4

Recently I started working from home (like half of the world these days due to the Corona virus). Work has provided me with a laptop/screen etc. and a VPN to the company network. I only use this laptop for work purposes (but I am logged into Whatsapp and Facebook on it) and not outside work hours (although sometimes I forget to turn it off directly).

Today I received an e-mail from HR stating that they have done some tests, because the network has been bad, and that IT has concluded this is due to extensive use of sites such as Netflix etc. IT has provided HR with a list of IP addresses where this was ascertained. HR has requested everyone to stop doing this immediately. They consider this to be an incident, which they expect to not happen again.

This e-mail was written as if it was sent to the whole company. A list of the 'guilty' IP addresses was stated in the e-mail and everyone was asked to check for themself if it's you (due to privacy regulations, they say). However, I explicitly saw my only name in the 'receivers' of the e-mail, so it appears as if they know who they sent it to and put everyone in BCC?

At first I laughed at it, but when I saw that it appeared to be sent only to me I decided to check the IP. And I've double-checked about 10 times so far, but my IP was clearly on the list...

Now I do watch a lot of Netflix since the quarantine, but I do so on my own laptop/phone and in my own time (or maybe once for 10 minutes on my phone during my lunch break).

Now I assume that they are referring to watching Netflix on the company laptop during work hours. And I want to reply and tell them that what they are saying (or basically accusing me of) is not true. But I also don't want to end up having any kind of problem with HR.

So now I wonder: can IT see what I do on my own phone/laptop, now I have a company laptop at home?

To me, it seems too ridiculous that this is what they are referring to. Besides, I don't think that they can tell me what I can and cannot watch on my private devices outside work hours. Or if I was living with someone, what a partner can and cannot watch on a private device while I work from home. But the e-mail is framed in such a way as if it is already a fact, that it makes me doubt about this.

I spoke about this to someone else, who thought that maybe IT sees that my internet is a problem. Tonight, I ran some speedtests and my download is 19 Mbps and upload is 3 Mbps. FYI: I work in customer service and I call over the internet (and do experience problems with this).

schroeder
  • 125,553
  • 55
  • 289
  • 326
luxafle
  • 41
  • 1
  • 1
  • 3
  • 1
    Is there any way you might be using their network with your personal devices? For example, are you using a wifi hotspot provided by the company or could you be somehow connecting to their VPN? – chillsauce Apr 01 '20 at 00:26
  • 4
    It's hard to say without a lot of missing information. If they sent everyone the email as BCC, everyone would only see their own name. The company would know the IPs of everyone remote connecting. It's likely that some people did stream via corporate connections so corporate simply accumulated all user IPs and sent a mass BCC warning, irrespective of actual violations. – user10216038 Apr 01 '20 at 03:35
  • 2
    What kind of IPs are on the list? Internal IPs from your corporate network / locally private IPs from your LAN / public IPs of your home? - If it were via company net, why don't they centrally block Netflix at their firewall? What they perhaps *can* see is a fluctuation of bandwidth that may look suspiciously like someone sharing their line with a streaming user. However, you share bandwidth even with people not directly in your household ... – Hagen von Eitzen Apr 01 '20 at 06:03
  • @chillsauce: With my personal devices and with the company laptop I am connected to my personal home wifi. The company laptop can connect to their VPN, which I need to do in order to work. – luxafle Apr 01 '20 at 07:56
  • @user10216038: that's exactly what I was thinking. But it bothers me a lot that they accuse me of something (it wasn't just Netflix they were referring to..) and send it to me explicitly, pretending to not know who the people are or not wanting to publicly shame them. – luxafle Apr 01 '20 at 08:02
  • Additional information I thought of later: I think I have logged into my personal google drive at work before. Perhaps my google account is linked to my work? But then still: I watch Netflix outside office hours and on my personal devices. I really don't understand why I would receive a warning like this. – luxafle Apr 01 '20 at 08:06
  • @Hagen von Eitzen: the IP is my personal IP, so from my personal network. They said that if you would check (from the work laptop I assume) and would see xx IP, then it was the work IP, meaning you were connected to their VPN. In that case you had to disconnect the VPN and check again. When I checked on my phone, I saw the same IP. But if that's from my LAN or public from my home, that I'm not sure about.. – luxafle Apr 01 '20 at 08:13
  • Another thought: can they see what I do on my personal devices when the work laptop is still on and connected to their VPN? – luxafle Apr 01 '20 at 09:17
  • 3
    This is a question to ask your IT team. Say that it is your IP listed, but you have not done what they say. Ask about their process for determining the offenders so that you can investigate on your end. – schroeder Apr 01 '20 at 14:23
  • 2
    Does the work you're doing consume an unusually large bandwidth compared to most other workers, and/or might you have been moving a lot of files/data between your work PC and their servers? It _might_ be that the "offending IP-list" was created by looking at the highest-volume users (only _some_ of which they've checked as using Netflix etc.). – TripeHound Apr 01 '20 at 14:40
  • 1
    @luxafle I'm not sure how technical you are so you may have checked this already, but does your IP begin with 10, 192, or 172? If so, this could just be a coincidence as those IP addresses can exist on multiple networks (they are translated to unique IPs by your router/modem through a process called Network Address Translation). It would be unusual and possibly even illegal for your company to sniff traffic from/to personal devices on your personal network. – chillsauce Apr 01 '20 at 14:51
  • seems like the most likely case is the work laptop... it could be configured to always connect to the company's VPN. If you use that for anything but work, they may have flagged it. – pcalkins Apr 01 '20 at 19:35

