Porn Cams, Blackmail and Hacked Payrolls: IT Pros Tell All

Credit: Shutterstock | Who is DannyCredit: Shutterstock | Who is Danny

Most employees don’t expect to wake up to learning that payday has been postponed due to phishing. And you probably wouldn’t guess that the CFO is running his side hustle from a company computer, or that an employee’s corporate credentials are on the dark web due to work hours spent on dating sites.Lagging internet is no surprise, but discovering that bandwidth is being drained from a workers’ ‘adult-themed’ webcam show is a touch more alarming. Welcome to the life of an IT security professional.

It’s stories like these that can be surprisingly typical for IT security professionals. In fact, cybersecurity threats - -both from inside and outside of the company -- have become so large that cybersecurity has taken on a life of its own within the IT sector. It’s gotten so large that the demand for cybersecurity professionals is on the rise in a big way. According to data from CyberSeek’s data, a free cybersecurity career and workforce resource, in just the U.S. alone, “there were 301,873 cybersecurity job openings in the private and public sectors during the 12-month period between April 2017 and March 2018.” Corporate cybersecurity horror stories like the ones you’re about to read are a big reason why.

Hosting an Adult Show on Corporate Servers

While inappropriate online behavior seems to be the main issue in the IT world, many times it’s not demonstrated by hackers, but by internal employees. Raj Goel, founder of NYC-based managed service provider (MSP) Brainlink thought that, in his 20-plus years in IT, he had seen it all. But one recent incident was something he never imagined.

A customer’s CFO called in Brainlink to figure out why their IT department was constantly running out of bandwidth, even after they just spent money on an upgrade.

“These guys had what I would call a ‘fat pipe,” Goel says, “but for some reason, their IT guys kept saying they were completely full. So I looked and discovered that one of those same IT guys was running a webcam pay-per-view website off the company network. It was a porn site, and apparently his girlfriend and her friends were the talent.”

Even more shocking: This went on for more than two years, and no one caught it—even after this employee’s actions cost the company more than $180,000 and the need to upgrade its network every three months because it was running so slow.

So I looked and discovered that one of those same IT guys was running a webcam pay-per-view website off the company network. It was a porn site, and apparently his girlfriend and her friends were the talent.”

“The takeaway here was that the CFO should have been more proactive. He would inquire with IT, and they were just giving him non-answers to his questions,” Goel says. “The lesson here is that even if you have an in-house IT team or MSP, it’s important to (at some point) bring in a third-party to do an independent audit or assessment. You need to get a check that you are getting an ROI and that everyone is doing their jobs.”

CFO’s Side Gig

Goel also recalls an incident where a healthcare company called him to do a compliance and security check, and he uncovered the CFO was running a completely separate company from his office.

“I asked him and mentioned that I was seeing a logon to a remote connection every day, and as soon as he heard this, the guy looked stunned … I thought he was going to have a heart attack, when I told him. At first, he didn’t say, but then admitted he was doing some work on the side for his own business,” Goel says.

While Goel notes the exec wasn’t using company resources, he says the employee was still spending half his day running his private import/export business on company time by logging into his home computer remotely. Goel and his team found this out by assessing the network’s firewall traffic. At first, he expected that maybe the problems were stemming from an off-site data center. However, when he approached the CFO, he wasn’t expecting the reaction he got:

“I asked him and mentioned that I was seeing a logon to a remote connection every day, and as soon as he heard this, the guy looked stunned … I thought he was going to have a heart attack, when I told him. At first, he didn’t say, but then admitted he was doing some work on the side for his own business,” Goel says.

Phishing Postpones Payday

Sometimes business don’t realize a breach has occured. And even after discovering one, they don’t always take the necessary security measures.

“An external breach that’s highly publicized could damage reputations, and then the client doesn’t invest in security controls only to find out the hackers never left, and they are still infiltrating their network,” Bart Barcewicz, founder of Chicago-based MSP B Suite Cyber Security, tells Tom’s Hardware.

“If someone had set up rules and authentication, they would have been alerted that information had been changed,” Barcewicz says. “The biggest [problem] was that after this happened, they didn’t want to invest in a cybersecurity solution and didn’t learn from this experience.”

Take the large manufacturing/distribution company Barcewicz worked for at a previous job. He says about 10 employees there received a phishing email, which they fell for, sending their Office 365 credentials and other login information to unsuspecting hackers. The hackers then used the information to get into this company’s payroll accounts and changed all of the employees’ account information. Because the company didn’t have any alert or security controls installed, the breach wasn’t discovered until two weeks later when employees didn’t get their paychecks.

