With the confidential nature of my work, the company doesn't want us to take our work home so they finally wised up and disabled the usb ports on our PCs. As a designer, I need to get my sketches and renderings to my home computer so that I can put them in my portfolio. I realize that I could upload them to a server but won't that leave some type of trail? If management were to find out that I'm stealing files then I could lose my job.
TLDR: How do I secretly get files off a computer that has its usb ports disabled?
meanwhile I'll dump sloots
Bentley Young
...
Samuel Wright
Frankly if they're wise enough to disable the USB ports they're wise enough to have monitoring software installed.
Hunter Sullivan
...
Lincoln King
You could take a picture of the screen.
Mason Powell
...
Brody Bennett
Email yourself the files?
Hudson Flores
>With the confidential nature of my work Thing is if you ever got them, you can't use them. Ask your boss if you can use some for your portfolio, otherwise if they find out you took it, and you signed a disclosure agreement, you can be fucked
Adam Parker
That's what I was thinking but because I work for such a huge company I wouldn't be surprised if they were a little behind the times
Brayden Nguyen
Also be advised any work you did on their computer on their time is definitely their intellectual property. Works the same for any research you did on a company's or university's computers/equipment etc.
Jonathan Martin
enable the usb ports moron
Ethan Smith
/thread
Connor Diaz
are you a retard?
>what is email?
Adrian Carter
are you a retard? >what is email monitoring software?
Michael Ross
Pretty much this
Jose Gonzalez
That's the thing is that they never actually approve things for you to put in you portfolio because they don't want you to leave and go to a competitor. Its kind of common practice for designers to violate company policy like this because in a way you are looking out for number one.
James Lee
so you thik they have emial software that can identify the contents of a file and match it to one thats not allowed to leave their network?
its fairly obvious why you are a designer. you actually are retarded.
also...
>what are encrypted and passworded zip files?
Blake Ward
For example: I have friends who are designers at Faraday Future. At the end of every day they get files off their work computer because the company could collapse at any second. In the meantime they can apply at other OEMs and have a backup plan for when the company inevitably crashes and burns.
Nathaniel Parker
You should have addressed this before you signed your contract
Samuel Richardson
some us army faggot got thousands of the most sensitive files ever stolen out of the army on a CD labeled "celine dion" and you cant even get some sketches out of some third rate company?
how does it feel to know some transgender cocksucker is smarter than you?
Camden Hernandez
1. I am not OP. 2. I do work in a confidential environment (automotive) 3. Any company sharp enough to switch off USB ports can be assumed to be smart enough to realise that emails can have attachments. You don't have to match files, you just have to look which accounts are sending attachments and where to. Cross-match destination email domains to legitimate client domains and anything that is not on the approved database could be industrial espionage or theft.
You're new at this computer and email thingy, aren't you?
also... >what are encrypted and passworded zip files? Se above
Eli Sanchez
Thats standard in the auto industry and with the limited places you can actually work as a designer you would be an idiot for turning a job down because of that.
Jonathan Baker
>disconnect Ethernet cable, block wireless board >zip what you want, put a password >reconnect >mail it using your personal mail to a temp mail
now all you have to do is justify why you were disconnected briefly and why the stuff you want is in your disk and not the server
Owen Robinson
Eyy decent idea
Jaxon Clark
yeah we used to disconnect like that when the usb ports were enabled. Might could work.
Brayden Taylor
mostly what I've expected from Sup Forums thus far but there are some inklings of ideas here
Nathaniel Baker
and you seem to have bought into the bullshit your employer tells you.
>confidential >automotive
amateur.
come back when you have government clearance.
and trust me. a single encrypted zip file on a single email will make it out of the network. anyone responsible for running the monitoring software will not bother to check single files.
youve seen far too much mr. robot to actually realise that IT security in the real world is shit, the monkey paid to monitor it couldnt care less and theres that much noise on a company email server shit gets missed all the time.
Connor Gonzalez
email monitoring, especially personal accounts. For example, the company I do consultancy work has blocked access to popular email clients like Gmail, even on guest accounts.
Eli Cooper
so you send it from your work email account and pick it up at home.
noone is talking about using a third party client.
Logan Martin
OP here:
I've thought it was actually like this for a while. better to be safe I guess
Charles Morales
eh, have you tried: bluetooth ip (LAN/WLAN whatever, get your own router & encryption so that tracking is less likely) take picture of screen with other device(it's stupid but cannot be tracked without filming you)
Noah Diaz
...
Ryan Ward
Oh, that's interesting.
I wonder why a few months ago I was told that one of the suppliers working with us had used their email to mail an attachment (just the one) out of the business? Caused quite a stir; they knew when, what address it went to and the IP and location of the computer that sent it. Didn't know what was in it when it went out of the firewall, though, but as soon as it was flagged the file was opened and examined by IT.
Perhaps I imagined it, because you clearly know what you are talking about, what with government clearance, and all.
Eli Martin
your pretty much retarded
if it is your job, IT will help you solve your problem. dont try to "fix" anything and just visit the IT dude thats in charge of your stuff.
tell him that you need access to your design stuff and he might even setup a remote accessable storage (possibly even with vpn) where you can store your files that you need to "share" between work place and home.
there are plenty of solutions that you dont need to do anything for.
dont fuck things for yourself up and just go to the IT department/dude/admin
William Sullivan
>told
yeah sure, anecdotes are evidence.
Hudson Cox
So, what's your profession exactly? Using confidential shit for your portfolio may get you fucked even if the management doesn't find out directly. Anyone who sees that material may suspect something, and tip the original company off. Also, if you work with computers, why don't you just know, or at least try searching for, how to reenable the USB ports? Unless you're working in security (which it doesn't sound like) or military/high tech, high profit it's probably just a matter of user accessible settings. It's still a fucking stupid idea, you're going to get caught, and your material is probably kept secret for a reason.
Aiden Brooks
deep package inspection is nothing new and if your company has a half good firewall it should run on all traffic you got
Aaron Scott
OP here: Just for future reference; we used to put all of our images into one photoshop file with every image as a separate layer and put something like a dentist form as the top layer and then save it out as a photoshop PDF. This made it so that when you opened the PDF with adobe acrobat, then you would only see that top layer. Once you opened it in photoshop later, then you could get all of the images in the >200mb PDF file.
Josiah Jackson
Not anecdotal. I was told by IT that the supplier had done it - I was the nominated contact for that particular supplier. I had to speak to the manager of the supplier to tell him that one of their staff had breached the T&Cs they had signed up to.
But carry on not believing if you want - no skin off my nose and it clearly makes you happy
Wyatt Torres
thats monkey level security if you want something secure you encrypt
Gabriel Hughes
I'm a car designer at a major american manufacturer. Reenabling copying files from the hard drive to a flash drive via usb requires an admin password.
Ryan Allen
Precicely. I've no idea what technology the IT guys use (I'm mech eng)
You tell this fuckwit, will you? He doesn't want to believe me
Lucas Bell
really like this gal.
Gavin Allen
OP here: It is totally monkey level security haha but it made us feel better. Will encrypt next time. Thanks for making me realize that was dumb.
Gavin Ortiz
...
Jordan Miller
if you have something worth to hide one should always expect that someone knows what they are looking for. security through obfuscation is a meme. if your security doesnt rely proveable factors that work even if everybody knows the mechanics its useless.
Brody Ward
So what you're trying to leak is production designs when it comes to cars? You don't see the danger of this, more than financial burden on the company? I get what you want to do, but if you want to use that shit for your portfolio you'll have to do some designs that aren't contractually owned by the company. You will get fucked in the ass.
As to how to get this going, assuming you're willing to risk your job, your future career and everything to 'put together a portfolio' (no, I don't believe this is your motive, but I'm not here to tell you the moral reasons not to, you might want to leak something that actually deserves leaking) you'll have to get access to the admin account, which probably is a lot easier than you think, considering you're already established at the company in question. Social engineering will get you a long way, but you may have to spend some time figuring out some minor hacks to get enough material for you to work with. >newly employed at an IT security company
Jeremiah Turner
Call me stupid or whatever..
But why don't you just print that shit on the office epson, roll it up and take it home. If you're going for a real life job you can take it with you. Or you can use a scanner to get it back to digital format.
That said, if you're going for a job and one of the things you outline in your portfolio is that you don't respect confidential material, maybe it's best you don't go there.
Angel Young
This
And change the file extension to .mov or .wmv (don't pack it in a binder it could flag as threat in the firewall), send it from the personal email at lunch break under some innocuous email like "fred's new hunting cabin" something boring like that.
Jonathan Martin
>youve seen far too much mr. robot to actually realise that IT security in the real world is shit, the monkey paid to monitor it couldnt care less and theres that much noise on a company email server shit gets missed all the time.
Can confirm, but you have to imagine the possibilities of outsourced security. >currently working for a company only dealing in security >making sure your refrigerators aren't getting malicious software updates, turning them into zombies >part of our daily routine is facepalming at our customers previous security solutions
Jose Reyes
how do you have the rendering software at home if the company won't let you take home the work?
Juan Ramirez
The production stuff is whatever because the actual car will be out. Most of the stuff that I'm interested in are things like sketches for a concept car that got cancelled or sketches that were proposed for a program(car) that were not chosen as a theme. It's not exactly like I'm giving away secrets when I send off my portfolio. Thanks for the tip on getting an admin password though.
John Ortiz
Thats not crazy at all, just very time consuming.
Jackson Walker
>rendering software
it's photoshop, dude. Not exactly hard to get. I'm just talking about jpgs.
