[SOLVED] My employee is Stealing Inventory and Selling it Online from Warehouse! How to remotely monitor web traffic?

shawnc

Distinguished
Jul 29, 2016
39
0
18,530
My employee is stealing inventory! I believe he is selling directly from the warehouse in online facebook groups., or other sites, using his personal private PHONE on my wifi.<edit>. I cannot fire him right now. He is on camera stealing, but looking through 8 hours of video daily is laborious. <edit>

Is there some way to monitor which *specific* Facebook groups he is visiting? Or some way to see what pictures he is uploading so I can identify the inventory items? He spends a lot of time on Facebook posting random memes and stuff, so I need to know the exact Facebook page he is visiting, not just "FB". <edit> I cannot load software onto his user device (phone).

How can I monitor this remotely in a way that he will not notice or identify the equipment I am using to remotely monitor web traffic?

A laptop is impractical as I am rarely there to reset it or deal with any issues.

I'm hoping there is some kind of upgraded router which will allow this and that I could record all activity in real time remotely, so there is no need for excessive HDD or equipment on site. I will post signs which declare that internet activity is monitored. Something programmable which has the ability to alert me by email or other notification when specific sites are visited would be kryptonite. Thank You.
 
Solution


It encrypts everything you...

shknawe

Respectable
Oct 22, 2016
1,287
47
2,490

He already knows he's missing Inventory and who's doing it. He wants to prove who is doing it and when.
 
If the machines are company owned you need to load software on the machines. I would be outright and in the employees face that I was monitoring every keystroke they make. I would make every effort to prevent use of private devices on your network. There really is nothing you can do about a employee using their own phone directly on the cell company network. You can prevent them from using your wifi.

The problem is HTTPS. This is a good and bad thing. Since snowden reveiled the government was spying on everyone the internet made a massive change to HTTPS to prevent this. This also makes it impossible for you to know what someone is doing by attempting to monitor as the data travels through your network. You must intercept the data before it is encrypted on the machines. There are some crazy proxy solutions that fake certificate servers to break the https but you still must make changes to the clients to the browsers do not detect this and fail the connection. Pretty much you have to monitor on the end machines.
 

punkncat

Champion
Ambassador
I suggest you look into a camera system. I do security as career, and it's a darn good way to catch people "in the act" as well as other benefits like when people get hurt, nighttime security, etc.
Many of the companies that install cameras may have a wireless and battery operated rental system you could utilize. Even if you went so far as to get a system for yourself.
If you are familiar with the area from which these thefts are occurring and actually want to catch them doing it so you can lock them up, I would recommend using hidden (covert) systems, like a clock or any other manner of a wide range of devices. If you just want to prevent, get viewable housings. Even if you are looking just to deter theft using "dome" type housings that are smoked with a small beeping LED does wonders.
 

shawnc

Distinguished
Jul 29, 2016
39
0
18,530
Thanks, there is only modem/router, wifi and camera system. No computers are mine. He uses his PHONE for all internet activity, 5% his laptop. I saw another post that said it was in depth to log through a router, ...trying to figure out what is required if that is the best way. I've tried to leave laptops on for DDNS but they always crash.
 

[strike]HTTPS encrypts the contents of the web page. It doesn't encrypt the URL. It sounds like the URL should be sufficient for OP's needs, unless the employee has set up some private invite-only facebook group for selling his stolen merchandise. (In which case you'll have to bring in the police so they can get a warrant for Facebook to cough up what's going on in those private groups.)

URL logging is fairly straightforward. It just generates a ton of logged data (a "web page" actually pulls in components from several if not dozens of different URLs). But anyone skilled with grep should be able to pare it down to just the relevant bits you're interested in.

https://kb.netgear.com/24224/How-do-I-view-the-activity-logs-of-my-Nighthawk-router
https://www.howtogeek.com/68886/how-to-configure-your-router-for-network-wide-url-logging/
[/strike]
Edit: Apparently I was mistaken

You'll have to configure your DHCP server to always give his phone the same internal IP address, since these logs usually just record source IP, not source MAC address.

Good luck. We had an employee doing this for years at a former workplace. It was difficult to catch him (head chef) because the food delivery people were in on it, so the stolen food never actually made it into our refrigerator. He would sell (say) 100 pounds of filet mignon to another restaurant. He would then order (say) 200 pounds of filet mignon on our company's account. The delivery people would deliver 100 pounds to our restaurant, 100 pounds to the restaurant he sold it to. The other restaurant owner would pay him outside work, and he would kick back a cut to the delivery people. We didn't catch on to it for years because if the invoice says 200 pounds of filet mignon was ordered and the manifest says 200 pounds was delivered, nobody goes into the refrigerator with a scale and actually weighs it to make sure it's really 200 pounds.
 


It encrypts everything you can't even tell which site they are really going to. If for example multiple sites share the same IP address all you see is the IP not which host is being used. Unless you incept the DNS you can't be sure which they looked up.
Even with a dns intercept it only give you the main site not what the did on the site.

You only see a data going between 2 ip addresses using port 443. You might see some of they key exchange messages when the session is setup but it does no good because of how the keys are done. All the actual data is fully encrypoted

If you don't believe me just run wireshark on your own machine. You can not decode the https sessions on your own machine without doing crazy stuff like getting the private keys your browser is using and manually putting them into wireshark.
 
