Very interesting set of hypotheticals. Some thoughts on #3 and #4 that I think are important: #3: A phishing campaign based on the bonuses is a legitimate threat vector, and ought to be *considered* adequately by the consultant: but that does not mean tested at all costs. There is a real and important cost to the business of the hit in employee morale, and trust in their employer, that performing this test would create. You as the expert need to make a risk-based assessment for your clients what the true costs of performing this test will be, and whether the risk mitigation it affords is worth it. #4: I think most seasoned red teamers would hesitate here not because of the ethics of getting people fired, but because of concerns about their own qualifications, and the blunt path the client is asking them to take. If you are not a licensed PI, you should not be taking this job. If your client has not run every detail of the plan through an employment lawyer, you should not be taking this job. If you are not experienced in this form of investigation (to the level of having been qualified by a court as an expert witness in relevant fields before) - you should not be taking this job. If the client does not have these concerns from the outset, your duty is to inform them. If the client wants to press on despite any of these conditions being true: you need to seriously examine who your client is, because you might well have been hired by a front for organised crime. It happens more than you'd think once you've been in this business long enough, and you need to be vigilant of it.
Damn that's interesting, that organised crime could act as a client and get an honest professional to hand deliver them an excellent guide to robbing the company
Wow, this really made me think - not just about for physical pen testing, but about integrity and morality in real life. I liked how you put this video together; good job.
1. Asking for a company branded item is simple and will almost always be granted. Don't take the risk. 2. This is something that depends on several factors. Have I been vaccinated? What are the social distancing protocols? What are my personal risks? 3. For the phishing campaign, any legitimate information will be used by the bad guys, however, when in doubt seek guidance from your point of contact with the company. 4. This is very shaky ground legally. I would seek the advice of an attorney with experience in the field. 5. If you know someone at the company, your first duty is to inform the company of your relationship with one of their employees. There are always forces inside a company that are opposed to any pen testing. Should someone who is against the pen test later discover your relationship with the employee, that can be used to cast dispersion upon your results. (I am a retired IT security profession, with almost three decades of experience.)
The first couple for me are easy- 1. Nope 2. No mask - I’m vaccinated and feel it’s good enough. The rest are more interesting to ponder, and generally come down to “it depends”. I need more information and context for most of it. The phishing expedition is one that I’ve been giving some thought to recently, and it’s a hard one. Great videos, I’ve watched nearly all of them over this long weekend!
#1. No. #2. In theory sure. In practice, I live with a person who is at risk, so no. #3. Sure. You would want to be careful not to spread disinformation about those topics though. #4. Absolutely not. That's entrapment with the difference that because you're not a cop, entrapment wouldn't be a defense to criminal charges. Entrapping people is wrong. #5. Your specific friendship with that specific employee doesn't seem like an interesting threat model for the company to defend against. It doesn't seem like they would learn much of value by testing this specific employee you randomly happen to be friends with.
I was a cop, and I think that you have a different definition of entrapment. Being a cop doesn't give you rights to do it, it actually makes it harder. The criminal aspect of entrapment is getting someone to do something that they are not prone to do. Like hounding a guy to get you weed, and he tells you he doesn't do that anymore. And then you say, Come on! I really need this! And he says, You need to find someone else, I don't sell it any more. And you say, Pleeeease! Do it for me, you are my friend, we go way back! The End. THAT is criminal entrapment in a very broad sense. I guess there might be civil entrapment or something.
@@noahway13In common parlance, entrapment refers to inducing someone to take some action with the intention to punish them for it. This is usually considered unethical. I'm also aware courts have a much narrower scope of conduct they consider to be entrapment. But most importantly here, if the person entrapping you does not work for the government, it is not entrapment under the law. So if I go and badger someone endlessly to convince them to accept a bribe and then call the cops when they finally do, they can't use the fact that I badgered them as a defense.
1) ask for swag afterwards but mention that stuff can be taken 2) blend in but keep mask in a pocket 3) use the “govt mandate” route 4 and 5) no idea how I’ll respond
The hard part about being Red team is the put those morals aside to think and act as the enemy. They will have no qualms to do such acts to get at what they want. You have to do the same to truly test the system in place. The hard part is to not fall into the trap of doing it while not on the clock. When you see how easy it is to take advantage of poor security, the temptation to act on your own is there for personal gain since you know how to avoid getting caught. It can be a hard balance to have.
