Troubled about an issue

I have an interesting dilemma that I am not sure what to do (well, I know what I should do, just not sure how to go about it).

A little background information. I am currently working a 6 month contract position as a user support specialist, where my main objective is to deploy over 400 new computers, along with standard help desk issues. I just started 1-1/2 weeks ago. The manager of the help desk has nothing but good to say about me, and from the second day wanted me to go through the application process for when they open up two new positions. The CIO, and everyone else has nothing but good to say about me. I am currently studying for 83-640 for my MCITP:SA/EA, and then onto my CCNA.

Now, here is my dilemma. Friday I overheard three of the other help desk personnel actively download pirated software from a torrent site and install it on their work pcs. They were able to do this by using one of their accounts that has unfiltered access through Websense and by logging onto the public wap. Otherwise, this type of activity would normally be blocked.

Now I know the manager has no clue that this is going on, nor am I sure if the network admins are aware of it either. So my question is, do I inform someone of this activity, or do I ignore it? I have no idea how much of it goes on within the office, although I do know one of them constantly talks about the stuff he downloads at home. I know he also accesses his home network through a vpn to monitor his downloads.

I am not sure if I should first go to my employment agency and get their opinion, or just go straight to my manager or the CIO. My manager is unfortunately on vacation for the next two weeks, and I would hate to wait that long.

Now personally, I could care less what someone does on their own time, but to do download torrents while at work, consuming resources, compromising the network as they have no idea what they can be downloading, doesn't fly with me.

What do you all think should be done? Part of me doesn't want me "telling" on them to hurt any chances I have of getting hired on after my contract ends, but at the same time, with me aspiring to be a network admin, I wouldn't tolerate that type of crap on a network I helped manage.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

adam.hughes

Yeah, I would worry about contract renewal if your superior finds out you knew all this and didn't do anything about it, that could blow up in your face. I wouldn't tell on my co-workers, but I would tell the admin about the security hole that exists and the possibility of situation that already exists. Most people doing something they know they shouldn't eventually get caught or burned anyway. Kind of a touchy situation, follow your gut it's usually right.

I read Blargoe's answere and he is right. You are in an explosive situation don't take it lightly at all. Be sure you don't become a casualty of this whole thing.

blargoe

crrussell3 wrote: »

Now personally, I could care less what someone does on their own time, but to do download torrents while at work, consuming resources, compromising the network as they have no idea what they can be downloading, doesn't fly with me.

What do you all think should be done? Part of me doesn't want me "telling" on them to hurt any chances I have of getting hired on after my contract ends, but at the same time, with me aspiring to be a network admin, I wouldn't tolerate that type of crap on a network I helped manage.

I'd be very careful... it wouldn't fly with me either... but right now you're not really in a position to decide whether it should fly or not. If I were the network admin I sure as hell would want to know about it, they're opening up all kinds of cans of worms by allowing that. Our websense is unfiltered for the IT department except we block all illicit and illegal stuff (including no torrent sites, ****, etc.).

Here is what "I" would do, bear in mind this is from the perspective of a network admin... Get the know the network admins over the next week or so, get a feel for how sharp they are and about how seriously they take ownership of the network. See if they are best buddies with these other help desk guys and are turning a blind eye. If you get a good vibe, just put a bug in their ear about the illegal torrent downloading and that they should look into it... and let them bring it up to the manager. They will have all the proof they need in Websense if they are logging web traffic. Then you're not the new guy running to the boss, and you get in good with the admins who will plug you to the higher ups.

But you have to be careful for all the reasons you already stated. You have what looks like a promising gig and the higher ups seem to like you for now.

crrussell3

Thanks adam.hughes and blargoe for the responses. what you both said is basically what I was feeling, just wasn't sure how I should go about exposing this situation before it can get any worse (especially since today one of the main offenders in question was watching the new harry potter movie on his work pc).

I am just going to have to play this out as carefully as possible and hope for the best!