Solution

shawnc

Distinguished
Jul 29, 2016
39
0
18,530
Thanks Solandri, that scam is sickening, when you realize the depth of deception people will go to, and for so long, while you are supporting them in their life.

Yes, the URL would be everything, then I can monitor the page online.

So use grep commands to search a giant file of router activity logs for "facebook" etc? Would the router log be just a text file I can manually <cntrl><f> search for the few key webpages? Once I know the pages, the work is done and I can monitor the page directly from my location.


So I wait till he is logged in, then remotely configure the router for static internal IP to phone? Will it capture the data either way and this just proves it's his transmission? He is only one on network.


Thanks Bill, what exactly is possible?
If I can identify the person's: Facebook group / Ebay seller name (account) / Instagram Account / Etsy Account, that will give me all I need to know. I can watch whatever page he is using. Is this possible? Thx.

To the other questions, life is not always "good guys vs bad guys". It's more like "work your tail off, stay one step ahead, stay out of court" sometimes best to just mitigate damages as much as possible. If you've never had a real snake in your life, be thankful. Everything they touch turns to poison, and every way in which you try to seek retribution in the relationship poisons yourself. As a business owner, sometimes it's better to have the person that "only" steals 5% versus an unknown. There is a lot more to it than that. Odd location, odd hours, no staff in the area, etc.
 

shawnc

Distinguished
Jul 29, 2016
39
0
18,530
Thx. My only equip would be the modem router. No pc's. Just his phone, and occasionally his laptop on network, along with my cameras. Can I traffic monitor from modem/router? and export to an HDD offsite? everything I search comes up for internal network or bandwidth monitoring etc.

 
You can monitor nothing if you do not have full control of his phone or laptop. This is why most companies do not allow private devices on their network. The usage data must be intercepted on the end devices

All data is fully encrypted from his machine to the web site. Sites like facebook fully went to HTTPS to prevent governments from intercepting and monitoring usage so its not like you are going to be able to do more than a government.

The best you can hope for is you see some encrypted traffic running to facebook or ebay etc. There is no way to tell what they are doing. You will see garbage traffic to facebook because they pay to embed ads into many web pages. The traffic all pretty much looks the same.

From the sounds of it they do not actually even need to use your network if they are not using it to actually steal the inventory. If they use their personal cell phone connected to there own cell provider account nothing even goes through your network.
 

shawnc

Distinguished
Jul 29, 2016
39
0
18,530

Ok, Thx that's final then, unless someone suggests captured data will be otherwise revealing, which I was hoping for.


Yes, but the cheap sob is always running out of data, :dawa: . I hear about it everytime the wifi goes down. I actually had to send him a new phone to process credit card transactions for those times because his was so bogged down with FB pics he couldn't even download the app. This person is technically illiterate, so the range of risks is much simplified. He doesn't use my phone for the other stuff or I would take that approach.
 

shawnc

Distinguished
Jul 29, 2016
39
0
18,530


My state is "right to hire" I can hire and fire as I choose. Lots of reasons, I addressed those in the comment above, last para: January 18, 2019 9:34:43 PM >>

" life is not always "good guys vs bad guys". It's more like "work your tail off, stay one step ahead, stay out of court" sometimes best to just mitigate damages as much as possible. If you've never had a real snake in your life, be thankful. Everything they touch turns to poison, and every way in which you try to seek retribution in the relationship poisons yourself. As a business owner, sometimes it's better to have the person that "only" steals 5% versus an unknown. There is a lot more to it than that. Odd location, odd hours, no staff in the area, etc."
 

USAFRet

Titan
Moderator


As laid out above, you can't really know what he's doing on facebook.

You already have camera footage.

What is your hopeful resolution?
Fire him, make him stop, or you live with it.

 

shawnc

Distinguished
Jul 29, 2016
39
0
18,530


Sorry,Solandri, I lost you...it seemed the conclusion of thread was that you must install software on user device, or will not be able to collect any info. What is your postition? I would like to find a solution and not give up. taking losses.

You crossed out earlier recommendation. What method am I using to collect said "logs"?

And once I give his devices a static IP then I will be able to:?
A: know specific websites?
B: know IP's visited?
C: other?


Thank You.
 
According to bill001g, the only info you'll be able to log withing getting on his device is which IP address he's accessing, which you kinda already know since you say he's selling stuff via Facebook.

If you have sufficient proof that he is stealing (e.g. you have video of him taking supplies form the warehouse and loading them into his car), then this probably should be turned over to the police for them to handle. They will be better able to advise you how to proceed. They will have the legal power to access or obtain info (like Facebooks' user logs) which you cannot obtain without violating laws yourself (e.g. by installing monitoring software on his phone without him knowing).

I kinda get the impression you're taking his theft personally, as if he's stealing your personal belongings, and you want to make sure he pays for what he's done to you. As a business, you have to disassociate your personal feelings from the business. Like shoplifting, the theft is just a business expense. Your job as manager or owner is to minimize that expense, which in most cases means firing the guy as soon as you can. "Making the bastard pay" is not a part of your business' responsibilities; that's the job of the police.

In my case, the only reason why we let the theft go on for so long was because we didn't have proof. California's employment laws are skewed heavily in favor of the employee. And without proof, if we fired the guy he could've sued us for wrongful termination even if he really had been stealing.
 

USAFRet

Titan
Moderator


If you know the IP address your router gives him (in your router log), you can at most see that he went to the generic "Facebook".
You can't discover what he did on Facebook, or what internal pages or sites he accessed.