[ghshephard]

This all seemed like a pretty run of the mill story about an insider violating company trust, and then getting caught - until the final sentence: "Among other things, a desktop monitoring system that took screenshots of employee workstations in one-minute increments helped Hostgator officials quickly zero in on Gisse."

Not something I'd want on my personal system, but it's exactly the sort of thing that I think every NOC/Secure environment should have for post-mortem assessments.

[incision]

>Not something I'd want on my personal system, but it's exactly the sort of thing that I think every NOC/Secure environment should have for post-mortem assessments.

Tools of that sort [1][2] are pretty standard in call center environments.

I'm not a fan.

First, the software tends to be incredibly expensive. Second, in my experience, it's primarily used by managers looking for reasons to bludgeon their $30K, entry-level call takers over trivial infractions.

1: http://www.nice.com/contact-center-interaction-recording

2: http://www.callcopy.com/products/screen-capture

[gav]

A previous employeer used Spector 360[1] on the majority of workstations. It would monitor everything including taking a screengrab every 5 seconds that you could then watch later.

They'd sit down employees and playback fast-forwarded video showing how much time was wasted on Facebook, personal email, shopping, etc. It's horribly invasive but it meant everyone was too scared to use work computers for personal things.

[1] http://www.spector360.com/

[hfsktr]

My old job used spector. I'm pretty sure everyone knew it but people would still be on FB playing games when you walked past. I believe IT was the last to get it and for about a week after they installed it on our machines it didn't work because Microsoft Essentials disabled it as malware.

I don't think they ever looked at it unless they wanted to fire someone and didn't want to pay unemployment and needed proof that they weren't doing their job.

[stoic]

This is pretty much why they had this at HG

[venomsnake]

It would be fun to see the people's productivity on that system. And who of the tech people will try to break it as a sport.

[nephesh]

I'm sure productivity skyrocketed /s

[tekacs]

Given the way that hovers over employees, I think there's a fair case in there to unofficially rename the product 'Spectre'. -.-'

shudder

[homosaur]

I don't think this is appropriate for general office use simply because you might leach private data from employees (bank accounts, retirement accounts, medical records, whatever), but in secure, restricted environments I think it's totally appropriate and probably needed.

[pc86]

There is an argument to made that you shouldn't be looking at your personal bank accounts or medical records on a work computer, particularly if you work at a company that cares so little about their employees that they'd implement a system like this.

[ghshephard]

It's not so much that the company cares so little about their employees, but that they have so many responsibilities for the data and systems they are entrusted with.

Seriously, though - what everyone I know does in this situation does is just bring their own laptop into work for personal stuff, and treats the work console for precisely that - work activity.

[pc86]

Is this common?

I have a few coworkers that bring in personal laptops and have them sitting right next to the work laptop. It absolutely blew my mind the first time I saw it. It would have been unheard of at my previous employers and probably gotten you called into an office.

[freehunter]

It's fairly expensive (processing and storage), but it's well worth it for secure environments. I've worked for companies who have this set up on their Windows Server environment (since they were administered through the remote GUI) and SSH logging for the Unix/Linux servers when running as root.

[jonknee]

Expensive? 1 image a minute for a 40 hour work week is 2,400 images or 120k a year. We're talking screenshots so they aren't large files (you don't need a high bit rate), probably in the range of 500KB which would mean a whole year is less than 60GB. 3TB hard drives cost ~$130 these days and have room to store 50 employee years of screenshots. If money is that tight you can always compress the images and get double or more for your cash.

As for processing, you need to find a new computer if you can notice a screenshot being taken.

[bigiain]

"3TB hard drives cost ~$130 these days and have room to store … "

No trying to call out jinknee specifically, but I often see this argument:

"But storage only costs ~$50/TB!",

and I read:

"here's someone who's got no idea - who's never seen what 'enterprise' pays for proper secured/redundant/backed-up/auditable/managed storage."

Does anyone _really_ think sending the IT department junior round to BestBuy to grab ~$400 worth of external USB drives would then let you say "Right, that's then next 5 years worth of storage and archive of high-security and potentially-lawsuit-relevant employee data sorted!"?

[freehunter]

If you're talking bare minimum, yeah. The software solution this company had wasn't quite that barebones. It was a robust suite, and actually did take some planning on the desktop and server side to set aside resources for it.

The software was part of a package that managed software installs as well.

[lawnchair_larry]

I'll never work for any employer who does that, so I'd have trouble calling it a reasonable thing to do.

[ghshephard]

The areas where it would be important are on security/NOC systems, where there is almost unlimited power given the proper credentials.

The Runbooks that NOC teams have, quite often have them connecting to a lot of systems with greatly heightened privileges - It's not unusual for a NOC employee to have expansive sudo privileges on many of the unix hosts they manage. They are also often on privileged VLANs, with direct IP routing to a lot of hosts that normally wouldn't be reachable.

Most of our NOC guys have their own personal laptops, and they can hop onto the (unprivileged) wireless system and do their own thing when they aren't working an incident.

I'd have no problem having my screen captured once a minute when I was working in that type of environment.

[andrewljohnson]

Any powerful IT guy should be monitored and have his power checked. IT personnel have almost unmatched power in an organization to cause damage without detection.

Anything with lots of confidential information, or anything financial, and you are going to want to monitor all the people with access constantly. You may not want to snoop real-time, but you are going to want to be able to find and fix breaches after the fact, and do root-cause analysis.

It's not a matter of trust in the IT people, it's a matter of people go crazy sometimes, and people make bad hiring decisions sometimes.

[davorak]

What alternative do you think is reasonable to help track down problems like this after the fact?

[davidandgoliath]

Not nearly as exciting as the microphones they had installed all around the building to monitor discussion amongst teammates. :)