This is an automated archive.
The original was posted on /r/cybersecurity by /u/ResonanceCompany on 2023-08-15 13:21:32+00:00.
Without giving specifics, here is a list of things we have caught this guy doing, please tell me if these things could indicate concerning behavior.
To be clear, some of it is based level concerning, but we are trying to gauge how concerned we should be.
We caught the employee with a raspberry pi at work. He would keep it plugged in on shift, but started leaving it at his station at work, as he is the only one who uses it currently. Some employees reported the device as concerning and started this whole enquiry.
On it’s own, not bad, raspberry pi can be anything.
He also has virtualbox and VNC entries for several different, what look like desktops. Possibly his personal stations at home. One is clearly labeled and has the thumbnail of his work computer desktop background.
He was told to remove the device and to not leave it at work unattended engaged with a company station.
The day before he left for scheduled off time, I watched employee, very comically obviously actually, go into his computer and disable all his case lights, as if to make his computer appear off when it was actually on. I later confirmed none of the lights worked anymore when powered on.
And most recently, and why I post, we found random third party driver manager software and device managers all over the place, and needed to whipe his station.
Well, he put a bios password on his station and actually caused us to not be able to whipe his. He denied it at first, said he could come fix it, said it’s a password so it’s personal (despite being on company property, a desktop PC station) and when the supervisors name came up, he gave us his bios password, which was clearly a personal password, not even a semblance of work related context.
Tldr Can a bios password set by an employee, without the knowledge of the employer, mean nefarious activity possibly? Is company security at risk? Is employee personal info at risk?