Archinect
anchor

Anyone experience “Workplace Hacking” in Architecture?

ProgrammingKing

Not to steer away future architects or create a conspiracy thread but I am curious if any other practicing architects have experienced cyberstalking/ hacking within the student or workplace roles of this profession?

Maybe this is just a weird coincidence of my location which happens to be/was the forefront tech booming area of the country. Coincidentally, I have experienced this personal invasion of privacy one year in college and three out of five offices I have worked at.

Starting with school, a young extremely techy architect professor (great designer btw) had all of his studio download sketchup from Dropbox freeware. He was never around most of the time but somehow always seemed to know what was going on in our studio, the conversations, etc. The students who did not put in the late hours and sneaked away once he was gone- always always got the “hazefest”, which raised suspicion. Comments like “I’ll always be watching you so don’t think you can hide from this studio” we’re brought up several times. I wasn’t bothered because I enjoyed studio more than anything but definitely an odd remark. There are more examples but the major red flag for me was the fact that you can monitor your Dropbox devices that access it and the IP address- which ever since that studio random Mac and pc IPs would go into that Dropbox (this was when Dropbox just started btw). 

After graduating I began my graduate degree in software development and learned a few tricks of the trade on the monitoring end (wire shark,etc.) however my studies revolve around programming in regards to CAD development software and not much but basic IT knowledge. I save all my files on three hard discs and an Ubuntu based server and time machine so, I still had the sketchup program from studio and noticed the .dat phishing malware file programmed within sketchup program which confirms my initial theory of my studio professor.

Onward- While enrolling In night & online classes, I part time worked for 5 different offices both extremely notable, award winning, large based offices, and small local offices. Three out of Six of these offices had breached into my devices, which I’m assuming started from my email of employment and phished their way to my cell phone and personal computer. As I mentioned, I do not have an in depth knowledge of anything but basic comprehension of hacking to this level nor do I have any desire to but these types of hacking are wayyy beyond your typical script kiddie level, and in the practice of Architecture of all professions. 

The thing is- I played dumb and never told any offices I was moving along with my education in software on the side and had knowledge of how to monitor intrusions. I’ve always been able to ping the IP back even through their spoofed IP and get a location within the office region/location. 

Also, I’ve never once logged into my email on their computer, used their email on my home network, or logged my phone into a work network- I know better. Conversations would always be brought up about my searches, weekend photographs, text messages, etc in such a way to make me freak out but not enough tangible evidence (or so they thought) to label them a culprit, or I may sound crazy. I played this off for years and yes it was extremely annoying to continuously change my security features every other week or so( even my IMEI number), but I played the childish creepy game in order to get the remaining Ncarb hours - which in my situation is absolutely pathetic for a “higher ranked licensed” architect to be such a low life he has to spend his time snooping my life in order to stay on the hierarchy relevance. Real sad but I just logged down every time my phone or computer or email was intruded along with the password. I strongly disliked my last office so bad for this, after my hours were complete, I sent a mass email to everyone with my hacker ip logged of 30+ attempts and wished everyone a great honest future in their practice and walked out. The superintendent looked like a ghost as I waved him farewell with a smile. I’m not one to cause confrontation but this was justified.

Even though I’m now licensed, I honestly have no desire working again in an atmosphere where you are somewhat held down by invisible abuse in order to get completion of credits. I now practice architecture on the side for my own endeavors and friends and run my own business developing software thanks to my experience. Sometimes theres a silver lining to a path full of obstacles. 

Anyways, my reasoning for this long post is to share my experience in detail to see if anyone has experienced this type of scenario in their career path, and how others were able to deter or give insight to future architects on cyber defense strategies. Thank you

 
Jul 6, 20 7:46 pm
ProgrammingKing

FYI- typo of “six” meant “five.” (Multi-tasking error )

Jul 6, 20 8:02 pm  · 
 · 
Non Sequitur

I’ve never heard of or seen anything remotely resembling what you describe. 



Jul 6, 20 8:22 pm  · 
4  · 
5839

The stuff your prof was saying about knowing who the slackers are and keeping tabs on the studio are just standard studio professor tactics to encourage students to work hard.  My professors used to say similar things, and that was mostly pre-internet!  They would say that they might be coming in at midnight to see who was working, or that their sources would always let them know who was slacking, etc. Most studios have their snitches and gossips, so if your prof knew about studio conversations it's most likely that there was one or more suck-up students being chummy with him and telling the tales of the studio.  When I was teaching there were always certain students very anxious to put themselves in that role, whether I wanted them to or not!

It's not too far-fetched to think that the prof was keeping tabs on who logged into his DropBox, to see who was collecting the class files on time and such. That seems like a fair thing for him to do.  But the idea that he would have the interest and time to continue to "stalk" you after you'd graduated seems much less likely.

That on top of your suspicious that multiple past employers were deliberately repeatedly hacking into your personal devices does start to seem highly unlikely.  If there was malware in software that you continued to use then that might explain some of the activity you're seeing, but frankly some of this sounds a little paranoid - like interpreting coworkers' small talk about your weekend to mean that they knew what you'd been doing online...  I just can't imagine why your former professor and multiple employers would be this interested in your mundane personal life. 

