Bloomberg Anywhere Remote Login Bloomberg Terminal Demo Request


Connecting decision makers to a dynamic network of information, people and ideas, Bloomberg quickly and accurately delivers business and financial information, news and insight around the world.


Financial Products

Enterprise Products


Customer Support

  • Americas

    +1 212 318 2000

  • Europe, Middle East, & Africa

    +44 20 7330 7500

  • Asia Pacific

    +65 6212 1000


Industry Products

Media Services

Follow Us

Bloomberg Customers

The How To Issue

How to Avoid Your Corporate E-Mail Monitor: Mike Murray

The key is to think like a hacker, and a hacker’s first job is reconnaissance. You have to figure out your environment. I’ve seen rigorous companies and I’ve seen companies that don’t monitor anything at all. Suppose I’m having an office affair and I want to hide it. I actually met my wife through work. We were trying to keep it secret. The first thing I would do is sit down at lunch with the IT geeks, specifically the ones that run the mail server. I would ask them, “How do you find stuff like this?” to find out what kind of monitoring they’re actually doing. Do they do a lot of internal HR investigations? Do they do any data leak prevention? You can also go on LinkedIn (LNKD) and Facebook and look at the résumés of your IT staff and see if any of the data leak prevention tools are named.


Obviously it’s best to get off the company e-mail system and have your conversation on some external account. They can do screenshots of your computer screen, but that’s very resource-intensive. You’d need someone looking at the screenshots, frame by frame. If you were under a ­serious investigation from HR, they might go to that step. But if you have a 50,000-person organization, they can’t possibly monitor 50,000 computer screens.


The way a hacker evades these filters is to look as normal as possible. You want to look innocuous and say little out of the ordinary. But if you send a Gmail from your noncorporate cell phone, you’ve evaded all of the corporate monitoring. If you really want to get away with whatever you’re doing, you’ve gotta do the recon. The hackers that do the worst job skimp on the preparation up front. — As told to Keenan Mayo 

Murray is ­an instructor at the Hacker Academy and a managing partner at MAD Security.

blog comments powered by Disqus