ULPT Request What’s the best way to take documents without IT knowing?
Posted by Raventhefuhrer@reddit | UnethicalLifeProTips | View on Reddit | 203 comments
I may be leaving my company soon, and I want to take some excel/word documents that would be useful to me in my new role. Mainly personal notes, spreadsheets with formulas I’ve made, etc. but I’m sure my company would view those as company property and probably check if I’ve taken anything and might cause problems for me if discovered.
I know they have Dropbox and iCloud blocked and I believe USB are blocked as well. I was thinking about making copies of all the documents I want and renaming them to something innocuous and then uploading to file sharing site that’s not blocked (ex Mediafire) but I was hoping someone might have advice on the smartest way to evade detection.
Thanks
Whole-Iron-6962@reddit
Zip the files in a password protected archive. Then change the file extension to something innocent (jpg, mp4, etc). Take care to name the archive appropriately. Then use any file sharing service (WeTransfer), or just email to send it to yourself.
sn0b4ll@reddit
This leaves logs for creating the archive, changing the file extension, and then also the upload (the later one multiple times, for example on the PC, on the DNS-Server, the proxy server, firewalls etc.).
Whole-Iron-6962@reddit
I would consider that if I was trying to get away with murder. Whatever you will do will leave logs. The aim here is to bypass automated scanning tools and not to attract attention.
sn0b4ll@reddit
From what I understood is that the original question was aimed toward exfiltrating data because he was fired. This is kind of investigation which is conducted when you think a person in the company leaks confidential data. So if the employer suspects that the person took said sheets with hima and hires a company to prove it and this way chosen, he would get caught (as long as the foresic company is doing an OK job) 🤷
katzohki@reddit
Even better, use the copy /B trick so that the file opens and looks like a regular jpg. Or steganography
Upstairs_Goal_9493@reddit
Hey, IT guy here. If you can access Gmail, create a draft email, attach the things (DONT SEND) and then pull up the draft on another computer. That one has the best chance of succeeding. Also, if you have chrome you can try to use its built in RDP feature, but that's more likely to be blocked.
Cheap-Syllabub8983@reddit
That's known for being the trick that Petraeus used. But it's unnecessary in this case. If you can log in to gmail and upload something, you have already exfiltrated it from the corporate network. It doesn't matter what happens after that, your company can't see it whether you send it or not.
It mattered for Petraeus because he was CIA director and the FBI were investigating him so could intercept emails, subpoena google etc. Your company can't do that.
Raventhefuhrer@reddit (OP)
Yes but at that point they can still see that you uploaded something from the computer, is it a distinction without a difference? How detectable is it?
orTodd@reddit
I work in IT and we have software specifically for data loss prevention. It can tell me where you went, what you did there, what keys you pressed, how long you were there, etc. I can even pull up a screen recording of you doing it.
If you log in to your personal email in a browser, I can see every email in your inbox/sent. Pro tip: don’t log in to your personal email on a work computer.
destinys-grandchild@reddit
Any recommendations on how to remove access or delete the personal information? Will deleting cache/etc work or is all that stored away?
orTodd@reddit
Once it’s logged, there’s no going back.
Snoo_13783@reddit
Can this work on a work given iPad? As far as I’m aware, I’m the “owner”of it, as it was set up in my name, no company stuff installed, just apps I need for my work abut I am on company Wi-Fi
orTodd@reddit
Go to settings -> vpn & device management. If you see profiles listed then assume yes.
Cheap-Syllabub8983@reddit
Go to Gmail.com from your work pc. Click on the lock in the address bar and look at the certificate for the connection.
If the issuer says Google Trust Services, you can upload stuff and your company probably can't see what you uploaded.
If it says that the certificate issuer is your company, it is being monitored and they can see everything you send or transfer.
tankerkiller125real@reddit
Our EDR/XDR solution knows exactly what was uploaded to what sites, without changing the certificate. This is old school advice and hasn't been accurate for at least the last 8-10 years.
daniel7558@reddit
That's not foolproof. You should verify that the certificate (fingerprint) is for a certificate that belongs to actual google. They could just deploy the same certificate hierarchy with the same names (though admittedly, quite unlikely).
Cheap-Syllabub8983@reddit
All sorts of stuff is technically possible, like it could just be constantly recording the screen which you would have no clue was happening.
But if this is just a normal corporate environment, they're not going to be doing anything too complicated.
jooooooooooooose@reddit
There's also the "can they" vs "will they" dilemma. I worked for a startup that logged every keystroke, came up when a senior employee left in a bad circumstance, but I strongly doubt keystrokes were getting pulled for most people. OP knows their situation best it really depends
Cheap-Syllabub8983@reddit
Yeah, it's easy to log every keystoke. But if you wanted to check up on every keystroke, 50% of the company would have to be security analysts. And quis custodiet ipsos custode?