Jul 6, 20 8:47 pm  · 
1  · 
SneakyPete

I've heard of bosses that monitored network traffic and used it for legal action against employees when they quit because they downloaded stuff from the server before they left.

 · 
5839

I've heard of that sort of thing too - but the OP is saying that he was doing absolutely nothing of a personal nature on the company's servers and that at least 3 different firms hacked into his personal phone, email, etc. that had never been used on the employer's systems.

1  · 
SneakyPete

Right, totally different thing, I agree. My story was to inform any innocents out there that not all bosses are good people.

1  · 
Formerlyunknown

I've experienced the opposite: some former employees who have continued to get into various company accounts after they'd left our firm - usually for the purpose of using paid memberships and licenses. But as an employer I have most definitely not done anything to get into any current or former employee's accounts or devices, nor have I experienced anything that suggested that was happening to me or anyone else in any of the places I've worked. I could believe that there is some stalker employer out there somewhere who might try it, but the odds of getting three of them in the same person's career seem astronomical. OP do you have any theories on why you think all these people wanted to stalk you?

1  · 
ProgrammingKing

formerlyunknown- no absolute idea besides the location being In Silicon Valley. The first two employers of this event was more brief (emails logged in from a few devices registering ips on the same company network typically noted at times I would travel or long lunch meetings away from office, etc) maybe a 6-7 times each but nothing to the level of the third office where it was consistent weekly and obvious with the superintendent’s “look what I can do/hacker clue game.” He was very disrespectful and downright childish and nasty to a lot of the newer/intern level employees so it didn’t surprise me. I just knew it was being done in that office by multiple parties which I assume was lead by him considering being the most vocal. I’m an extremely hard worker, always stayed late, showed up early, and was raised on the ideological “walk with a big stick” attitude towards confrontation, so I cannot think of any reason why I would be a victim to those measures. I have no earthly reason to be paranoid, as I’ve not encountered this previously in my life, or now, and I have software that allows me to trace and ping the ip network location and devices. 


5839- yes, it is only my speculation about my professor. no matter how much evidence is presented, it can not be tangible unless caught in the act -regardless of the .bat malware embedded in sketchup app data folders with the same time, and date created as the installation, which happens to also have been traced with key logging attempts to my computer and creating a .txt file of keystrokes made from my browser once sketchup accesses the online login status. As far as Dropbox, the random ip device was logging in to my account during the week of downloading Sketchup and continued to do so months after studio. Unfortunately, I did not have the knowledge of software security to the level I do now until my first year of software development classes.


And, I’m aware of architecture professors personality roles in studio supervision of worth ethics and the various tactics. I had quite a few of those. What I’m describing to you is beyond that- stretching the boundaries of privacy within your personal life and career life. Paranoid? I think not - although I know the odds seem unlikely for a reoccurring immoral situation, this truly went on. Like I said, I hold no sympathy card, or pity party, it honestly aligned me for a greater journey in my life while still allowing me to complete my first goal, which was to get my Architecture license. 

Jul 7, 20 2:21 am  · 
 · 
Non Sequitur

Paranoid? evidence points to yes.

 · 
ProgrammingKing

Oh ok thanks doc for your brilliance

 · 
Non Sequitur

you're welcome.

 · 
archinine
Could the dat file embedded in the sketchup be malware the employers weren’t aware of? Google loves to collect data on its users. An architect though? I have a very difficult time believing any of them are that enterprising/tech knowledgeable let alone that they have the time nor care about you personal doings. Most can barely use cad, I can’t imagine they could navigate the type of software you describe. Also if you never used your cell phone for anything, what ties exactly were there to the phone?

Indeed sounds overly paranoid. Maybe there was some malware along the way but far more likely your employer was an unwitting conduit not the culprit.

You don’t need to monitor keystrokes to identify underperforming staff. It’s evident in their attitude and the work that gets turned in.
Jul 7, 20 5:12 am  · 
 · 
ProgrammingKing

True I can’t rule that out. Anything is possible I’m just presenting the facts that keylogging was found and traced from the sketchup installation. And yes google does have a somewhat similar process of monitoring but that’s in regards to your user login not a spread of key log from various browsers. I actually design 3d cad software so I’m quite familiar with the programming stack of such software.

 · 
randomised

Seems like you're working on an architecture-spy novel/script of sorts and try to pitch the idea. Robert Redford could play you if this was 1975.

Jul 7, 20 6:35 am  · 
 · 
Non Sequitur

I’m not old enough to understand that reference.

 · 
randomised

.

 · 
ProgrammingKing

Haha i actually love that flick tbh

1  · 
SpontaneousCombustion

The one thing that the professor, all these employers, and all your and
your employers' browsers and devices have in common is you.  It sounds like you need to stop installing old, contaminated software, and
disinfect all your devices.  Why were you using a years-old copy of Sketchup from your student days on your work computer anyway? 

