a CLI (career limiting move) if they get caught. That, and the whole ethics and honour thing, are why we are able to manage the confidential data without snooping.

--
Feed the need: Digitaladdiction.net
Don't believe the hype by Anonymous Coward · 2008-06-19 05:25 · Score: 5, Interesting

Come on people, for 'computer nerds' it's amazing how little logic you collectively display.

The company that sponsored the "poll" makes products for encrypting information and compliance with SOX..

Do you think they'd release a study that DIDN'T imply your information was in jeapordy?

This is simply marketing hype, don't fall for it -- it's positioned to get executives to suspect their IT staff (in my company's case, very respectable and honest IT staff) --

1 in 3 is a completely made up number for the benefit of the company trying to SELL PRODUCT
Never again by citylivin · 2008-06-19 05:33 · Score: 5, Interesting

I made the mistake of looking at a co workers pay who I thought was equal in status to me. BIG MISTAKE. After finding out he was paid several hundred dollars more than me a paycheque for doing basically the same job, I never looked at him or the company the same way again. I left that company not too long after, partly because I felt ripped off. Its very hard to unsee things sometimes.

As for internet history or watching peoples screens while their back is turned, I would never do that *TO A PEER*. Its just a respect thing. I have definitely been told to monitor subordinates internet accesses as well as various people throughout the companies I have worked for. Ive gotten people fired for looking at facebook on work hours, but thats part of the job in some corporations. I wonder if the article is talking about peers (in the IT department) or extra-departmental persons whom you could legitimately be instructed to snoop on.

--
As a potential lottery winner, I totally support tax cuts for the wealthy
Survey Results by g0bshiTe · 2008-06-19 06:00 · Score: 5, Funny

2 out of 3, that's like the
2% of people masturbate in the shower, the other 98% lie about it

--
I am Bennett Haselton! I am Bennett Haselton!
IEEE Computer Society by addikt10 · 2008-06-19 06:09 · Score: 5, Funny

Members of professional organizations such as the IEEE Computer Society Have promised to follow a "code of ethics and professional conduct".

As a member, and having read the document, I understand that it is ethically wrong, a career limiting move, and not worth violating my promises just to satisfy my curiosity.
TFA == crap by Sun.Jedi · 2008-06-19 06:10 · Score: 5, Insightful

Strictly from the P-O-V of a UNIX admin.

1. 300 is too small a sample. Far too small.
2. No breakdown on size of shop per admin. My SA/server ratio is 1:100, which means very little time. (I MAKE time for /. -- shutup :P)
3. No breakdown on 'admin' roles. If this is a mom-pop-shop admin survey, then I guess it makes sense. Cisco riders can't touch a server in my shop. Neither can the Domain/AD Admins.
4. MSNBC? Now -theres- credibility. ::eyeroll::
5. These shops obviously don't log admin activity. Someone needs to watch the watchers.
6. I am not a snitch. I don't get paid to snitch.
7. auto_home FTW, baby!
8. 1 out of 3 survey topics are meaningless.
Re:Bad sysadmin! by ehrichweiss · 2008-06-19 07:37 · Score: 5, Interesting

Funny story that. I was hired because I am a sysadmin with the morals of a mercenary(I actually provide complete security protection for hardware, software and even physical security for wetware if needed) and the head of the company accidentally CC'ed someone in the company whom she had badmouthed in the email. The very next thing heard when she realized it was an announcement over our intercom system "All staff please step away from your computers, I think we have a virus; Eric, please report to my office". I got the detail of removing the email, while he was watching no less, and making sure he couldn't retrieve it. Funny thing is, this was on Mac OS 9 and there were almost zero viruses. Other times the owner would have me forward email from the sales staff to her. Now as for outright snooping, nope I never felt the need but I was more than willing to do it for pay.

--
0x09F911029D74E35BD84156C5635688C0