With it, we watched the employee, a Russian temp, hack several real systems over the remaining week. Examining her computer after she left for the day, we found that she had inserted a wireless network card and had successfully bridged the "air-gapped" secure and nonsecure network. We could tell she was transmitting the data from her computer to someone else hooked into the wireless network. We placed keylogging programs on her computer to record her every keystroke.
We purchased a wireless sniffer to better track the hacker, and when she began transmitting information, we roamed the hallways looking for the illicit partner. We ended up in a nearby conference room that was open to the public. We opened the doors and saw about 200 people, half of them carrying laptops. Try as we might, we could not track the illegal data stream to a particular person. We had a room and a MAC address. Senior leadership would not allow us to stop everyone in the room to locate the specific person. Although I didn't like the decision, it probably was the best legal answer.
It was decided that we would detain the known perpetrator to stop the data loss. I hung out in the background as IT and physical security confronted the employee. The moment the security guards entered the accounting department, the temp pushed away from her PC and claimed that someone was hacking it. She was so adamant and tearful that if I had not watched her expert hacking over the past few days using the Web camera, I would have believed her. She was a wonderful actress.
I never heard whether she was arrested or deported or what happened to her. I was not privy to those details. But I did hear that she was just one employee from a newly engaged temporary placement agency, and all the other employees from the agency were also caught hacking at this same client. The young woman I had helped detain had claimed that she had so few computer skills that the company had sent her to basic keyboarding classes.
It remains the one time in my life where I helped catch a Russian spy.
Sign up for CIO Asia eNewsletters.