Thread regarding Cisco Systems Inc. layoffs

Don’t back up personal files

I removed personal files from Cisco laptop before I recently left the company. Was contacted by lawyer that Infosec Alerted counsel of this activity - lawyer needs to see if I took any proprietary files via WEBEX. Big brother.

by
| 6591 views | | 27 replies (last ) | Reply
Post ID: @OP+16CxeMtg

27 replies (most recent on top)

https://www.reuters.com/article/former-cisco-employee-pleads-guilty-in-s/former-cisco-employee-pleads-guilty-in-san-jose-to-disrupting-network-idUSL1N2FS2II

by
| | Reply
Post ID: @2jnb+16CxeMtg

I’m not sure about the Meraki stuff, but the control stuff Cisco put on your iDevice (which can wipe the device) is not necessary to read Cisco mail. I have two phones, one personal, that has nothing Cisco on it. The other is work, and Cisco can control that one. The iPad I’m writing this on has no Cisco control software, and I can read a subset of my mail and calendar.

by
| | Reply
Post ID: @2cvb+16CxeMtg

"You can read mail without Giving Cisco complete read and delete rights on your personal device. You’re just limited to seeing 1-2 weeks of data."

I just opened up General > Device Management (Meraki Management) > More Details > Mobile Device Management

Under the "RIGHTS" section, I don't see read rights (except list some information), but I do see many rights provided including:

"Erase all data and settings"
"Lock device and remove passcode"

I hope this never has to happen to my phone!

by
| | Reply
Post ID: @2mye+16CxeMtg

An employee had been promoted to Director but then resigned shortly after to go to a competitor. Within a couple of weeks, IT contacted the VP stating the former employee had downloaded certain docs onto a memory stick. They identified precisely what was downloaded and the VP responded accordingly.

by
| | Reply
Post ID: @2mvi+16CxeMtg
if you installed the Cisco apps on your phone like accessing Cisco mail from your personal phone then you're required to install the management software

Some of the data for that PDF came from a forensic examination of his devices, they cannot figure all that out in real time. However, any Cisco document that has the words “Cisco Confidential” in the header i\and footer, they do track - at least somewhat.
You can read mail without Giving Cisco complete read and delete rights on your personal device. You’re just limited to seeing 1-2 weeks of data.

by
| | Reply
Post ID: @1bez+16CxeMtg

It would have to be suspected/requested by leadership.

by
| | Reply
Post ID: @1qeu+16CxeMtg

With latest ER/LR, that ~7000 laptops to ‘interrogate’, IF they can get all of them back.

by
| | Reply
Post ID: @1ulz+16CxeMtg
Not exactly the same scenario, but in a layoff at a similar company the employee took the drive out of the system. This caused so many issues between Legal, Security, and the authorities. Charges were filed for theft and it was a pain to resolve.

There was a remote worker who was part of my larger team (reported to a different manager at the same level as my manager, both of whom reported to the same senior manager) who was quitting and shipped back his Cisco laptop and badge. This other manager was on PTO, so my manager asked me to ship the laptop back to the Asset Team in SJC. I looked at the laptop and thought "Man, that's an older model Mac" and boxed it up and shipped it. I had to include the serial number on the tracking sheet, so we know what model it was.

Turns out, the guy never returned the laptop from his previous refresh, and when he quit, he shipped back the original Mac and kept his refresh! The Asset team contacted the manager asking for his laptop and my manager asked what laptop I shipped. Turns out the BU had had to pay for the unreturned leased asset from several years prior and forgot about it as they went about their business.

I never heard if they managed to get the latest Mac back or had to pay for it too and if they charged him with theft.

by
| | Reply
Post ID: @1qbu+16CxeMtg
used to work in infosec we can recover formatted hard drives even with write-0s you have to do 10x with different formats to stop us.

That's why I prefer SSDs and high capacity flash drives. No need to do time-consuming overwrites with 0's & 1's 3, 7 or 21 times.

by
| | Reply
Post ID: @1ytu+16CxeMtg

@1mft+16CxeMtg, never underestimate the reason for these apps, in all honesty they do mention it when installing the tools. Also can delete your pictures and files on the phone btw.
Except for the expectation that one is available 24/7 another reason to keep a private phone for private stuff. Unless you feel.comfy cisco folks potentially looking at your toddlers photos without you knowing.(or them for that matter if they are looking at IP theft)

by
| | Reply
Post ID: @1qng+16CxeMtg

"How does Cisco know when someone is taking photos of cisco documents?
I am scared to open any cisco documents now."

I believe if you installed the Cisco apps on your phone like accessing Cisco mail from your personal phone then you're required to install the management software or something from their corp.