Cloudraa@reddit
yeah if this were to happen on one of our machines it would just get screenshotted automatically even if it didnt get blocked lol
Cheap-Syllabub8983@reddit
That's interesting. Is that Microsoft Recall? And does it generate alerts based on analysis of the screenshots? Or is it just an archive, which something else would have to prompt you to look at?
nomoreimfull@reddit
So, can one do this trick to any online email account?
Cheap-Syllabub8983@reddit
Yes, but. It has to be on a computer that you control, so that you can install your own root certificates on it which override Google's. And then it has to be on a network you control so that the traffic intended for Gmail can be passed through your scanner.
Needs a pretty sophisticated IT setup. If you work for Lockheed Martin, they're probably doing it. But it's not something that is going to happen to you just because you've connected to unsecured wifi or similar.
WayneH_nz@reddit
An $800 watchguard with the right licenses can do this.
WasSubZero-NowPlain0@reddit
Or just any org that uses group policy and a firewall on all paths to the internet?
mycatsnameislarry@reddit
Have you thought about using pastebin for your notes? You could paste your formulas there too.
kungfungus@reddit
That's old information and not working anymore. That is, if they get access to personal email it's by some type of court order and you are fucked. They can retrieve it all.
Cheap-Syllabub8983@reddit
They would have to already have something pretty convincing to get a court to order access to your personal email. At that point you're already fucked. Messing about with drafts doesn't help you.
Citizen44712A@reddit
Yes, they can, just not as easily.
First, they have to sue for theft of IP, they can request through the judge subpoenas for data from Google or whoever, real time intercept not likely.
For OP, is it worth maybe spending a few years in court over it? Of course, it also depends on what sector of business you are in.
stupidugly1889@reddit
IT guy here for the federal government. Don’t do this it will be traceable
Upstairs_Goal_9493@reddit
The feds are a different ball game lol
tankerkiller125real@reddit
IT Guy for a 20 person company, we can trace stuff like this too. It's part of our Microsoft licensing. In fact just 2 years ago we had a user do basically exactly what was suggested here.
That user ended up losing their job with their new employer when the new employer found out what they were being sued for, and as far as I'm aware, they haven't held any decent jobs in our industry since.
BuyThisUsername420@reddit
Menial worm working under HIPPA AND SOC don’t do it - in an unrelated field I caused a huge disclosure, given they shouldn’t have kept everything in a word doc but still
nicholus_h2@reddit
is there anything that won't be traceable?
deadlygaming11@reddit
Typically, no.
GhostsOf94@reddit
Write the formulas down on a piece of paper
AndrewTheAverage@reddit
Write it in tiny letters on the back of your ruler or eraser like in the old days 😆
brookling@reddit
lol
nicholus_h2@reddit
what if there's hundreds of formulas?
what are the references in the formula? if you write down B2+B4, what's B2 and what's B4?
yourshittyneighbor@reddit
Memorize the formulas
mindsunwound@reddit
With a pen, on your penis, they'll never thing to look there!
GrinderMonkey@reddit
I might think to look there
TorrenceMightingale@reddit
Are you looking there now?
East-Psychology7186@reddit
Name check out
AndrewTheAverage@reddit
Everything is traceable. But some things are blocked, some things raise alerts, some are likely to be looked into if there is a reason, and some are unlikely to ever be looked at.
It's that 4th group you want to find.
Every file you open leaves a trace, as does every thing you print and every site you go to.
Encryption or changing the name of a file only indicates intent
Diem480@reddit
Just take pictures of the notes and formulas with your phones camera. Ez pz.
nicholus_h2@reddit
hundreds of formulas? doesn't sound ez pz to me...
ImOnRedditForPorn@reddit
OCR is a thing, built into most phones now too
wizardsrule@reddit
Not if they use monitoring software that records the screen.
Raaka-Kake@reddit
If this place uses mediafire, they aren’t that sophisticated
geegol@reddit
Correct. It is traceable as a DLP system will pick it up.
_espoir@reddit
Please don't listen to this guy. I was working in a major company and this is exactly the same way one intern tried transfer his documents before his internship would end. In fact, everyone in the department got notified by IT about this and it caused major backlash.
Upstairs_Goal_9493@reddit
Again, extremely company dependent. Larger companies like yours would absolutely have those rails in place, while smaller ones likely won't. If your IT department has a handful of people in it, you should be ok.
oystermash@reddit
Okay Evan Smoak...
noel24191@reddit
One guy did the exact same thing in my company and got caught.
InclinationCompass@reddit
What’s wrong with using a USB thumb drive? That’s what I do, especially for large files.
Upstairs_Goal_9493@reddit
Most companies have USB locked down for this reason.
sidewayslinky@reddit
Flipper zero? It can show up as a HID device and not as storage but can be used as a storage device.
InclinationCompass@reddit
What if people need to plug in mouse or keyboard?
BentGadget@reddit
The lock prevents storage connections.
erbush1988@reddit
This is how the 9-11 hijackers planned their attacks!
It's a valid and good strategy.
https://www.pbs.org/wgbh/pages/frontline/shows/front/special/techsidebar.html
LettuceTomatoOnion@reddit
I bet they block all the major web based email apps.
Upstairs_Goal_9493@reddit
It REALLY depends on the company and size. Larger companies tend to lock that down more, while smaller ones tend to have more lax controls. At the same time, a publicly traded company with 300 employees may have stronger security than a regular company with 600. A lot of factors go into overall security needs.
sparesomechange20@reddit
Cant they just stealthily video record their whole thing?
StevieG-2021@reddit
You can also try labeling them as medical documents which are covered under HIPAA rules (assuming you are in the U.S.). Or make the email the name of a law office and label them “attorney client privilege “. Neither will absolutely stop someone from reading them but it may make them think twice about it
zaahc@reddit
This is the misunderstanding that just won’t die. HIPAA only—it ONLY—applies to medical providers. If anybody else is in possession of your medical records, they are not bound by HIPAA. If you share them with someone (a lawyer, a family member, etc.), that person is not under any HIPAA obligation to protect them. Other laws may come into play, like in the attorney example.
Attorney-client privilege wouldn’t apply here. First and foremost, it doesn’t apply because it’s not actual correspondence between you and your attorney. Second, notes that you intend to send to an attorney are not privileges until they are actually communicated. And third, that privilege binds the attorney and governs document discoverability, but if you used your corporate network to transmit those documents you’ve almost certainly waived that privilege.
milee30@reddit
HIPAA would not apply here unless the employer is a medical provider.
Disastrous_Photo_388@reddit
The login screen of any decently legally advised company will tell you that by logging in, you agree the computer/ network/ all digital material is property of the company to be used only for work purposes and strictly prohibited for personal use with zero expectation of privacy.
enoughisenuff@reddit
Companies configure browsers to be man in the middle in an http session so that they can traffic
So company will see all your traffic out to Google email
Not a good idea
Upstairs_Goal_9493@reddit
Depends on the company tbh. Some companies won't have any "alarms" in place for that. Some do.
enoughisenuff@reddit
Yes. Some do. Hence the risk.
Raventhefuhrer@reddit (OP)
Question, if you were going to attempt the email drafts thing, would you rename the file to something inane and mix it in with a bunch of other personal files to try and evade detection? Or would it be better to not rename?
What makes it less likely to be detected?
RazPie@reddit
Wow yeah!!!
cinred@reddit
Doesnt work in many environments.
Upstairs_Goal_9493@reddit
It really depends on the company. Anything over 500 employees? Likely locked down. Less than that it's hit or miss
Raventhefuhrer@reddit (OP)
At worst they can prove that I made a draft with certain documents but they can’t prove that I sent it, right?
grimsolem@reddit
Compress with a password, and check the option to encrypt filenames/structure as well. Make some changes to the files or add a new/random file into the archive to ensure the final checksum won't match if the IT guy is smart enough to check this. 7zip works well for this.
stupidugly1889@reddit
This is going to throw up red flags
AdditionalLaw5853@reddit
If you can rename the documents, do so. Send, then reinstate correct names.
InclinationCompass@reddit
Sending is not needed in this case
olijake@reddit
Except the OP comment explicitly said not to send. Just in case it wasn’t clear. A temporary draft will still work.
BoredBSEE@reddit
Brilliant
Raventhefuhrer@reddit (OP)
Awesome idea, thanks.
cocobear13@reddit
I second the motion. This is my number one way of transferring between my computer and work phone, etc.
Doublestack00@reddit
The only 100% way for them to never know if take pictures of your screen at work using your personal cell phone the recreate the docs at home.
No-Sell-3064@reddit
There's actually a box you can put in between your computer and monitor which can record the image on the screen. I think it's how some movies are pirated from streaming platforms.
hulagalula@reddit
It’s also how streamers capture their game play for their channels. Something like https://www.elgato.com/us/en/p/game-capture-4k-s for example.
deadlygaming11@reddit
Huh. I always assumed it was done through VMs, but that way makes more sense.
geegol@reddit
Correct.
jez2a@reddit
Email it through your printer.
Raventhefuhrer@reddit (OP)
How does that work?
HalfaYooper@reddit
Go to Google drive and recreate the form by just cutting and pasting the information from the local document.
awesomeqasim@reddit
Many places completely block Google Drive, OneDrive etc
Strassi007@reddit
Clipboards can be monitored rather easily.
fireandbass@reddit
Defender can do clipboard monitoring.
JohnLef@reddit
Print a copy of your Excel doc and then print another showing formula.
Easy to recreate that way.