It sounds like you have enough software knowledge to discover things that others wouldn't necessarily be aware of, but that you're attributing far too much purpose, ill will, and know-how to your professor and all these separate past employers.  The spreading keylogger is malware that the professor probably had nothing to do with and didn't even know was there.  By taking this software with you, you then spread that (and who knows what other malware) to your own devices or browsers and to your employer's. This is one of the reasons that most firms don't want employees to install their own stuff on work devices. 

I would guess that the look of shock on that last employer's face was not because he'd been busted in an elaborate spy campaign, but because your accusations were... surprising.


Jul 7, 20 10:19 am  · 
2  · 
Wood Guy

Occam's Razor says you are correct.

1  · 

I was doing contract work with an employer who monitored all of your work email.  It was creepy and I told them as such.  Their response was that it was their firm and equipment so they had a right to do it.  It was especially weird because it was a small firm and I had no idea how the partner was able to devote so much time to monitoring emails.    

Needless to say the lack of trust was one of the reasons I decided not to take a full time position there when offered.  

Jul 7, 20 10:50 am  · 
1  · 
SpontaneousCombustion

Most firms have the ability to monitor work email. Some are upfront about it and have a policy stating that they may do this, and others don't tell you, but if you're using their email accounts then they are certainly able to do that. But telling you that they *may* monitor your email isn't the same thing as actually doing it. Most aren't actually doing it, at least not on any regular basis. The thing to understand about firms' email is that it's all discoverable when there's any legal action or insurance claim associated with anything you've worked on - and the firm has no control over that - so they do have a valid interest in being able to access your communications that are from their accounts, for quality control purposes. So you might as well be in the habit of writing all work emails as though somebody is monitoring them, even though nobody probably really is at the moment.

 · 

I understand that. This situation was a bit odd though. The partner would review every email everyone sent. If you got an email from you domestic partner through your work account saying 'sorry to bug you at work, don't forget to pick up dog food' the partner would swing by and tell you not to forget to pick up dog food on your way home.

They also did this with your private email accounts that you'd access over a work pc.  If you used personal email outside of your break times you where yelled at for it.  It was weird.  

 · 
SpontaneousCombustion

Yeah I can see that being weird and annoying. Our insurance company makes us go to a seminar every year where they tell us we should be spot-checking all employees' email regularly, and reminding them not to use it for personal or non-work purposes, but even they don't tell us to do it to every email. For that we'd need to hire an Email Monitor. And then who would monitor the Email Monitor's email?

 · 
randomised

I always assumed the "boss" reads the work emails, so simply never used it for personal stuff. I have a phone for that, which I never connect to office wifi...

1  · 
kristian96

This is not the kind of thread I was expecting to read. I think the OP has paranoid ideations, which require a psychiatric check up. There's no shame in that, it's a common health problem.

On a different note, Zaha Hadid Architects were hacked recently:

https://www.zdnet.com/article/hackers-threaten-to-leak-data-from-high-end-architecture-firm-zaha-hadid/

Jul 7, 20 6:18 pm  · 
 · 

If you run admin on Dropbox you can basically see what has happened forever, all clicks.  If you run the email accounts you can also pretty much read all the emails.  But for the most never need to do that nor basically don't give a shit.

There are easier ways to get information and confirm if someone is getting information - it's called talking.

If you're really worried about being spied on you can pretty much plant false information and let it play telephone between humans and see what happens.  Now by false information it can be as simple as "I like burgers with avecado's.", etc...

lastly, some of the best spies are Architects, especially those who get international and wealthy clients.  It's not James Bond spieing, it's basically insider trading info you can relay to a government who has interest.   Interesting to note, the Soviets always thought verbal spying was important vs the USA which always though "visual" (TXT) was important. 

Eero Saarinen (for example as an architect)

Jul 7, 20 9:12 pm  · 
 · 
ProgrammingKing

bingo! You just summed up what I was hoping to hear and some things that make sense with the clientele of some offices which link to possible “espionage”. I’m not going to waste my time replying with the insulters and paranoid peanut gallery comments on here. I’m self employed, I know how software works in my sleep and what all files are inline with programming- I guess unless you understand programming it’s hard for others to understand how it’s traceable even with a spoofed IP address and Mac addy. It’s also not hard to google and see there are tons of corporations caught doing this to the point California proposed a law on spying at the workplace. this happened many years ago so obviously I’m not worried about it over catching sleep. I’m actually blessed it happened, I just wanted clarity if others had experienced or knowledge of this and to help others. A few grumpy architects in the chat apparently lol 

Jul 8, 20 11:34 pm  · 
 · 
Non Sequitur

And the paranoia and false sense of importance grows stronger.

 · 

unless you have something they want, there are weasley people out there...but clients can do this is as well, pretty sure one company engaged us to figure out what happened to the other company, that was apparent in conversation. have had some clients where a background check of myself and staff surely happened...one old boss was a Sea Bee (Navy architect) and he said on their "top secret" projects they would do the core and shell and then basically a black ops team would come in and do the MEP stuff unbeknowenst to them of course. So even with the military the military you didn't know everthhing.

 · 

Block this user


Are you sure you want to block this user and hide all related comments throughout the site?

  • ×Search in: