Solved

Lotus Notes: Need Help with Spying Boss

Posted on 2004-09-17
17
1,345 Views
Last Modified: 2013-12-18
I recently discovered that (I'm pretty sure) my boss has set my computer up to email something periodically from my computer to his. I think this because I was looking at a list of running processes once using TaskInfo and saw a Lotus Notes Mailto: process with his email address in it that hadn't closed yet when I hadn't sent him anything. Recently he went out of town and I received an Out of Office note in my Inbox from him when I hadn't emailed him anything.

Anyway, I want to know how he is sending these (using some background process I guess), and how I can set my Lotus Notes or some other application or script to copy me on all emails going out from my computer regardless of whether they were sent the usual way or using some hidden process running in the background.

Can anybody help me? I am really upset about being spied on like this and I'd like to know what he is up to.

Thanks in advance.
0
Comment
Question by:lizardbreath
  • 4
  • 2
  • 2
  • +5
17 Comments
 
LVL 15

Expert Comment

by:Bozzie4
ID: 12090828
If it's a separate process that's running, it has nothing to with Notes.  It may be management software, that sends this (I know for instance some software that will send mails when there is something wrong on a pc), so it's possible you see something like that, and it doesn't necessarily mean you  boss is spying on you.

If your boss really wants to spy (I mean read your email), he'd better do this on the server.  If he is technologie-savvy, he would open your mailfile on the server as a Full Access Administrator ( or copy it using the server id), adjust acl settings on the copied mailfie,  maybe make a copy to a laptop, disconnect from network and read your mail.

cheers,

Tom
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 12090922
The direct approach might be best: ask your admin or boss directly what that process is. If you're reluctant to do that, just kill the process and wait what happens. If the process is started outside Notes, you should be seeing it in the TaskInfo even when Notes isn't there. Then it might be visible using a tool that displays the startup programes, like MSCONFIG on W98. If it is started from Notes itself, there might be some lines added to your Notes.ini file. Check that as well, and if that's the case, come back here for more.
0
 
LVL 19

Expert Comment

by:RanjeetRain
ID: 12091224
I sympathise with you but what help you seek from us?

(1) If you want to know - what he is sending. Sorry, but unless and untill 10 times more sphisticated than him, you can't find out.

(2) If you want to prevent from such logs being sent out, you may kill the process that sends it. But to do so, (a) you probably have to be an admin and (b) it should not be against your organization policy.

See, I'll tell you. In my company there are many such software that keep running in background. They monitor what all EXEs are being run, what all software are being installed and what all sites are being surfed. We all know we are being *spied* upon in that sense, but we have learnt to live with it, as that is as per the organization policy.

What's is it that you are worried about? Don't tell us if you use your office PC to watch xxx movies. Just take my advice and unplug your PC from office network (pull out the network lead). That will prevent software from sending out data to the monitoring server online.

To cope up with keyloggers or snapshot savers, boss, you are out of luck. Many of these software don't even list themselves in the task-list. So try finding out what processes you have been running.

You didn't mention which OS you have, did you? It could help us help you more. On Windows NT and later systems, users don't have much control anyway, so, your task is tougher. If you are on Windows 9x, you may try running some anti-spyware software and see if that helps.
0
 

Author Comment

by:lizardbreath
ID: 12092507
Hello, thank you for your answers so far. I will check the Notes.ini file, Bozzie4 (thank you for that suggestion).

Maybe a little more info would help. We are running Windows XP Pro. Also, the process that I saw running that sent him an email was nlnotes.exe. It is my understanding that this varies from the main executable (notes.exe) in that notes.exe launches the splash screen and does some other checking of whether notes is already running, and then launches nlnotes.exe. So, I have had two instances of nlnotes running at one time: The one that I opened up and another one that was sending him an email.

I am aware that all activity is watched on my computer by the government agency I work for. But he is just a contractor, like me, in our very small office. I'm curious as to what he wants to get from my pc that the government agency's IT department is not already monitoring. I know that I can't stop it.

Is there no separate application I can run or setting I can use in Notes that would bcc me on all emails going out, or that would archive all email sent out, even ones sent in the background, something that reads all data going out?
Any Lotus Notes experts out there?

Thanks.
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 12092670
lizardbreath,

> Any Lotus Notes experts out there?
Am I supposed to feel offended? Indeed I am. Bye.

Sjef
0
 
LVL 63

Expert Comment

by:Zvonko
ID: 12092676
Hello Experts,
I am not a PE here but I would kindly ask you to stop further supporting questions like this one.
My recommendation is to ask Community Support to delete this question and refund the points.
We are not a hacking community but really professional Experts.
And as such we have not to be involved neither in spying nor in contra spaying.
Who tell you that the story from lizardbreath is true??? Sorry lizardbreath, but can you prove the opposite? You see the problem?

0
 
LVL 63

Expert Comment

by:Zvonko
ID: 12092770
As I can see from your profile lizardbreath you are new to Experts Exchange and also have a Premium Membership.
I would like to Heartily welcome you to our Community and beg you for pardon that I jumped in your first question.
But I had to do so. You are new here and you do surely not know how valuable the help is from the enthusiastic helpers here on EE.
I would also like to be among the ones who will help you, but please understand that questions like this one can be read by everyone on the Internet and used for good and for bad purposes.

If you need personal help to be assisted in your difficult situation now I would recommend to you to find an expert of your trust near you and show to him the suspicious things.
And my recommendation is really triple check every word that you are going to throw your boss on the head ;-)
0
 
LVL 14

Expert Comment

by:Esopo
ID: 12092853
I agree with Zvonko. First of all, you must realize this is not the place to crack software or any vigilance process. Furthermore, by company policies you probably are subject to information monitoring; preventing your employers from doing so may very well be against company policies and against the law.

And last but not least, any information that comes out of this thread will help any hackers/spammers with access to a search engine get their hands on expert solutions.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 19

Expert Comment

by:RanjeetRain
ID: 12093210
I had sensed this might not have been a legitimate question, hence the condition ("it should not be against your organization policy").

I would never want to help anyone do anything unlawful/against an organization policy. I will wait for a clarification from the asker or seek clearance from a MOD/PE before posting next comment in the thread.

>>Any Lotus Notes experts out there?

This TA has some REAL experts who are not JUST Lotus Notes but multi-speciality EXPERTS.
0
 
LVL 13

Expert Comment

by:CRAK
ID: 12093268
I don't think this question would get labelled as an illegal activity just now. Laws will vary in the numerous countries that we work from, but I'm sure we all have certain definitions about "privacy". In EE's membership agreement we might find something that could be interpreted resulting in this question being a violation, but strictly to the letter we might just as well find reasons why it's not.

Assumed that nothing is violated here yet, let's ask ourselves following:
If we have a (legal) designer client installed, and magager level accessrights to e.g. our mail database, would we be in violation of something if we changed its design? Company regulations perhaps for skipping test procedures, but beyond that I see no violation, so we could perhaps assist in filling out the BCC field (IMO: slim chance that it'll help a single bit).
If -either on OS level or Notes level- something got installed and we'd remove it, would we be in violation of something? If so, would corrupting, renaming or deleting of a single file by an ignorant user be? What if this installed product appears incompatible with something else that you desperately need opreational to complete a task?
Where are the boundaries? The edges that we need to determine if something is a violation of some kind?
Or sillier: if a virus infected your computer carrying a licence telling that it's free to use, free to distribute, but illegal to delete, uninstall or alter it in any way, would you keep it?

The least we could do here is consider the possibilities of what might be going on, before we either start hacking or tell people not to ask such things.

THE thing that comes to my mind is "spoofing". Millions of a rather small number of virusses are currently spreading ofer the internet. Some of them are known for sending mail (a copy of themselves) to e.g. all addresses found in a users addressbook faking the "from" as: again one of the adresses in the addressbook!

This could occur from either inside and outside your company (not sure if such virusses exist using the notes addressbook).


Right a few days after his birth, I reserved an email address for my son. A few days later he recieved a message from an organisation: Subject "Re:...". The message was something like "Thanks for your message, but who are you....". Clearly a reply to something.

I had never heard of the girl replying and I was pretty sure no one in our household had sent her any mail. I knew however that one of my friends' girlfriend used to work at the replying company. When I asked them to update their virusscanner (or get one in the first place) and scan their system, my friend confirmed that he had found 3 different ones!