Ok-Click-80085@reddit
was going to dox you then realised you're American and idgaf
should be careful what you post online (especially when admitting to potential felonies), I found your real name and address just from your profile!
BlaMenck@reddit
Create a second linkedin account and send them via the chat as an attachment. Doubtful linkedin is blocked
deadlygaming11@reddit
It probably isnt, but the actual act of uploading will almost certainly be flagged.
geegol@reddit
Data loss prevention can prevent this.
I_Sure_Yam@reddit
Befriend and bribe the IT team with food and ask for the files. So long as it isnt obviously against policy, and more of a grey area, they probably wont care of you take the files.
The IT team where I work, is allowed to forage/graze for snacks and candy in my department's office whenever they want. We get first dibs on new equipment and computers. They unlocked sites so we can watch netflix and stuff in our office.
deadlygaming11@reddit
This is the safest and easiest way. IT are human and will likely accept any bribe that isnt risking their jobs majorly.
intensenerd@reddit
Am an IT guy. Am bribed easily by snacks and soda. Got some great relationships that way.
sumsabumba@reddit
Lol, graze.
ExpressCap1302@reddit
If you can't beat them, join them.
Walleyevision@reddit
As someone who has to surrender devices for deep-level Forensic review due to security clearance and the clients I work with, my best advice is -don’t- try and take anything with you.
-You hook up ANY USB based devices on Windows/Mac, the serial number of the device hooked up is logged inside your Windows Registry or deep inside the Mac’s system files as well. There will be a record that you did hook something up, even if the copying was just one way.
-Good chance your Cyber team has already installed a form of “screen snapshot” solution that takes periodic snapshots of what you are doing on the computing device. There’s literally a slideshow of everything you do/see on your PC going back weeks if not months. Its searchable also.
-So many other DLP and EDR tools that monitor endpoints (your PC) looking for file transfer attempts. Even dragging and dropping to a “dead box” like Gmail drafts in a browser if not outright blocked directly will trigger a server-side alert for later review (see screenshots above). Gmail/Yahoo email headers viewed in your browser accessing those personal emails will be recorded as well.
-Any file movement on the device itself, such as deleting something/moving files around, will be recorded.
-Slack, Teams Chats, Zoom Chats, etc etc….all are being monitored for data exfiltration.
It’s also not at all uncommon for a recently-departed employee to have their entire PC forensically imaged and if they DO see that you at the last minute exfil’d a bunch of company data, it gives them reasons to pursue legal action, even if “soft” like not paying out final bonus, etc until you explain what happened. You can also be fired for theft of intellectual property, or sued and it’s not difficult to get a judge to sanction you from working for some period of time over such actions.
My best advice is just don’t take anything. If you made/edited a file while on company time and its on a company device, it’s technically THEIR property, not yours. And if you created it yourself, there’s absolutely nothing you can’t recreate on your own at a later time. Next time, if that big of a boost to your job, consider creating it on PERSONAL equipment and then sending a copy to your IT department to put it into service for you on your work PC. It’s your property then, with a proper paper trail showing you provided it from a personal source.
PurpleToad1976@reddit
Use windows snipping tool to take pictures of the documents you want. Attach that image to an email and send it to yourself.
dustv1n@reddit
Screen-shots FTW
Mr_Fried@reddit
Screenshots in an iphone photos album. You can literally search names and phone numbers.
Just make sure the webcam is covered and you only photograph things as you open them for genuine use - that way ai software looking for suspicious access patterns wont pick it up.
mistas89@reddit
Unfortunately if it's excel, then they probably want the formula. And it's mightily inconvenient to take screenshot of large formula on a phone.
Just saying. Not trying to poke holes in your argument. if your's the only way, then gotta do what you gotta do.
Plz_DM_Me_Small_Tits@reddit
You can always ocr it after the fact as long as it's readable in the pics
Disastrous_Photo_388@reddit
There is a print setting that you can invoke to print the formulas in excel.
AverageCalifornian@reddit
On iPhone you can copy and paste text from screenshots. Might be the best way. Cover your laptop camera too OP.
nrdgrrrl_taco@reddit
and use chatgpt to convert back to text
Ambitious_Jeweler816@reddit
This is it
Mm2k@reddit
Screenshots.
Sammeeeeeee@reddit
As an IT guy:
Is it saved locally on your pc? If yes, get your bitlock key, boot into hirens and go crazy from there. Probably best to put it onto a usb and they will never know.
d0gtanian@reddit
NAS drive and use the web portal via web browser. If blocked by IT security policy and have NAS on your local network, ftp to it.
nathan_borowicz@reddit
OTA data transfer via speaker/microphone, if you really want to be untraceable.