I think this is probably what can track down what goes on in your phone. Darn, that's a bit scary.

by
| | Reply
Post ID: @1mft+16CxeMtg

Frompage 15 of that pdf:
"Mr. He regularly took photographs of Cisco Confidential Materials on his iPhone Max"

How does Cisco know when someone is taking photos of cisco documents?
I am scared to open any cisco documents now.

by
| | Reply
Post ID: @1jii+16CxeMtg

Not exactly the same scenario, but in a layoff at a similar company the employee took the drive out of the system. This caused so many issues between Legal, Security, and the authorities. Charges were filed for theft and it was a pain to resolve.

by
| | Reply
Post ID: @1loc+16CxeMtg

Are they going to pay you for your time to do so? Charge them 500 bucks an hour.

Not a lawyer, so I have no real idea what you should do. But it seems unlikely they have any mechanism to force you to do this if you are no longer an employee and they don't have a court order. If they try to withhold pay, contact the DOL asap.

Let us know what they say and if they are threatening you. You may be able to sue them for harassment

by
| | Reply
Post ID: @1hnm+16CxeMtg

“ Are the demanding you show them your personal systems? I assume you already turned the laptop in?”

Yes turned the cisco laptop in a while ago. They want me to get on a WEBEX to view what I transferred to external usb, and to my own personal pc, and have me delete anything they deem Cisco proprietary over WEBEX - prob through screen sharing. And then sign something.

by
| | Reply
Post ID: @1xwf+16CxeMtg

Are the demanding you show them your personal systems? I assume you already turned the laptop in?

If it's personal, tell them to F off. They aren't the FBI. They don't have a legal right to search your personal equipment without a court order. Let them pay for all that effort. If required by the court, then do it.

Never, ever, let yourself be bullied by corp lawyers. They threaten via lies and misrepresentations about what they can do and what their legal powers are.

by
| | Reply
Post ID: @1zdp+16CxeMtg

used to work in infosec we can recover formatted hard drives even with write-0s you have to do 10x with different formats to stop us.

by
| | Reply
Post ID: @1kln+16CxeMtg

amateur • they should have gotten rid of you long ago

by
| | Reply
Post ID: @1zlt+16CxeMtg
if you really wanna see what infosec can track, go read the complaint Cisco submitted in the lawsuit against Poly.

Wow!! Start at page 8.

by
| | Reply
Post ID: @evh+16CxeMtg

Over the last few months, they’ve really tightened up with what employees can access.
They’ve also changed the login message to say that they are now monitoring the devices for policy compliance (whatever that means).
I must admit that in the last several weeks, my laptop has slowed considerably, which makes me wonder if I’m not carrying some new “baggage” with me.

by
| | Reply
Post ID: @vaz+16CxeMtg

if you really wanna see what infosec can track, go read the complaint Cisco submitted in the lawsuit against Poly. https://newsroom.cisco.com/documents/10157/2041337/1st_Amended_Complaint_12172019.pdf

by
| | Reply
Post ID: @bcc+16CxeMtg

I just formatted the whole laptop! F’em!

by
| | Reply
Post ID: @idm+16CxeMtg

Everyone is an admin on their laptop. It's not hard to remove stuff if you know what you're doing. However, it will get put back via the Cisco mobile device management (MDM) system. And it will be logged that it was re-installed.

I'm surprised that it logged "removing" files. They're more concerned with employees of BU's being sold off that they install monitoring software to track what files you are accessing, so they'd know what you're removing or copying. For those not in a BU being sold off, I'd be worried if the data monitoring software suddenly appeared on your system.

How would you "(take) any proprietary files via WEBEX"? WebEx is a screen sharing tool, not a file sharing app. They're more worried about you copying software repositories to cloud folders, external drives, or emailing it.

I keep a TimeMachine backup of my Mac, so there's no need to copy any data off. I have more files in my backup than I need, but you can't selectively delete Cisco's data leaving your personal data, so Cisco would be better off letting me copy my personal data and wiping the TimeMachine backup.

When I get ready to turn in my Cisco laptop, be it a refresh, or end of employment, I copy my personal files into an encrypted sparse bundle and copy that to a USB drive, then wipe the Mac and do a clean install of the OS and turn it in. They want any of my work products, they can pull them out of the CrashPlan/Code 42 backups off of Cisco servers.

by
| | Reply
Post ID: @nyz+16CxeMtg

How u disable infosec? Everything is locked per policy

by
| | Reply
Post ID: @syp+16CxeMtg

I got laid off in February this year. Backed up all my files and didn't hear a peep from anyone. They don't check.

by
| | Reply
Post ID: @uwg+16CxeMtg

why didn't u disable Infosec or other unknown background apps before copying your data from that laptop

by
| | Reply
Post ID: @vun+16CxeMtg

ouch.

by
| | Reply
Post ID: @xku+16CxeMtg

Post a reply

: