RSS iconTwitter iconFacebook icon

The Trek BBS title image

The Trek BBS statistics

Threads: 139,602
Posts: 5,424,939
Members: 24,810
Currently online: 426
Newest member: David Ellerman

TrekToday headlines

September Loot Crate Features Trek Surprise
By: T'Bonz on Sep 16

USS Enterprise Miniature Out For Refit
By: T'Bonz on Sep 16

Star Trek/Planet of the Apes Comic Crossover
By: T'Bonz on Sep 16

Trek 3 Shooting Next Spring?
By: T'Bonz on Sep 16

Star Trek: Alien Domain Game Announced
By: T'Bonz on Sep 15

Red Shirt Diaries Episode Three
By: T'Bonz on Sep 15

Made Out Of Mudd Photonovel
By: T'Bonz on Sep 15

Takei Has Growth Removed
By: T'Bonz on Sep 15

Retro Review: Tears of the Prophets
By: Michelle on Sep 12

New Wizkids Attack Wing Ships
By: T'Bonz on Sep 12


Welcome! The Trek BBS is the number one place to chat about Star Trek with like-minded fans. Please login to see our full range of forums as well as the ability to send and receive private messages, track your favourite topics and of course join in the discussions.

If you are a new visitor, join us for free. If you are an existing member please login below. Note: for members who joined under our old messageboard system, please login with your display name not your login name.


Go Back   The Trek BBS > Lounges & General Chat > Miscellaneous

Miscellaneous Discussion of non-Trek topics.

Reply
 
Thread Tools
Old September 15 2013, 12:33 AM   #1
Collingwood Nick
Vice Admiral
 
Collingwood Nick's Avatar
 
Bizarre Simpson-eque Ethical Dilemma

I'm in a bit a quandary at the moment. A truly bizarre set of circumstances has arisen at work and I'm not sure what to do.

I work in hospitality, for a franchisee of a national chain of about one hundred outlets. Without giving too much away, they use a custom point of sale system that has been written in a scripting language and that resides on each store's local server. I have explored this system because that's what I do, even when I'm not supposed to do it. And I have found a lot of vulnerabilities, back doors, passwords, everything. Why would anyone write a POS system in a scripting language and then leave the code on the server for anyone to see. I don't know. The company that created it are real amateurs, they don't even bother encrypting the passwords.

Which is great for me, because it turns out that this IT company uses the same password to access each of the 100 stores. And because they never thought of coding in any sort of access logs, nobody ever knows when I access another outlet's computer system.

Yes I know it's dodgy as and ethically questionable. That is a problem I have to face every day as I can't resist the temptation to stick my nose in where it doesn't belong.

So anyway I was accessing another stores server yesterday for kicks and I made an astonishing discovery. I found clusters of paid up orders that had been cancelled late at night, every night, around the same time, by the same person. In other words, an employee of this franchisee has been stealing money from the shop, for the past two months.

So you see the dilemma? I want to report this, but I can't do it without admitting to my own wrongdoing.

It's just like the episode of the Simpsons where Bart wagged school and wound up being a witness to the trial of the mayor's nephew.
__________________
"I will never coach against my boys"
Collingwood Nick
Collingwood Nick is offline   Reply With Quote
Old September 15 2013, 12:36 AM   #2
auntiehill
Fleet Admiral
 
auntiehill's Avatar
 
Location: geeksville
Re: Bizarre Simpson-eque Ethical Dilemma

Isn't there some way you can report it anonymously?
auntiehill is offline   Reply With Quote
Old September 15 2013, 01:18 AM   #3
Tosk
Rear Admiral
 
Tosk's Avatar
 
Location: On the run.
Re: Bizarre Simpson-eque Ethical Dilemma

^That's what I would do. Send an anon-email to the store in question that basically says, "I don't expect you to take my word for it, but it would be in your best interest to check up on what X does with customer orders."
Tosk is offline   Reply With Quote
Old September 15 2013, 01:23 AM   #4
Kommander
Commodore
 
Location: Detroit
Re: Bizarre Simpson-eque Ethical Dilemma

Point out these suspicious order cancellations, all the security flaws you found, and then ask for a raise.
Kommander is offline   Reply With Quote
Old September 15 2013, 01:26 AM   #5
Christopher
Writer
 
Christopher's Avatar
 
Re: Bizarre Simpson-eque Ethical Dilemma

By coming clean, you have an opportunity to a) stop a thief from stealing the company's money and b) alert them to some serious security problems in their computer system, both of which could benefit them. Under the circumstances, they might be inclined to forgive the lesser transgression.

Besides, if you know this person's stealing and you don't report it, that could be interpreted (validly or not, I don't know, but it could be) as being an accessory, which would be an even worse position to be in if you were found out. Trying to hide one's mistakes often leads to worse consequences.

As a rule, Bart Simpson isn't a good role model. I think even he fessed up at the end.
__________________
Christopher L. Bennett Homepage -- Site update 4/8/14 including annotations for Rise of the Federation: Tower of Babel

Written Worlds -- My blog
Christopher is offline   Reply With Quote
Old September 15 2013, 02:39 AM   #6
Robert Maxwell
Not Your Toy
 
Robert Maxwell's Avatar
 
Location: A broken roof
View Robert Maxwell's Twitter Profile Send a message via ICQ to Robert Maxwell Send a message via AIM to Robert Maxwell Send a message via Windows Live Messenger to Robert Maxwell Send a message via Yahoo to Robert Maxwell
Re: Bizarre Simpson-eque Ethical Dilemma

I'd check your country's computer fraud/abuse laws. In the US, you'd be doing time in federal prison for admitting to any of that, whether you found someone else's illegal behavior or not.

I'd send an anonymous tip and do whatever it takes not to have it traced back to you.
__________________
It's all false love and affection
I has a blag.
Robert Maxwell is offline   Reply With Quote
Old September 15 2013, 03:17 AM   #7
Allyn Gibson
Vice Admiral
 
Allyn Gibson's Avatar
 
Location: South Pennsyltucky
View Allyn Gibson's Twitter Profile Send a message via AIM to Allyn Gibson Send a message via Yahoo to Allyn Gibson
Re: Bizarre Simpson-eque Ethical Dilemma

I have some background in retail loss prevention. Here's my advice.

1) Document five or six of the cancellation incidents. Depending on what you can pull, you definitely need dates and times. You need amounts. (I'm assuming these orders are being canceled for cash.) Transaction numbers will be a definite plus.

2) If your company has an anonymous tip line, use that. Every retail company I worked had one. If your company doesn't have an anonymous tip line, write up the details you have and mail it anonymously to your corporate office, ATTN: Loss Prevention.

3) Stop digging around in other stores' computers.

I disagree vehemently with Christopher that coming clean completely will benefit you. LP will take a dim view of you taking advantage of security holes to look at the software and in other people's computers, because they'll want to know everything that you did and they've unlikely to believe that all you did is look.

Your best play there is to wait about three months and then send the corporate office another anonymous letter, this one explaining the security holes and how they can be taken advantage of. You may even want to go so far as to have it mailed from another city (and that's easily accomplished on the 'net -- you write the letter, and have someone in another city mail it for you) so it can't be connected back to your location or the earlier anon letter that outed the thief in the other store.

That's my advice. Out the person anonymously.
__________________
"When David Marcus cited the great thinkers of history -- "Newton, Einstein, Surak" -- Newt Gingrich did not make his list." -- 24 January 2012

allyngibson.net
Allyn Gibson is offline   Reply With Quote
Old September 15 2013, 03:32 AM   #8
Christopher
Writer
 
Christopher's Avatar
 
Re: Bizarre Simpson-eque Ethical Dilemma

Allyn Gibson wrote: View Post
I disagree vehemently with Christopher that coming clean completely will benefit you.
Your vehemence is wasted, then. I did not say "will"; I said "might."

And even if it doesn't benefit him personally, that doesn't mean it isn't still the right thing to do. Letting someone else get away with wrongdoing just to protect yourself is never right.