“If someone had set up rules and authentication, they would have been alerted that information had been changed,” Barcewicz says. “The biggest [problem] was that after this happened, they didn’t want to invest in a cybersecurity solution and didn’t learn from this experience.”

Credit: Shutterstock | kentohCredit: Shutterstock | kentoh

Dark Web Despair

Another situation, which Barcewicz has seen occur at multiple clients, is employees using corporate login information(ex: their work email addresses) to sign up for personal websites, such as social media and dating services. While accessing these sites is typically frowned upon during working hours, it becomes a security issue when a user’s corporate information is used on a site that is breached and those credentials end up on the dark web. Barcewicz discovered this exact situation after doing a dark web analysis for an engineering firm with 2,500 employees.

“They literally say they are recording the user’s every online move, say they have been watching them on webcam and that if they don’t pay in Bitcoins, they will let their contact list know everything they have been doing.”

Barcewicz also notes another dark web scam gaining popularity, where hackers hijack a user’s computer and threaten to report their inappropriate online behavior to everyone on their contact list:

“They literally say they are recording the user’s every online move, say they have been watching them on webcam and that if they don’t pay in Bitcoins, they will let their contact list know everything they have been doing.”

Barcewicz advises that employees refrain from using work information for anything personal.

“Someone could take that information and then use it for a scam, such as holding your information ransom in exchange for Bitcoin money,” he says.

Fighting the Insanity

One of the reasons demand for security professionals is so large is that they’re not just fighting a bounty of threats from the outside; they’re also managing a healthy amount of risks from inside the organization. This can come from an employee who has access to servers and other technology, and even more so after an employee leaves—especially if it's not an amicable parting. To remedy this, Barcewicz recommends taking steps like implementing two-factor authentication and installing a password manager.

“The minimum for any business is to use a two-step password authentication when possible, as well as using different passwords by way of a password manager tool,” he says. “We also recommend changing your password (for sensitive websites) every three to six months, but with two-step authentication, this usually doesn’t have to be done as often.”

And Barcewicz practices what he preaches to his clients. He personally uses a web-based password manager that automatically generates a distinct password for every web site he logs into (as well as two-step authentication). He says this is because auto-generated passwords are more difficult to breach. “Hackers aren’t always looking for the exact password,” he says. “They are trying to figure out variations and patterns because they know often they are used this way on other sites.”

Both Barcewicz and Goel say that the moral of these stories is that, for business owners, the best course of action is having a third-party IT security assessor who knows what they are doing.

“The minimum for any business is to use a two-step password authentication when possible, as well as using different passwords by way of a password manager tool,” he says.

“A good assessment never hurts, “Goel says. “But you have to spend the money; don’t use someone who is just going to download a free tool and then tell you what you want to hear. You need someone that’s going to look at things like patterns traffic, data, user behavior and other important areas.”

Barcewicz adds that resistance to change has held some clients back from investing in proper cybersecurity. In the case of the client whose payroll was hacked, executives still declined to improve their approach to cybersecurity. “They didn’t want to change how they worked, and money was not the reason at all,” he says. “It was more the resistance to change; that was the main driver.”

What’s your craziest IT security story? Can you top the webcam scandal? Let us know in the comments below.

Create a new thread in the Reviews comments forum about this subject
This thread is closed for comments
16 comments
Comment from the forums
    Your comment
  • WildCard999
    Logged into a computer at work and a fellow employee was logged into there FB account as well as there multiple bank accounts and credit cards was all in the open. I did the right thing and logged them out of all there accounts and deleted the browsing history but the odd part was every account they logged into was also put into bookmarks but I deleted those to be safe.
  • lordsnake
    fake made up stories.

    If the guy was running a live porn webcam on the office network, then the girls and the webcam would also need to be in the office. I think someone would notice a bunch of girls doing webcam porn.
    And no they were not doing it from home and using the office bandwidth, as this would require a direct connection from the office to his home as well with the same size pipe.
  • dontjudgeme8716
    Or like he said it was prerecorded and not a live cam site ... Which is what it said then you would only need to continually upload new footage to the company servers to be using the bandwidth.
  • CircuitWIzardry
    LORDSNAKE, you're wrong on this one. A webcam or several could easily be transmitted over a VPN between the business and some other location. Serving traffic to hundreds or thousands of users/subscribers would take up much more bandwidth than just a couple webcams of the girls. So no, the pipes required are not the same size, and the workloads are also very different.
  • USAFRet
    Controlling stuff through the interwebs.
    How do it work?