Look up MOSQUITO attack and the tools derived from that.
geegol@reddit
2 words: good luck. IT guy here as well. We have these things called Endpoint detection and response tools (EDR tools) as well as Data Loss Prevention tools (DLP tools). Data Loss Prevention is in the name: you try and plug a USB drive in to extract data but the drive will be read only. You cannot write to that drive.
DLP's work on email, USB thumb drives, external hard drives, if you try and plug another computer into your work computer to share data, etc. It will be blocked.
EDR's will catch this too and stop it. Depending on what email you use, what attachments you send, can be scanned by an EDR or a DLP system and will stop the attachment from going out. Also if you have an internal Security Operation Center, you will definitely raise some suspicions and they may lock your computer and contact your manager. Your accounts will probably be disabled as well.
OneDrive can be managed and you won't be able to download files from OneDrive onto your personal computer. Or, in other words, download managed data onto an unmanaged device.
I am not sure exactly nor do I condone this type of behavior. As I said, good luck. If you do attempt it, the EDR and the DLP system will log it and you could be ultra boned. They may even be able to sue you for attempted data exfiltration or charge your criminally.
But it depends on how sophisticated your IT department is set up.
If you want these files so badly, literally ask your IT department that you mainly just want the formulas (if you created them). Sometimes an IT department can be flexible, sometimes they cannot. But it is always better to follow the rules than to break them and get caught.
I know of a guy who tried to do this (he was in your exact same situation; he wanted to get data from his work laptop onto a personal laptop as he was transferring companies). Our DLP caught it and his accounts were locked, his laptop was locked etc. all due to the DLP picking it up. He ended up getting terminated for attempting to exfiltrate company data.
Do not do this. If you get caught, you could be charged criminally or be sued.
Neuro_88@reddit
Wow. Great comment here.
feelingsupersonic@reddit
Discovered this by accident, was not doing anything malicious in any way. If you can use Remote Desktop Connection, just connect to your personal PC over the network. Copy/paste works. The connection to that device would be logged, but it would most likely only be a local IP address (e.g. 192.168.1.xx) and wouldn't mean much.
Ok_Yam_6767@reddit
Take hard drive and clone it? Load it up on a sandbox machine and pull the data you need from there? I’m not a pro, but pretty sure I could google my way thru that… thoughts from smarter people?
TheManWith2Poobrains@reddit
PW protect a zip, change file extension, and upload to a service you use for work, which you can also access remotely. Do it at the same time as uploading genuine assets. Download and delete.
For example, Meta ads manager if you work in marketing. An ERP if you work in e-commerce.
WasSubZero-NowPlain0@reddit
The extension won't always save you. Any good file scanning mechanism should be using headers/mime type. And block zips that it cannot scan.
TheManWith2Poobrains@reddit
Indeed.
I mean, you could start to embed data behind images or video, but at what point does this become international-level espionage vs just wanting a cheat sheet at your next job!
katzohki@reddit
Here's an IT question: say I used Box for work, but logged in and uploaded to a personal Box instead. Would that flag or ping anything?
TheManWith2Poobrains@reddit
Do they have SSO for Box? If not, the site wouldn't flag, and as long as you visited in private and didn't save PW in browser I think you'd be fine. I would upload things to Box via your work account in non private browser at the same time.
I guess all this depends on how large these files are, and what software you are able to install without raising suspicion. WhatApp would be solid, but likely to raise a flag.
Another idea - open a work Zoom meeting and transfer a file to yourself on your mobile. The log might be a challenge on Zoom though.
katzohki@reddit
Last time I was at a place that used Box they had SSO, but you could also log in without it
TheManWith2Poobrains@reddit
Yeah, basically unless you are in the Pentagon it's easy to smuggle small files out.
I was seconded to a company that dealt with board presentations for large public companies - kind of a secure file sharing service for meetings. Didn't want that content leaking anywhere. Opsec was OK, but I ended up accessing some dummy accounts that were not dummy, entered the secure area no probs, and they failed to collect my pass when the secondment ended.
katzohki@reddit
There's always a gap somewhere
westsidecoleslaw@reddit
Got a work iPhone? I’d personally just save everything to your iPhone’s filesystem, and then airdrop them to your personal iPhone. That, or just printing hardcopies during the workday and scanning into my new device (NOT after hours, large exfiltrations after hours ALWAYS throw red flags).
alice_r_33@reddit
Would this actually work??
QueenBKC@reddit
Print. Take elsewhere. Scan it as a PDF.
Nicktheschip@reddit
Email your IT support help desk email from personal email cc your work email say you got locked out. You get back in. Email same chain with personal email cc’ed that you are having trouble with these files and attach them to the email with your personal email still cc’ed.
txharleyrider@reddit
bluetooth file transfer to another computer. Just did this for a friend who was recently laid off and had all their personal docs on their work computer
olijake@reddit
Still detectable but they probably wouldn’t care if they checked as it was just personal files anyways.
As a general rule, never mix personal and work data on the same (work) machine.
txharleyrider@reddit
What’s interesting is right after the announcement they did a forced computer update that blocked USB’s and sending emails to external inboxes, standard offboarding procedure. But didn’t block the Bluetooth file transfer.
mrchowmein@reddit
standard protocol when you know youre gonna get laid off. kill the wifi.
olijake@reddit
Interesting. It probably was too much effort/too complicated for the trade off.
Either way, there are system logs of Bluetooth, so even if it’s not in their deterrent block list, you should still try to follow best practices.
mikemojc@reddit
They likely just didn't think of it, as it's a bit old school, and was never really a common practice.
Not unlike most of the best exploits.
geegol@reddit
This is detectable. A Data Loss Prevention system will pick this up and stop the transfer.
sn0b4ll@reddit
This leaves a lot of traces and will definitely be cought in an forensic investigation.
LyZeN77@reddit
how does it leave any trace? do bluetooth transfers get logged on windows?
sn0b4ll@reddit
At least traces for the connected devices are stored to the registry, including the datetime. Depending on the type of connection and log configuration there will be additional logs written, yes.
kungfungus@reddit
There's no such thing as "personal notes". Everything belong to the company, including your admin, kinda part of your paycheck eh.
However, depends on how big the company is and if they'll check the history. If you have some weeks before you go just print it and pray they won't connect the dots.
If the company find out, it'll be a theft of intellectual property, corporate espionage and loss of potential revenue. If you steal shit like big client information, they'll come for your ass.
Spicyboi333@reddit
Personal notes are a thing. Handwritten notes about meetings, decisions being made, even calculations are well within my rights to keep for personal records for audits or anything god forbid I need evidence/proof/justification in the future. All of this is 100% fine as long as you are not stealing company IP (pricing, client lists, etc.).
Now if ‘personal notes’ are excel spreadsheets you developed on company time, company templates, etc. then yeah, that’s not yours. Also if you’re doing something egregious like methodically copying down entire client lists to poach or pricing, yeah that’s not going to hold up.
BullPropaganda@reddit
Try plugging in your phone. My work computer locks out instantly if I plug a USB into it. But if I plug in my phone, I can transfer files freely. :shrug:
nakfil@reddit
Here is an overly complex, impractical but might work method. And it's high risk which should get your pulse up, which is part of the fun. Because if you get busted, it would look REALLY bad.
First, ask a colleague if they'd like some of your templates since they've been so helpful to you. Offer to email them.
Then, register a typo-squatted domain for your company. For example, if your company domain is domain.com, try dmain.com. This might take some effort if they have already registered many domains to prevent typosquatting, phishing, etc...
Then, setup an email forwarder at that registrar to forward mail sent to coworker@dmain.com to your personal address.
Email that address with the attachments, with a friendly note. "Hi coworker! I hope these templates are helpful for you after I leave!"
If you get busted, play dumb. "OMG I am such an idiot I mistyped our own domain! You can ask coworker about it, I meant to send it to her."
Now, you could get in really deep shit if IT investigated this more or some email security tool flagged this.
Like, dmain.com was just registered the day before you "accidentally" sent an email to it? Then, they'd probably decide to go after this domain with ICANN who manages domain names. When your identity is revealed as the owner - expect some unwanted attention!
uhuelinepomyli@reddit
Snowden, is that you again?
FakeAsFakeCanBe@reddit
"Two terrorists on opposite sides of the globe might agree to open 30 anonymous web-based e-mail accounts with 30 different passwords. On the first of the month the first account is used, on the second of the month the second account is used and so on, until each account is used once.
"It's very difficult to catch, because there is no pattern of use," former U.S. counter-terrorism czar Richard Clarke says. "One-time anonymous accounts are extremely difficult to monitor."
One terrorist drafts a Web-based e-mail and instead of sending it, saves it to the draft folder, accessible online from anywhere in the world. The other terrorist can open the same account, read the message, and delete it. The e-mail has never been sent, and cannot be tracked.
Many e-mails are sent on public computers, for example in libraries or cyber cafés, making them even more difficult to trace.
From a link provided by erbush1988
https://www.pbs.org/wgbh/pages/frontline/shows/front/special/techsidebar.html
Consistent-Pipe-674@reddit
Pull it up on your screen, use your phone to take pictures. Untraceable and you get the info you want.
rusmo@reddit
If it’s just the formulas and not the data, save as a template and then do the gmail thing.
Upper-Purple816@reddit
Password protect 7z in a zip. If asked, say they’re personal payroll and other documents you saved during your tenure. No one is going to press this.