3 Answers3

1

The other answer is technically correct in saying that it is possible to monitor your network from a device on the network. Sure, any adversary controlled device could potentially be used to pivot and attack other parts of your network, including monitoring.

But, the key word there is adversary. A legitimate company would not be actively attacking your home network from your work laptop. This would likely be illegal in nearly every jurisdiction. If you have evidence that your work laptop is performing malicious activity, that's an (unlikely) different story.

Simply put, your work should not be monitoring any traffic besides what is going through their corporate VPN. Why would they care what you do on your personal network, regardless of during work hours or not? Their concern seems to be resource use of the company network.

So, if you are not watching Netflix on your work computer, then it is likely a mistake on their part, or some other misunderstanding. This boils down to more of an HR issue than a technical one.

My only other thought: do you live in a complex with other residents, all sharing the same internet connection (and public IP address)? If so, maybe somebody else also lives there who works for your company and is misusing the company VPN.

multithr3at3d
  • 12,529
  • 3
  • 31
  • 43
1

Your question can be looked at from two different sides:

  1. Technically: it is possible to monitor activity from any computer if the right tools are installed. Maybe you've connected to those sites for a couple of minutes using the company laptop.
  2. Privacy: They shouldn't be monitoring your activity unless you have signed an agreement for that.

My advice: Ask specifically if they meant the message to you and ask suggestion to avoid doing that for error. (i.e. Connecting while you have the VPN open)

schroeder
  • 125,553
  • 55
  • 289
  • 326
-2

I basically copy and pasted your question into google and the answer is yes.

There are also multiple questions similar to this one: Can my employer see what I do on the internet when I am connected to the company network?

On top of my personal knowledge, when it comes to your person device, as long as your work device is connected to your home network, it can see your network traffic if they really wanted to.

As for your device itself, it can have all sorts of monitoring software you never knew were there since its meant to be hard to detect. Screen capture and all the sorts.

When you connect to their network, if you google "What my IP" you will know if you're on their network or not depending if it matches whats setup in the VPN. I assume they set you up via VPN settings in Windows. If you look at the configuration for that, you will see the IP added. Local IPs could easily be accidentally mistaken for your IP if your network is built similarly. Same subnet, addressing scheme etc. It also depends if your IP is static or not.

Just because you were in BCC doesn't mean you were targeted. My guess is it would deal more with privacy of others. Like if you were to do "Reply All" and accidentally send an email of you defending yourself or keeping email chains separate.

A short answer is, as long as that work PC is on your home network, they have the potential to see anything you do. Legal or not.

ConnorS
  • 11
  • 2
  • 1
    This is highly unlikely due to the context. They are worried about the VPN quality, not any traffic on everyone's home wifi. – schroeder Apr 01 '20 at 14:21
  • 3
    "... *as long as your work device is connected to your home network, it can see your network traffic if they really wanted to. ...*". No, not unless they performed an illegal active and noisy attack on your home router. – user10216038 Apr 01 '20 at 16:42
  • @user10216038 If it is a wifi network then ConnorS is right and the packets can be sniffed passively. On switched networks a noiser attack might be necessary. – chillsauce Apr 01 '20 at 17:45
  • 1
    @chillsauce - Assuming a basic WPA2 connection, you'd have to capture the individual *nonce* initializations then crack the PTK. Possible but not that easy. You're correct if it's WEP, but hopefully no one use that anymore. – user10216038 Apr 01 '20 at 17:58