1 In 3 Sysadmins Snoop On Colleagues

klubar writes "According to a a recent survey, one in three IT staff snoops on colleagues. U.S. information security company Cyber-Ark surveyed 300 senior IT professionals, and found that one-third admitted to secretly snooping, while 47 percent said they had accessed information that was not relevant to their role. Makes you wonder about the other 2 out of 3. Did they lie on the survey or really don't snoop?"

No Ethics

[Bandman]

It's a damned poor state of affairs that so many people put in that situation of trust betray it.

I've been a systems admin for the better part of a decade, and the only time I've ever accessed the company's assets are when it was warranted.

The same goes for user files. I'm not going to snoop through other people's files. Really, I don't care what boring files you keep, just that they don't fill up the partition they're sitting on.

Do that, and suffer my wrath.

Scary

[Itninja]

I know a place where they have'nt changed the root/admin passwords in years. They have so many servers that it would be "a huge pain" (their words exactly) to change all the passwords. I wonder how much of a pain it would be for a former DBA or sysadmin to snoop around and start publicly posted how much everybody makes?

Re:No Ethics

[dtml-try MyNick]

Humans are curious by nature.

If you forbid someone something and grant them acces to it 9 out of 10 people *will* take a look. Combine that with the powertrip most people get when put in a control position it get's to good to bet let alone.

For those reasons alone I never trust any sysadmin anywhere, period.

At work or anywhere else I simply asume some admin will read my email on a bored day and I simply asume he will browse through my files the other day.

Re:Which is worse?

[RingDev]

How exactly is reading another employee's email, or monitoring all of a user's web traffic (with out instruction to do so) going to help you in maintaining your domain?

Is being able to flip through the HR database and seeing everyone's pay rate going to make your network more secure?

And if your users learn of your snooping, is it going to be a boon to your company when either you are fired, or employees leave rather than be snooped on?

If you are snooping and you are looking at anything more than purely technical information, you are likely going over the bounds of ethical behavior if you don't have managerial backing.

-Rick

Sysadmins mostly honest

[fyoder]

So in other words, a significant majority of sysadmins are honest. Given that they have "the keys to the kingdom" in the words of the article, that's pretty impressive.

Re:Only 300?

[the phantom]

Not really. Often, a sample size of only 30-40 will be sufficient to draw conclusions of statistical significance. Even if we assume a moderately heterogenous population, a sample size of 300 ought to be fine, especially to draw the kind of conclusion that the article draws, namely that "many admins snoop" -- not all, or even necessarily a majority, but a large number. Thought of another way, when polling organizations like Gallup conduct a survey, their sample sizes are often right around 1,000, and they are modeling the entire population of the US, which is both larger and more heterogeneous than the population of admins in the US. You don't need super-large samples to get good data, and the utility of adding one more data point into a sample decays exponentially.

I don't snoop

[ebunga]

I don't snoop. Truth be told, I don't really care about anyone or what they're doing. Besides, most sysadmins are lazy. Good sysadmins do their best to automate as much as possible so they have to do as little as possible. Do you seriously think we want to create more work for ourselves?

Time

[repetty]

I'm a system administrator.

Where the fuck do these people get the time to snoop?

Re:No Ethics

[kc9fyx]

I have to agree with that. Sure, I could look at my user's files, but why would I want to? There's no doubt that I'd see things that no amount of eyebleach would fix. So long as nobody's filling up the server or causing me to get phone calls from network security, I'd rather not know what they're doing.

And another thing...

[ebunga]

Do cashiers and bank tellers pilfer from their tills? Rarely. Those that do lose their jobs. Most of the general population is generally honest and of good character.

Re:No Ethics

[scubamage]

Ditto, I honestly could care less what files people keep. Have some mp3s? Fine. A few questionable video files? I still really don't care. Just don't be downloading malware or anything like that. Basically I figure I wouldn't want anyone accessing my files, so why would I want to access their files? Then again, I also despise knowing passwords because of liability because I genuinely don't ever like touching other people's accounts.