68Snowy@reddit
Do you have Teams on a personal device? I send myself a Teams chat if I want to transfer a personal file. Then open and save on my personal device. Also depends how well they lock this down. I have also transferred some files back and forth using Bluetooth with varying levels of success. I can't use USB drives on my work laptop.
geegol@reddit
Data exfiltration is prevented through Mobile Application Management without Enrollment (MAMWE). So if you use a "Bring Your Own Device" model, then the application (Teams and Outlook) are managed apps on an unmanaged device (your personally owned device). If you try and take a screenshot, it will be a black screenshot. If you try and exfiltrate information, the DLP will catch it through MAMWE.
In your situation, your IT department did not have this setup.
lotapa2@reddit
Private GitHub repo. Install git on your PC with git lfs if you need to get big files out. Never been caught
Bad_Becky@reddit
Take video with your phone
Prestigious_Sweet_50@reddit
I can get all my documents on teams and I have teams on my phone. Connect a USB to the phone and move documents to USB on the phone. It's OneDrive I think. If it's proprietary and your company is squrly about that stuff just don't.
stabbingrabbit@reddit
Note to future self do this as you go instead of waiting last minute. Plus you can do formulas on pen and paper.
stabbingrabbit@reddit
Pull up on pc and take a pic with your phone
HeyOkYes@reddit
Save as text files, then rename them as song titles and change the extension to mp3.
Change the extension back to txt when you move them to your home pc.
2pac - Keep Ya Head Up.mp3 is really a txt file of copy pasted data.
TipProfessional880@reddit
Just go the normal route & then turn yourself in before they reach out, saying it was an "accident." Upload the documents to a USB drive then save them to your computer.
Then tell IT. "Hey, I am so sorry, I think I accidentally saved these files to my own USB drive. I don't know what I was thinking."
IT people deal with idiots all day long. So, if you play into that, especially if you turn yourself in to them, it could cover any red flags that may pop up. It's kind of a play on the whole "Act Like You Belong" thing; if you were doing this for nefarious purposes, then why would you be pointing it out to them at all?
arkensto@reddit
Except if the IT dept knew what they were doing they would have just blocked access to all external USB storage devices.
hulagalula@reddit
A lot of the approaches are straight out of the exfiltration playbooks that companies are monitoring to avoid exactly this kind of data loss. There is a non-zero chance that attempting this will throw up red flags if your organization has any decent security in place.
The comments suggesting to take photos of your screen are the safest approaches that have been shared.
If that would be too time consuming then remember that the 2 main ways you are going to get caught are if (1) you trip some kind of automated monitoring that looks for this kind of exfiltration. So things like you accessing a lot of documents you wouldn’t normally access, or greatly increased access rates. Some monitoring will also monitor for large high entropy files being created (signs of ransomware/exfiltration) so some of the recommendations here will actually get you tripped up. The other (way (2) is if someone is suspicious of you potentially exfiltrating data and goes in after the fact to look at the various systems logs and other signs looking for evidence. If you are extracting company info and you then go work for a competitor they are more likely to look into it vs you switching industries for example.
In most cases the juice is not worth the squeeze. If you were looking at this from a whistleblower perspective or other legal engagement vs the organization I would advise you to talk to an attorney first to discuss best practices.
Big-Pain-7383@reddit
Just take a photo of the formulas
RapidEyeMovement@reddit
Use your phone
DasGaufre@reddit
Is overleaf available? I've used my personal account for personal use on the work computer now and then and uploaded a few things without thinking. If it's mostly text you can just paste directly into it.
MuttznuttzAG@reddit
I ‘know someone’ that has USB storage, personal cloud, personal email and lord knows what else blocked on a work laptop. Literally nothing can be exfiltrated by the usual means… Weirdly, however, said friend can bring work laptop home and merrily connect to an SMB share hosted at home and dump whatever they wish there. If you are a tiny bit tech-savvy with another PC at home its really easy to set up 😉
clickyclicky456@reddit
That's exactly what "someone I know" did when they left their last job, and it worked a treat.
RoverTheMoob@reddit
Can you disguise the docs as personal documents before transferring?
Hide all the sensitive info and save something innocuous over the top so it just looks like your transferring personal crap you've had saved on work computer
novakedy@reddit
If you have a company iPhone and another apple device, I don’t believe AirDrop is tracked by anything
Material_Taro5417@reddit
No it expert but if it was me reading these comments, I'd get a new laptop, never connected to anything dealing with your old company and get Microsoft 360 set up. Then basically sit with the 2 computers sitting next to each other and manually make a new copy of the document, altering it along the way so that it is unique and actually sounds like me.
Might not be the most efficient, honestly it might even be the least, what the hell do i know, but your company couldn't say you copy and pasted anything from their servers.
Independent-Cake2@reddit
Zip files with password, rename to familyvacation.mp4, upload to cloud
m-79@reddit
Use the analog loophole and take pictures of the web pages with your phone. Like open it up on your computer and take a dozen pictures of the screen with your phone camera. Tedious to transcribe it later, but 100% foolproof.
