-2

I am in a company where i have been warned about using chats.

I spoke with one of the admin and he said every chat is being Monitored;

ok i agree it can be if we use plain text but what if we use ssl.

i used tcpdump while chatting in gmail but i couldnt see any non-encrypted messages (Not sure whether i am doing it in right way).

I have heard of Proxies that Perform MITM to do tracking but in this case i am not being warned about any invalid certificates or handshakes. Can this be really possible to monitor encrypted chats with out breaking ssl connection.

Kevin Parker
  • 757
  • 1
  • 13
  • 32
  • It doesn't appear to be in this case...but asking questions about circumventing IT policies, even for informational/knowledge purposes is against the FAQ. That said...IT typically doesn't have the staff to sit around and actually read chat logs, even if they were to be monitored. – TheCleaner Mar 20 '13 at 13:32
  • 2
    Is it your personal gmail account or is it a company Google apps account? We use Google Apps for our company chat and we force it to log all chats, we don't give them their password, and we use a third party client which prevents them from being able to auto-sign in to gmail with the saved credentials (which would allow them to erase the chats). That's probably a different scenario than yours, but that's how we're able to track employees gmail chat. We own the accounts. – Safado Mar 20 '13 at 13:44
  • ohhh our company is using Gmail for providing official ids and i use mine too – Kevin Parker Mar 20 '13 at 13:50

2 Answers2

5

Most likely their content filter, edge devices, or DNS servers are registering a lot of hits to chat.google.com (or whatever). If you're using SSL, then it's likely that they're only monitoring what you're connecting to and not the content of the chat itself.

MDMarra
  • 100,734
  • 32
  • 197
  • 329
  • 3
    @KevinParker While I agree that this is the *most likely* scenario, it is still possible that your sysadmins have inserted an extra SSL cert into your trusted certstore or that they have monitoring software running on your computer. It is actually *their* computer, not yours. They could be reading/logging the content of the chats. – Ladadadada Mar 20 '13 at 13:37
  • @Ladadadada can you say where might have they inserted trusted certificates.I have gone through ssl/certs and i myself installed browser and there is no key loggers or monitoring software so there is no chance of that. – Kevin Parker Mar 20 '13 at 13:44
  • 3
    Why don't you just ask them? Ask in a `I'm trying to learn` manner and not a `I want to get around your security systems` way. It hurts my feelings when my co-workers think they can outsmart me :) – Safado Mar 20 '13 at 13:45
  • @Safado I know it is not possible normally.If i say them it is not possible ,they will start thinking of deploying actual chat monitors. – Kevin Parker Mar 20 '13 at 13:47
1

They can't monitor the encrypted chat without breaking the SSL connection (they would have to have either the private key for the google certificate or the CA of their certificate to do that), but they can do a MITM attack and then send the traffic back to you with their own certificate, (they would have to add the issuer of the certificate to your trusted root certificates container on your machine so you don't get any warnings about invalid certificates, which shouldn't be a problem in a domain environment).

But I would agree with MDMarra, they are probably just monitoring where you are connecting and not what you are writing in chats. like it said in the comment it would take a lot of staff and time to read chats and logs all the time.

ralz
  • 2,751
  • 2
  • 17
  • 22