Re:Which is worse?

[masterzora]

If an employee is using abnormally high amounts of disk space, you have a reason to go look (granted, you should _talk_ to the user before looking, but you still have a reason). This is different from snooping.

Re:Which is worse?

[jellomizer]

Well sometimes when you are performing a backup and you see that hey this user took 1 hour to backup. You kinda want to poke around and see what is there. There are a bunch of Movie Files oddly named. Now if you look at them and you see they are recoded video conferences then they are good. If their are something "No approprate for work" then it is an issue to either remove them or take action on the user. Knowing what is on your system is important. Most of the times when you look to see peoples salaries the Admin will go oh that is where the saleries are stored lets make sure that this is properly protected. As a side thought they may see how they are doing compared to others but just as long he doesn't use it there really isn't any damage there.

This is more true in shared hosting

[kiehlster]

I host for a few friends of mine, and I don't really snoop unless their disk space crosses threshold. Then I ask if they'd reduce application XYZ's data footprint because it's encroaching on other users backup space.

In non-shared, it's more often snooping of port activity for security audits. Hey, you don't need that derelict FTP server running. Mind shutting it off so we can get VISA certification?

Define Snoop.

[kcdoodle]

Yeah, I definitely have done it. No matter how you define it.

I CAN say that I have never logged into systems I wasn't allowed in, but I have
cd /home
and looked around.

However, I have never USED the information. I never really found anything incriminating, except TONS of porn. Hey, if you have a proxy server at work, all the porn you view is cached on the proxy. Our proxy used to show the file owner, ha ha, you are busted. I never busted anyone however, just backed up the porn to CDs and deleted it. Anyone want some old CDs?

Also, I used to work nights. If you just turned me down for a raise (poor-mouthing how bad the company is doing), do not leave your 6 month $14K bonus paperwork lying around on top of your desk. I was just delivering reports, but damn, I lost all respect for you. That is why I do not work for you anymore.

So?

[Neko-kun]

As far as I know, sysadmins are bound by privacy laws.

And if those are the same laws that apply everywhere I've worked at, then it doesn't matter if they access my files or read my email.
As long as the info is not made public, used maliciously, discussed between colleges, then it doesn't matter.

It's not what you know, it's how you use it.

Re:And?

[LordSnooty]

How do I know that the monkeys in Personnel aren't firing up my salary details or absence reports for the hell of it? Techies too have to trust people who have access to information just like they have to trust us. If someone is found to be abusing the access and earning some gain, action will be taken I'm sure. But overall it has to work on trust, or we'd all be drowning in audit trails.

Snooping != monitoring

[Antony T Curtis]

At a previous sysadmin job, I never snooped on colleagues.

However, as part of my duties, I was instructed to monitor some individuals and to scan for specific keywords in the logs.

Re:No Ethics

[Southpaw018]

It's not even the eyebleach that's required. It's that peeking through peoples' files will undoubtedly reveal something you shouldn't, aren't supposed to, or (in the case of purely personal information) don't want to know or have no need to know. And once you know it, you have a responsibility to safeguard it - moral, most importantly, but legal as well depending on its nature. Who wants to safeguard other peoples' personal information for no damn reason at all?

assume they all do

[petes_PoV]

The results of this survey are pretty meaningless. From a company perspective, they should assume that any or all sysadmins / DBAs (the DBAs will have juicier pickings) can and will rake through the company's data. Merely hoping that the interview process will weed out those who are likely to have a snoop is naive to the point of negligence.

Given that anyone with both the access and the inclination will have harvested any information they want long before they hand in their notice, having them escorted out is going to be ineffective. From that position, threatening dismissal will not be an effective deterrent, especially now that it's so hard to put allegations into a job reference, unless there's a criminal case that's been proved.

Probably the only industry where safeguards come close to working is in the financial sector - where the regulations about insider trading make it hard to exploit privileged information without getting caught. However, that's a legal solution, not a technical one.

Why not?