Davidat0r@reddit
Another option, if it’s a not too big excel you can just pass it to CSV, and email the content as text, not attachment
Davidat0r@reddit
If you have web mail or you can access your email from another computer you can either:
Create a draft email without sending with the files you want. Then download from home.
Or just send the files to your same email address (work) and download them from home. (They shouldn’t look into your emails anyway but if they do, it’s not illegal usual to email your work address with work stuff so..)
TONKAHANAH@reddit
It really depends on how locked down your systems are and how competent the IT team is.
I don't think I could get anything out where I work, at least not with out getting in a lot of hot water.
Doublestack00@reddit
Take pictures of the screen with your cell phone,
TONKAHANAH@reddit
That really wouldn't work for the sheets I have, well maybe.
The sheets I have I would only want as something to add to my portfolio as they wouldn't be that useful outside of my current job. but then again I also wouldn't want to show something like that via screen shots to any one at a job interview.
I could probably just take screen shots on my work computer and send those with out issue so long as they don't contain any user or business specific info.
jimmybilly100@reddit
Pass the screenshots to AI to recreate them. No more screenshots!
Organic_M@reddit
At my last place, they botched the USB ports but my laptop had Bluetooth so I just sent everything I wanted to keep to my phone (it took a while)
ISHx4xPresident@reddit
If it’s spreadsheets, he’s probably want to keep the formulas as is. Either draft it in Gmail. Tbh, at that rate, you’d probably be fine drag and dropping to Google Drive web it it’s accessible. I did just that leaving a hospital that supposedly super locked down and everything on network stayed on network lol.
1quirky1@reddit
I used https://driveuploader.com/ You link it to a folder in your google drive. Create a burner google account for it.
RedWoodGamer@reddit
Use your phone to take photos of said docs while they are on your computer screen.
katzohki@reddit
Make sure it's physically saved on your work laptop hard drive. Take your laptop home, remove the hard drive and hook it up to another computer. Extract the files. Put everything back the way you found it. Bitwarden and other drive encryption tools defeat this method.
stupidugly1889@reddit
Take a picture of them with your phone and have ChatGPT turn them into word documents
ThePizzaIsDone@reddit
Im old-school, I guess, but if it's simply notes and formulas could you not hand write them down? Or super high-tech take a photo of the screen on your phone?
maximum_powerblast@reddit
Assuming your work is all Microsoft like most corporates are these days:
Put it all on OneDrive
Download whatever you want from OneDrive on your home computer
mistas89@reddit
My workplace has somehow blocked this method. I didn't even know that this was originally possible
grainne0@reddit
Same. In my work you can only open OneDrive on pre- approved devices. You can't add a personal phone or computer easily, I'm guessing it's the same in a lot of places now.
Myceliphilos@reddit
Can you not zip and compress it all and name it something that would indicate personal, like 'wedding album 4' password protect it and it should be easier to copy or move maybe?
Interesting_iidea@reddit
How big is your company? And are you leaving on bad terms? IT generally don’t check unless you’re doing something malicious. My previous company i took some sql queries etc opened up my personal email and sent it to myself, what are they going to do honestly? Unless they find out you stole some confidential client data etc
Technical-Sector407@reddit
Take photos. Only legit way.
GSDragoon@reddit
Github or others like it
taro354@reddit
It might be a good idea to make new files with the templet and formulas saved but contain no company asset info. Then ask if you can have those.
Disastrous-Ad-7231@reddit
I work for an O&G equipment manufacturer with a large IP portfolio (think cranes, drill bits, BOP stacks, etc). I've seen multiple cases where someone on X country thought they would be smart and copy Cad drawings. It tracks all that and HR/legal is more than willing to prosecute. Open a ticket with It. They probably have a bypass available for specific locations or devices. If it's notes, usually they won't care. If they do, they'll either say No/why or just reach out to your manager for approval.
jahk1991@reddit
Are these notes and formulas fairly specific to your job field? If not, your best option might be the ethical route (just ask permission to take them when you leave).
GC_Man@reddit
can you “work from home” and just rebuild everything on your personal computer? i did that once.
AhrimTheBelighted@reddit
Can you write it all to notepad or something and physically print it and then OCR it at home? If a companies IT is worth its $ they'll also have DLP installed or active to know what leaves a device, where its uploaded etc and that may get you in a heap of trouble. But if you can print it and take the papers, no real train. The other option would be yea a disposable site, but not sure how far you'll get if it triggers an alert.
Raventhefuhrer@reddit (OP)
It’s more complicated than printing, some of the stuff I want are very complex sheets.
onmy40@reddit
Are you in an open office space? Or are cameras around? I would take some pictures on your phone if you can.
Cuneus-Maximus@reddit
can you access gmail or some other non corporate email via the web? email copies to yourself via the web mail interface.
print them and take home physical copies, scan and OCR at home.