Christian Thomas
You serious? You poor? You stupid? You stupid and poor? Torrent last years version.
Logan Russell
see Who cares if it's time consuming, you've just wasted an hour talking on here about it.
Connor Powell
Assuming the ports are disabled via group policy or other software, boot from a linux distro and copy the files to a USB stick.
If the software doesn't run, it can't block the ports.
Wyatt Nelson
Thats not a bad idea actually. Would they be able to tell if I ran linux for a bit?
Jack Gonzalez
Disconnect from network.
It will simply be like you shutdown your computer.
Asher Gonzalez
Can the USB ports be activated with the jumpers on the motherboard? Passwd protection could be still on but doesn't matter anymore. Reseal the screws afterwards.
Asher Carter
...
Leo Moore
Could you run the linux with liveCD?
Christopher Cox
brilliant. thank you sir.
Zachary Nguyen
Yep
Jacob Lopez
my work does this. no restrictions on burning CDs though so I copy data that way.
Jordan Foster
Attach artwork to email with no recipient Save as draft. Log into email profile off site and download
Isaac Rogers
I've heard of other guys doing this as well but wouldn't IT be able to tell that you uploaded something?
Hunter Ramirez
you can run a livecd but you can't burn the pictures on a cd? wat?
Leo Scott
Well, if they've got absolute admin control of their email domain they'll be able to tell what ip address the download was made to, do you have access to a vpn?
Dominic Morgan
I never mentioned burning pictures to a CD.
Once in linux, the USB ports should work.
Jaxson Stewart
OP here: I don't but that wouldn't be a bad thing to have anyway.
Cameron Lee
But they'll still see the vpn access your email profile, unless you open a vpn connection from inside to an outside device, they'll see packets going out but won't be able to see what it is.
Matthew Brooks
Also setting up a vpn on a ddwrt router is super easy and free. I do residential IT on the side and have a vast array of vpn's if I need to obscure my location
Logan Hernandez
The admin can disable burning option without disabling the CD/DVD player. Player is now read-only.
Colton Clark
If you go through this much trouble, try Teamviewer portable and transfer the files to your home computer.
Brandon Hall
Thats a good tip, actually. Thanks.
Evan Scott
I use Evernote all the time for docs. It syncs flawlessly across devices. If management asks, just tell them it's a to do list
Isaac Brown
CBA to read so idk if this was mentioned but every time you insert or remove any USB device, it's logged. If you did it before, you already left a trail.
Are you sure it's not a broken USB device or a broken USB port? Do your keyboard and mouse still work?
If your employer isn't ok with you moving your own work from the workplace to your house, my primary suggestion would be to just recreate it at your house and not risk losing your job over it.
Short of that, best deniability bet would be to rent a Russian-hosted VPS and a serve malware from it via a spoofed email to your address. Make it something akin to what Eastern European spear-phishing malware campaigns look like (fake job application with infected PDF/DOC, url to a JDB or similar victim-initiated attack vector). "Fall for it" and play dumb if you're caught.
Jace Collins
This guy fucks!
Hunter Ward
>rent a Russian-hosted VPS and a serve malware from it via a spoofed email to your address.
They did exactly that just some years ago.
Doesn't work that well anymore because instead of ID'ing incoming shit, the scanners have advanced low level AI based blocks for sorting the incoming traffic. It's quite good nowadays and if the admin knows what he is doing, chances are this doesn't work anymore.
Dominic Cooper
They upgrade our computers every couple of years so the new ones won't let you copy to a flash drive via usb. When I copied stuff it was from another person's machine that hadn't been swapped for a new one.
I can recreate how I laid images out on a page but recreating the actual sketch is pretty damn difficult. Remember this is artwork we are talking about here.
That last part is probably a little beyond my capabilities. I'm an artist/designer, not an engineer/programmer
Oliver Harris
krasivaya!
Adrian Wilson
yes. this.
Justin Edwards
then hex encode your entire image file and send 1Kb blocks of it as a get parameter to a site you own that seems innocent and work-related (won't be on any blacklists provided the domain wasn't previously registered and is served from a reputable host) and reconstruct from apache logs later. E.g.
www.blahblahengineering.org/{first 1kb of your file in hex} www.blahblahengineering.org/{second 1kb of your file in hex} www.blahblahengineering.org/{third 1kb of your file in hex} www.blahblahengineering.org/{Nth 1kb of your file in hex}
set the page to set a cookie and increment cookie each visit. have different content (all relevant to work) for each counter # in this cookie
Michael Cruz
Fucked once when I was 17 and haven't since then, so no, I've fucked, as in past-tense singular.
John Gomez
ok, makes sense still surprising that third party boot is not protected/disabled in the bios then
Evan Nguyen
he was quoting Silicon Valley but at least you're honest