[br00tus]

At many jobs, I have had access to my boss's, and his boss's (etc.) e-mail since I ran the e-mail server. I am not going to make any legal admissions here, but why wouldn't I read it? I would find out ahead of time about such things as layoffs and that type of thing. Being that I am a wage slave, I want to know about this sort of thing. This is like the "ethics" of slave snooping on their slave master. I am waiting for a Lenin/Pol Pot type to come along and wipe out these bosses, company boards, majority shareholders and the like, so the e-mail snooping is a no-brainer.

Re:No Ethics

[stableos]

I can't manage my own workload well let alone having the time to snoop around everyone else's crap.

Re:They have a life

[gedhrel]

Agreed. The "makes you wonder" comment makes you wonder about the professional ethics of the submitter.

There are three basic reasons why sysadmins don't snoop, in increasing order of importance:

1. It'd get you fired.
2. There isn't time in the day.
3. Basic bloody professional standards.

My institution recently underwent a long (very long) pay restructure. At about the point where things were finally settling down, the DBAs were hauled in and "reminded" that exposing or snooping through the resulting data would be a Bad Thing. My instant reaction was, "that's a fucking insult;" didn't think much of the middle-managers involved in passing on that message for not standing up for their staff. However, I think the reflection upon the personnel staff who issued the memo in the first place is that they are greasy, underhanded slime balls.

So no change there then.

Re:And?

[mpapet]

Articles like this one just perpetuate numerous cultural and organizational phenomena of taking risks then blaming someone else for losing the bet. Management's role in creating the situation is totally ignored by most of the comments to my initial reply.

Because, some people aren't supposed to be seeing certain things

Running with that assumption for a moment, most of the replies totally ignore the *fact* that Management is unwilling to pay OR EVEN CONSIDER using a system that would guard those "certain things."

-PGP encrypt attachments? No way.
-Password on a zipped archive? Probably not.
-A system-wide approach via PKI? Not on your life.

Management has *intentionally* set themselves up for failure and they blame the IT worker? This is the classic case of sh!t rolling downhill.

This is why I'm lazy

[Anonymous Coward]

I'm a sysadmin, and I don't snoop at all. Sure it's "honorable" and "ethical" not to, but I feel that the more real issue is that the more privileged knowledge you have, to more responsibility you have. I know my own passwords and the network passwords, that's it. If someone tries to tell me their password for convenience, I tell them "I don't want to know it, keep it to yourself." I have enough shoulder-crushing responsibilities as it is, I don't want to know more shit that would put me in a position of necessary action. Say that I'm not living up to my potential, and that my company would want someone more proactive, but I'm pretty damn proactive when it comes to my job responsibilities and the responsibilities of my department. This isn't to say that when I'm tracking down legitimate problems and they lead me to a user's personal data or habits that I don't go there; that's part of my job, but there is a thick line that I never cross. This all assumes that the admin would take responsibility for the information they gained by snooping, which I would feel compelled to do, and for that I don't have an explanation. On the other hand, I used to work with an admin who snooped, I knew about it and he knew I knew about it, but I really didn't have a problem with it. It led to some catches, too, but I still never took part in it. I think some people just have an aversion to invading other people's personal space, and some people don't. Apparently that ratio for sysadmins is 1/3.

Re:Which is worse?

[malkavian]

I've been a sysadmin for ages (started on that track in the early 90s, so a good 15 years already), and can honestly say, I can't be arsed to snoop people. The only time the records are examined is when I'm officially requests to investigate at the behest of the directorate, with agreement of HR and if appropriate, the relevant unions.
Part of the reason being that I am too damn curious, except not in the "curtain twitcher" way of spying on people around you. I'm always probing the systems to see if they're happy or not, and seeing if I can tweak them to be more secure, or perform better.
I'm also happy with my illusions of them being pleasant, professional people with no hangups or problems (unless they enter the 'mates' category, in which case I either ask, or listen, or both). Saves a lot of friction, and lets me get on with what needs doing.
The biggest reason though, is that I think the world should be a better place than it is. I like my privacy, and think it's something valuable. Therefore, I show people the respect I think they should have, and politely decline to riffle through their private information. If I can't meet my responsibility for privacy, I have no business claiming the right.
There comes a point where it's asked "Who watches the watchers..".. And I'd have to say they're damn poor watchers if they can't watch themselves.
To be a sysadmin in a sizable environment, you need people on your side; you need them to trust you, and have a bit of faith in you.. Otherwise, the first big disaster that happens (and we all know they do, no matter how much you plan), you WILL be strung out to dry by everyone with an axe to grind, rather than having their support and help at the time you need it most.