My suggestion:
Check with your boss first: ask if he received mail from you at ... (see out of office message). If he did, ask him if he could show you that message.
Tell him you suspect spoofing and that you'd like to see if you can trace it anywhere. Suspicious behaviour can perhaps be dealt with later.

Do bear in mind that the originater of the mail must have both you and your boss in their adresslist! Any colluege?

Virusscanners only help avoid sending spoofed mail. They usually don't avoid receiving it. Symantec e.g. will remove the attachment (virus) but allow the remainder of the message to pass!
0
 
LVL 63

Expert Comment

by:Zvonko
ID: 12093452
Good catch CRAK!

Principally I do not have problems helping in looking the possibilities of some strange behaviour of the system.
My problem was the header of this question: it can be read in two different ways.
First after I read the question body I realized that the question title was NOT: Help me to spy my boss :)
But even with the corrected attitude I have problems to discuss about spaying.
Anybody interested in spay defence could be also a potential spying intruder.
Especially when somebody tells me he is working for the government. Ha ha.
By the way, I am also working for the government; half of my salary is going for the taxes ;-)
0
 
LVL 13

Expert Comment

by:CRAK
ID: 12094913
I noticed the same thing when I was reading the header, but only after going through the question + responses a few times. If it wasn't for lizardbreath's 2nd post, I would probably have fully agreed with you and interpreted the question as a request to assist in spying.
I'm really anxious to see where this is leading to now!

A couple of months ago you wrote that you'd be having big news yourself, after the holidays. You never told us! What ARE you doing currently?
0
 
LVL 63

Expert Comment

by:Zvonko
ID: 12094953
Big news? I am happy that nothing has changed :)
I go to send you an email. After several OS installations I lost all my email addresses. I will send you an email to your EE address.
0
 
LVL 31

Expert Comment

by:qwaletee
ID: 12105611
If you use Notes only for e-Mail, you could run it in disconnected mode, and switch occasionally to connected mode to send and receive messages.  Before you send and receive, just check your local file mail,box to see what you will be sending.

Of course, if the add-in is designed to only work directly off the server, it will simply fail, it won't drop anything into mail.box at all.
0
 

Author Comment

by:lizardbreath
ID: 12108549
First, an apology to those I may have offended. I didn't mean to suggest that those who had responded so far were not Lotus Notes experts.  My bad.  :(

I also want to clarify that the purpose of my post was not to find out ways of hacking/spying on somebody else, but rather to combat it, or at the very least try to discover the content of these emails and therefore possibly the reasons for it -- whether this is general nosiness/paranoia on the part of the boss or whether I've been singled out for some reason unbeknownst to me. I can see, though, how posting info that might help me might also help a hacker.

Anyway ..... I probably need to clarify, as well, exactly what I'm looking for. I guess what I was looking for was some easy method of saving/sending to myself, or archiving a copy of every outgoing email sent from my computer (regardless of where and how it originated) and I have the feeling that if it were this easy, somebody would already have suggested a way to do it. So, I'm guessing it's not possible.  If there is a way to do it, I'm all ears. If the Administrator thinks it's better to delete this question, that's fine, too.

Thanks again for your suggestions.
0
 
LVL 15

Accepted Solution

by:
Bozzie4 earned 250 total points
ID: 12109654
An easy way to see who has accessed your mailfile recently is to go to Database properties/the "I" tab/User Detail
There you can see who has accessed your mail (use replica on server and on local, they can be different).  Lot's of entries for your mailservers are normal, but an entry with your bosses' name would mean he accessed it (or is executing code to manipulate data: mind you that there are lots of situations where this is perfectly legitimate !)

But as someone suggested, the best way is to use the 'social' approach : just ask.

cheers,

Tom
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

For Desktop Techs: How to retain a user's Notes configuration data when swapping out the end user's computer. (Assuming that you are not upgrading to a completely different version of Notes client) All you need to do is: 1) install Notes o…
You’ve got a lotus Domino web server, and you have been told that “leverage browser caching” is a must do. This means that we have to tell the browser everywhere in the web to use cache. In other words, we set (and send) an expiration date in the HT…
This video discusses moving either the default database or any database to a new volume.
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now