Absolutely, that said, while there are certain brutal methods real attackers would perform such as example 3, I think there are easier methods to achieve the same results which don't mess with employees quite as badly.
I am seeing many folks here saying that they would do #4. As at least one individual with security experience pointed out, this puts you on very shaky legal ground. You would have to go about it in a very specific way to prevent an entrapment scenario. If you do it how the blue team requests, you would be in trouble. You can't just directly solicit a person to do wrong for money and then when they agree to it, fire them. They will claim blackmail, coercion, and entrapment. (a.k.a. I wouldn't have ever considered doing wrong if this person hadn't put the opportunity right before me.) Consider you are walking down the street and a person offers you a small bag of pot for free. Even if you have no interest in smoking it, you may very well know someone who would, or at the very least you know that it has value. If you accept in that moment on instinct, the person then reveals that they are a police officer and arrests you for possession. Fair move? Ethical? Well according to the US court system, this is illegal conduct for the police. I wouldn't recommend it for a red team either then. Probably the best way to go about it would be to make available info about a place where IP can be sold by insiders. That way the individual has to take multiple step to visit the site and research to activity, and then steal and upload the IP to complete the deal. Multiple steps, time, and premeditation will place you in a far safer spot.
Not sure where i draw the line, haven't reached that point yet. I have seen many lines drawn by many other people on my journey so far. I expect to see many more lines in the future.
#1 Stealing: No #2: Blend in or Stick Out: Blend in #3: Catching the Prize Phish: Yes #4: Pay to Play: Yes #5: Friend & Family: No Interesting questions.
Seems to me that the only moral question was the last one, the others were more on the territory of illegal actions or putting yourself at personal risk. For me would be no (it's a crime and unrelated to the job), no (I wouldn't blend well with morons anyway), yes (the feelings of the employees are not my concern, also better me than a true attack), illegal in my country (unless done in concern with the police, and only for already established criminal cases), no (the success of a particular campaign is not worth my friendships)
Tell the phishing targets in some way that the company will not be able to trace back to you, but do not tell them that they are only going to be tested once. Protect yourself from destroying someone's life, protect them from destroying their own life, and protect the company.
#4 I would not do it but I would try to educate the company instead. You don't get a lot of millage out of threats, especially when the people can go to other companies any time they like. First I would try to see why these people should be in special risk of selling the IP. That would probably lead to what to fix instead. Are they payed enough, are they getting the promotions they should, are they treated nicely? If too many people knows too much and try to limit the most essential information. When they find out they are in constant risk of entrapment, a lot of people would probably leave the company. Unless they have spread key info to non essential people, that would probably hit them hard.
1. Yes, I would take a small prize, nothing too big, just some company branded pen or something, along with pictures of the facility to look back on. 2. I would not wear the mask or only mask up when out of line of sight. 3. Yes because it will mine the most data and get the most clicks, I'm not your boss, I'm here to do a job and do it well. 4. Not today, that could end in a entrapment lawsuit for me and the ruining of someone's career while providing minimal intel. 5. I would not target my friend specifically, I'd try to blend in and cast a wider net, however if it came to that, I'd try my best to make sure the identity of said friend stays anonymous to the company as part of the agreement for the job .
The big problem arises when these tools get into the hands of people who know no morals, no discipline, no human dignity... now a question for you, what would you do if you were spied on for years by your immediate surroundings
1. No. The souvenir has nothing to do with the job. That's just plain theft. 2. Depends on the situation, but I would like to wear a mask. If I wanted to give them a chance to catch me, yes. If I absolutely needed to get in, no. 3. Yes. Real criminals wouldn't care, and the topic is too likely to come up to skip. 4. Yes. We want to reduce insider threats as much as possible, and this is just exposing another possible criminal. 5. Yes, but without saying who that friend is in the report. Since leakage to friends and family is in the scope of the operation, it's a viable option.