Re:Sysadmins mostly honest

[fyoder]

Interesting point. I suppose 2/3 of sysadmins being honest is impressive because so often there is a serious lack of oversight by simple virtue of the fact that ordinary mortals don't have a clue what we're doing. The odds of getting caught are low, and even if caught in flagrante delicto one can always come up with a techie excuse. I've worked on email problems where I had to make careful use of grep in order to only get the info I needed and not be exposed to content that was none of my business. It is often the case that the only thing that keeps us from 'snooping' is our own sense of ethics. And given that snooping can be easily rationalized as harmless (unlike the example you cite of child molesters), it is encouraging that a significant majority of sysadmins don't do it.

Boring

[Orgasmatron]

Ok, here's the thing...

After you've flipped through dozens of inboxes and home directories as part of your job, you know how pointless it is to do it for fun. People are boring. They have boring mail. They have boring files.

TFA == crap

[Sun.Jedi]

Strictly from the P-O-V of a UNIX admin.

1. 300 is too small a sample. Far too small.
2. No breakdown on size of shop per admin. My SA/server ratio is 1:100, which means very little time. (I MAKE time for /. -- shutup :P)
3. No breakdown on 'admin' roles. If this is a mom-pop-shop admin survey, then I guess it makes sense. Cisco riders can't touch a server in my shop. Neither can the Domain/AD Admins.
4. MSNBC? Now -theres- credibility. ::eyeroll::
5. These shops obviously don't log admin activity. Someone needs to watch the watchers.
6. I am not a snitch. I don't get paid to snitch.
7. auto_home FTW, baby!
8. 1 out of 3 survey topics are meaningless.

Re:No Ethics

[slashname3]

I had an admin that worked for me once that made the mistake of accessing the executives email accounts and then leaking information from those emails. I was notified of the problem and checked the log files. The admin did not cover their tracks very well. As a result they lost their job and I had to call a meeting and remind everyone on the team that with great power there comes great responsibility.

Seems to have worked. Either that or they are better at covering their tracks now.

Some of this I blame on the current school systems in place. There seems to be a lot more cheating going on and as a result not much character building. The rest I blame on poor roll models for the kids today. What with athletes almost openly using steroids and rappers thinking its cool getting busted the kids today don't have anyone to look up to. The easy way out is how it is done. A real shame that it has devolved to this.

Re:Scary

[slashname3]

Ah! The hard and crunch on the outside and soft and chewy on the inside security approach. Yummy!

Seriously, that approach is just waiting for that one opening that allows someone inside. Security in depth, multiple layers, is the best practice.

YAIASAS(Yet another Ima a system admin story)

[BytePusher]

I've been a system administrator for about 10 years now and I've never really found snooping to be interesting. I even tend to look away when people type their passwords, open files with their personal finances or other information. I show them how to use encrypted FUSE file systems. In general, I don't care about someones personal files unless they're taking up too much space.

However, I should say, from time to time you stumble across "information that (is) not relevant to (your) role," unintentionally. That can't be helped, but it is possible to not abuse the situation.

Re:No Ethics

[Bandman]

There seems to be a lot more cheating going on and as a result not much character building

Exactly. The 'if they don't catch me then I'm allowed' mindset is definitely the wrong mindset to have.

Unintentional Snoopage?

[LoudMusic]

I've sys admin'd for over a decade and can say that I've never intentionally spied on a colleague. However! I have stumbled onto quite a lot of unusual and interesting things. Some of these things I chose to ignore, some I reported, and some I think might have even been planted for me to find.

Also, I was never asked to spy on a colleague by an employer. Basically the rule was, as long as you're getting your job done and you're not breaking any laws or offending any coworkers, why should we stop you from doing as you please?

Much more than the schools

[DerekLyons]

Some of this I blame on the current school systems in place. There seems to be a lot more cheating going on and as a result not much character building. The rest I blame on poor roll models for the kids today. What with athletes almost openly using steroids and rappers thinking its cool getting busted the kids today don't have anyone to look up to. The easy way out is how it is done. A real shame that it has devolved to this.

It's much more than schools. Read any /. discussion of IP and watch how many people explain that "downloading isn't theft". Just today there is a discussion here on /. on how using using someone elses Wi-Fi [slashdot.org] isn't theft either.

Re:Don't believe the hype

[FatMacDaddy]

Agreed. My first thought after reading the article is where's the meat of the article? There's no indication of whether those 300 "senior IT professionals" were all in one company, what their actual jobs or skill levels are, or any other information. Basically, this boils down to them saying, "Hey, our product is really valuable, and we just did a survey to prove it. Honest!"

Re:Boring ... so automate it

[petes_PoV]

Any sysadmin worth his or her pay knows how to automate the boring tasks. In this case it's relatively easy to set up a job to scan the directors / VP's email for key words like "lay off" "redundancy" "merger" "jail" etc. But most importantly, to scan for their own name.

The trick is to keep your automated scanning away from the prying eyes of all the other systadmins, who might just stumble across it while they're installing their own methods of getting one step ahead of the rest of the crowd.

Re:No Ethics

[foobat]

would mod you up if I had points. Yeah i snoop through you files... as in, I run a search to see if you've decided to backup your ENTIRE itunes collection, Hi-def tv series, pictures/videos of your boring family, install massive programs to your home directory that i installed centrally on the file store 4 months ago or other entirely pointless files that do not need to be backed up and is eating up half of that space ON OUR REALLY EXPENSIVE SAN STORAGE otherwise, your files are boring and I have much better things to be doing.

Re:No Ethics

[omeomi]

At work or anywhere else I simply asume some admin will read my email on a bored day and I simply asume he will browse through my files the other day.

It's probably a good assumption, but I have to admit I'm surprised the number is as high as 1 in 3, considering that getting fired for snooping on others' email or files is something that could probably cost you your entire career. Who would hire somebody as a sysop who had been caught snooping?

Re:Security vendor overblows insider threat.

[slashname3]

Actually the insider threat is more of a problem than external hackers. That has been proven time and again.

Funny how people keep forgetting that lesson.

When you're root, what's snooping?

[Zapman]

Today a DBA came to me and asked why the partition filled up. I had to drill into oracle to find the answer (Oracle trace files. Let's just say I've worked with smarter DBA's). Was that snooping? Granted, that was in the realm of solving a problem.

As an email admin, I've routinely seen subject lines of emails that made me raise eyebrows. It was almost always in the context of looking for a missing email. Is that snooping?

Personally, I'd REALLY like to see the data. 1) What does '300 Senior IT Professionals' mean? 2) I'd REALLY like to see the survey questions asked.

I often tell people that, as a sysadmin, if you don't trust me, fire me now, and escort me out the building. I have more than enough power to do irrevocable damage to the company.

Re:No Ethics

[Thaelon]

Funny, that's the same mindset most corporations and US leaders have these days.

So why do we look less favorably on the children who do it and are just not as good at it?

Just look at about every 5th story (or more) on techdirt for an example.

Think of the children? No, think of the old people acting like children.

Re:Much more than the schools

[slashname3]

That one always amazes me too. I can remember way back when people would "collect" software. They had boxes of disks with all kinds of commercial software that they had acquired without paying for it. They were amazed anyone would turn down a copy of the latest DBase software or AutoCad or Wordstar. And they did not see it as stealing but some kind of right that they had because they could make the copy. Very sad really.

Re:Much more than the schools

[slashname3]

Flamebait? Someone that apparently steals software has some mod points. I'll bet they read co-workers emails too.

It just goes to show that...

[Minwee]

At least two out of three admins have professional ethics.

The other one is easily tricked by slanted survey questions posed by a company with a vested interest in selling security products designed to prevent snooping.

"Have you ever, in the course of your work, sought out or been exposed to confidential information which you were not supposed to see? Examples would include personal files, documents or misdirected mail."

"I don't look at anyone else's files, but as the postmaster for our domain I personally receive every bounced email and those sometimes contain information which should have been kept confidential. I don't read any of it because that would be wrong, but it does wind up in my mailbox."

"Okay, we'll put you down for 'Snoops on his coworkers' then, and I'll have the rest of our sales team take your manager out for lunch to discuss this. Thanks!"

Re:They have a life

[Hatta]

It's pretty pathetic to have to get one's jollies snooping on others rather than actually doing something.

Could you please explain Youtube then.

Humanity is pretty pathetic.

Re:Scary

[Bandman]

Down your path, madness and insanity reign.

If you tried that on production, you just broke every automated ssh attempt between systems, and now you've got to manually edit every known_hosts file to remove the old keys. Then you've got to manually add or ssh into the hosts all over again to re-establish key trust.

Re:No Ethics

[MetalPhalanx]

Who is to blame for those hours spent watching TV? It's up to the parents to teach their children/control their habits until they have a firmly fixed world view.

Of course, if the parents watch a lot of TV, the athletes and musicians aren't the only bad role models for the kids.

Re:No Ethics

[myowntrueself]

For those reasons alone I never trust any sysadmin anywhere, period.

Then please take the advice of a sysadmin; never *ever* hire a sysadmin.

If you can't trust your sysadmin then don't have one. Don't be in a position where you need to hire or manage one.

Re:Bad sysadmin!

[utopianfiat]

The parent will never reply to you, because the kind of people who say ignorant garbage like that like to imagine that gays don't actually exist and that you're just having sex with your own gender to piss other people off, because they think you're exactly as self-righteous as them.

You know what, I have too much karma, I think I need to change my sig to +5, Truth.

This whole article seems like a troll...

[mattmarlowe]

Professional SysAdmins don't snoop.......come on, the level of responsibility we take on for our clients or employers business requires absolute integrity, so much so that even if an employer requires me to snoop on an employee I wouldn't do it w/o a formal signed request with a limitation on what was being searched and for how long along with a justification for the search (e.g. employee suspected of passing on confidential data to competitor). Also, keep in mind that there are substantial complications that might arise when professionals find out information they don't want to know about clients or other employees.....If I find out someone is doing something unethical or illegal I maybe required to immediately report it possibly costing me a client, colleague, or job. A good sysadmin sort of has to act like a lawyer and his goal is to assist his client and only know what he needs to know.

I don't know how this study was put together, but it sounds like they weren't interviewing professionals or experienced admins.

I wouldn't call that snooping

[snuf23]

I don't think this constitutes "snooping". It's your job generally to ensure that company resources aren't being wasted by personal files such as music collections, videos, photos etc. Most of the time you are just looking for particular filetypes in excessively large profiles.
As far as software installs go, it isn't important from a licensing and security standpoint to identify illegal or insecure software that an employee has installed. Just as it is to identify rogue network hardware.
I don't think finding out that salesman Bob likes Britney Spears is in anyway a moral conflict. Reading through employee mail or accessing documents you have no right to (human resources for example) - now that is snooping.

Re:Bad sysadmin!

[jesboat]

("Score: 1, Troll"? Not really?)

Re:No Ethics

[wasted]

I'm busy enough keeping our systems running and taking care of whatever issues our clients come up with. I don't have time to go snooping around for the fun of it.

Maybe not applicable in your situation, but in general, from my very limited experience, those most likely to snoop were those that were less competent, and snooping and such gave them a sense of power. If these less-competent, morally challenged coworkers weren't so busy snooping in everyone's personal business, maybe they could learn their jobs and help with the workload.