And has it occurred to anyone that a person's anonymity on a public bulletin board is not absolute? There are ways to identify posters through their ISPs, or by subpoenaing a board's registration records. So just by confessing the act on this board, Collingwood Nick, you may have already potentially exposed yourself. Perhaps you should consider talking to a lawyer instead of taking advice from a bunch of strangers online. At least then your conversations would be privileged.
__________________
Christopher L. Bennett Homepage -- Site update 4/8/14 including annotations for Rise of the Federation: Tower of Babel

Written Worlds -- My blog
Christopher is offline   Reply With Quote
Old September 15 2013, 03:36 AM   #9
-Brett-
Rear Admiral
 
Re: Bizarre Simpson-eque Ethical Dilemma

Is he stealing enough to make blackmail worthwhile?
-Brett- is offline   Reply With Quote
Old September 15 2013, 03:43 AM   #10
Collingwood Nick
Vice Admiral
 
Collingwood Nick's Avatar
 
Re: Bizarre Simpson-eque Ethical Dilemma

I appreciate the advice everyone. Of course I don't have to do anything at all, I can just forget what I have learned and worry about my own store. But that doesn't sit right with me. Might be time to draft an anonymous letter.

Christopher wrote: View Post
And has it occurred to anyone that a person's anonymity on a public bulletin board is not absolute? There are ways to identify posters through their ISPs, or by subpoenaing a board's registration records.
I weighed up the risks before posting this and decided they were acceptable.
__________________
"I will never coach against my boys"
Collingwood Nick
Collingwood Nick is offline   Reply With Quote
Old September 15 2013, 03:44 AM   #11
Collingwood Nick
Vice Admiral
 
Collingwood Nick's Avatar
 
Re: Bizarre Simpson-eque Ethical Dilemma

-Brett- wrote: View Post
Is he stealing enough to make blackmail worthwhile?
Yes, actually, more than enough. But I don't have the ability or the balls to even try that.
__________________
"I will never coach against my boys"
Collingwood Nick
Collingwood Nick is offline   Reply With Quote
Old September 15 2013, 04:19 AM   #12
sojourner
Admiral
 
sojourner's Avatar
 
Location: I'm at WKRP
Re: Bizarre Simpson-eque Ethical Dilemma

If you can access things truly anonymously, start "uncancelling" some of those transactions. Eventually the person in the wrong will be found out when they can't explain the books not balancing and the security holes revealed at the same time.
__________________
Baby, you and me were never meant to be, just maybe think of me once in a while...
sojourner is offline   Reply With Quote
Old September 15 2013, 04:29 AM   #13
Collingwood Nick
Vice Admiral
 
Collingwood Nick's Avatar
 
Re: Bizarre Simpson-eque Ethical Dilemma

sojourner wrote: View Post
If you can access things truly anonymously, start "uncancelling" some of those transactions. Eventually the person in the wrong will be found out when they can't explain the books not balancing and the security holes revealed at the same time.
I had thought of that. It is true that the POS software itself doesn't record logins or actions, but the computer still has server logs and even if the franchisee doesn't know to look at them, the police will if they become involved.

And unusual entries in the server logs linked with unusual transaction activity might lead them to the conclusion that a hacker is responsible, not an in store thief.

I had thought of a whole heap of schemes based around 'logging in and changing something' but that can only lead to more trouble for me.

I'm looking at an anonymous phone call to the store owner. He is the person who is losing money in all this.
__________________
"I will never coach against my boys"
Collingwood Nick
Collingwood Nick is offline   Reply With Quote
Old September 15 2013, 06:18 AM   #14
Saga
Rear Admiral
 
Saga's Avatar
 
Location: VA
Send a message via Windows Live Messenger to Saga Send a message via Yahoo to Saga
Re: Bizarre Simpson-eque Ethical Dilemma

my advice to you is to start drinking heavily.
Saga is offline   Reply With Quote
Old September 15 2013, 06:57 AM   #15
Collingwood Nick
Vice Admiral
 
Collingwood Nick's Avatar
 
Re: Bizarre Simpson-eque Ethical Dilemma

Great success. The thief is going to lose his job tomorrow, the franchisee is grateful for the information I provided (and mildly embarrassed that he had been stooged for so long), and Nick escapes with a thank you instead of a visit to the police station.

Sometimes it pays to put self interest aside and do the right thing. Who knew?
__________________
"I will never coach against my boys"
Collingwood Nick
Collingwood Nick is offline   Reply With Quote
Reply

Bookmarks

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT +1. The time now is 01:44 PM.

Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
FireFox 2+ or Internet Explorer 7+ highly recommended.