  • TMTOWTSAC
    I'm pretty sure most YT and Twitch streamers don't have to physically travel to YT or Twitch in order to broadcast...
  • Chaos2Theory
    So incredibly fake. Like what internet can you buy that costs 180 000 dollars and * STILL HAS A BANDWIDTH LIMIT?!?! Liuke i know comcast is bad but thats fake.

    [Mod Edit for language]
  • OriginFree
    @LORDSNAKE: Another option is that his GF works for the company as does her friends. A lot of people meet their S.O. at work and if its a large company you wouldn't notice people coming and going. Especially if the company isn't just 9-5, how many people would notice "afternoon / evening" staff? And once you see "Sindy" a few times talking to people you recognize you wouldn't think twice.
  • OriginFree
    @CHAOS2THEORY: It says it cost the company $180,000, not that just the bandwidth costs that. If they had to renegotiate contracts, get more hardware, hire low level tech people to "fix the problem", run new wiring, get more wifi hardware, pay for a fact finding mission to CES to research the problem, bring in outside contractors to solve the problem that the inside staff cant fix and all that other overhead is in there. In my opinion anyways.
  • DrakeFS
    Anonymous said:
    fake made up stories.

    If the guy was running a live porn webcam on the office network, then the girls and the webcam would also need to be in the office. I think someone would notice a bunch of girls doing webcam porn.
    And no they were not doing it from home and using the office bandwidth, as this would require a direct connection from the office to his home as well with the same size pipe.


    Do you really think that is how Twitch and Youtube work? That every streamer is going to a physical location that Twitch or Youtube owns and streaming from their physical sites?

    I hope not...
  • DrakeFS
    Anonymous said:
    So incredibly fake. Like what internet can you buy that costs 180 000 dollars and fucking STILL HAS A BANDWIDTH LIMIT?!?! Liuke i know comcast is bad but jesus christ thats fake.


    $180k over 2 years is only 7.5k a month. Ignoring there are probably also hardware cost (at least $10k-$40k) which would bring the monthly cost down even more, a direct fiber to L3 is not cheap for a "fat pipe".
  • TMTOWTSAC
    Also, note the difference between upstream and downstream bandwidth. If someone was streaming to the corporation, they would be using their own upstream bandwidth while the corporation would be using its downstream bandwidth to receive it. Then the corporation would be using its upstream bandwidth to rebroadcast it. Most connections are asymmetrical, with significantly higher downstream vs upstream. It would have been their upstream bandwidth that was getting hammered and needing to be upgraded every three months.

    For example, Comcast's Performance Pro offers 150 Mbps down, 5 Mbps up, and the next tier, Blast! Pro offers, 250 Mbps down, 10 Mbps up. Try asking them how much they'd charge for 250 up/250 down. Just remember to convert krugerrands and vital organs into $ using current market rates.

    Realistically, the only way to keep increasing upload speeds at the corporate level is to have fiber strung.
  • Chaos2Theory
    @DrakeFS @OriginFree @TMTOWTSAC Xfinity offers 2000mbs up and 35 down from xfinity is available nearly everywhere in the nation, could support easily 6 hd streams, and costs 300 tops. They have business plans that are cheaper than that even for strictly upload speeds but also remember, the cost alone isnt the cost of the plan, because the company has internet, just hte cost of the upgraded plan. Additionally either this company was large enough that it couldnt find the people doing it and * around for 200k worth of dollars, meaning they must be large enough to have at least those speeds if not way more, and ample equipment OR they simply spent that on technology, which doesnt add up at all because streaming video is easy relative to streaming and gaming. Any 100 dollar processor from 5 years ago could do it if its just a video stream. And if people are ordering 5k+worth of video gear i think somebody would question what on earth for. I do not see how this could be true.
  • TMTOWTSAC
    I think you're significantly underestimating the scale of these operations. It was described as a PPV site, meaning an archive of existing videos for viewing at any time. The longer the operation runs, the larger the video library gets. This went on for over 2 years. And it looks like they didn't get caught because the guy being asked to investigate was the same guy running the pirate station.
  • USAFRet
    People...let's keep the vulgarity to an actual level of zero, OK?
  • thurmans
    Wow that is really original. To use up a company bandwidth for hosting a porn site. You really need to be a genie to think at this. Just wonder on how much money the guy earned with about 0 costs. And if you can figure out how much money chaturbate.com or https://www.xcamsclub.com/ spends monthly on servers... This sure was a short path to become very rich. I like how the guy thinks but I surely blame that he was using someone else's money. If he is that smart I'm pretty sure that he could find another way, a legal and honest way.