I personally draw the line at it effecting personal lives, both my own and the employees. Taking mementos, personal life and so a no go. Phishing attack by including their personal life, no go. I'm hired to conduct testing on what the company/client can prevent, if it leaks into personal life that should be too far.
True attacks wont draw the line. Humans will always be the flaw. Those are just facts which any company should accept. No matter the training for phishing attacks, a personal enough email will always get through. What I'm here todo is to find flaws which can be mitigated properly, like miss configurations, flaws in web apps, or even physical flaws like masterlock being used. The go daddy bonus phishing attack is a good case study, where it wrecked employees personal lifes, and makes it difficult for proper mitigation to be implemented since they hated the testers. You just can't fix human nature, you can fix email scanning, user account management and logging of both without the needless harm.
3 года назад+3
I am from entirely different field (entertainment), but i will give you my two cents. 1.) Definitely not. I would not hesitate to steal during the job to achieve my objective, but anything else is just theft. 2.) I will not wear mask and blend in. It`s a job. You may have different opinion, but in my job we are used to do anything to make show go on. 3.) Yes. If this is clicable topic (which is). Job is job. 4.) Hey... This is hard, especially correlate to num. 5, but again... It is a job. 5.) I`d probably pass the job. I know I am hypocrite. But yeah, that is my moral compass. Feel free to discuss. :)
Wearing a mask doesn't make you not contact Covid-19. Wearing a mask does little to nothing at that if everybody else isn't wearing one. I don't even believe wearing a mask is the end-all because people still get Covid-19 while both wear a mask.
Rather than pass on #5, treat it like any other job in that you don't know anyone working there...just take extra measures to avoid your friend in the process.
- I wouldn't take a "souvenir", if I really wanted one, I'd just ask the company after the job was over. - This will be controversial, but I wouldn't wear the mask to blend in. - For phising, I might user a "version" of the topic. So nothing as direct as "bonuses cut this year", but more like "It was a tough year, here is how we're handling it". Then don't go into any specifics. - For the IP/Insider threats, yes, I would have no problem with this. If they got fired for breaking the law or violating NDAs, I don't have a moral issue with that - Friends & Family: No I wouldn't test my own friend or family. Or if I did and they violated protocol, I would inform them what I am doing and educate them, without turning them in.
Personally I tend to draw the line on my canvas. But, I'm designing a painting atm. I feel like maybe that's not the line you're talking about =p 1: no. stealing is a good way to not keep getting jobs. 2: fuck no, my health and my households health is worth more than a job. as someone with asthma and other physical ailments i can't afford to get covid. 3: yes. odds are that's something that will be used. so yes, do it. 4: nope. hard pass. 5: no. if you know someone working on the inside, that needs to be talked about with the company. odds are you can recommend someone else for the job. Being snarky aside, love your videos! Just found your channel and it's fantastic! You do an awesome job of explaining things.
1. No, not really. I could easily get one from whomever hired me 99% of the time. 2. If a company is allowing its employees to walk around without masks on, they'll die off soon enough so I wouldn't even bother taking their case. 3. How is this a moral dilemma? 4. See #3. These are people who are already at risk of being corrupted and I have little-to-no concern for their lack of morals. I faced a similar issue in the early 2000s and I wouldn't hesitate to do it again. 5. Yes.
If bonuses are a major percentage of an 3mployees income YOU are runningnthe company very poorly. Hire someone to manage it for you cause youre going out of business
1. Not worth it, maybe take a selfie sitting at an important person's desk? 2. Is any job worth your own health? So, nope, sorry my health is worth more than your contract. 3. The EOY bonuses would be a hot topic and quickly ingratiate you with, even mildly, disgruntled employees. I'd avoid the topic of the Govt assistance. 4. Yes. It's not your integrity that is in question. 5. I'm unsure, it would depend on the friendship and the people involved. So, case by case.
1. I would, only to present it to them later, with no intention of keeping anything. It's pointless and contraproductive. 2. Virus particles are far smaller than the fibres of a mask, made from any kind of fabric. They carry no value of protection. To eliminate a contamination risk, masks with special filters are necessary. Instead, masks from fabric are extremely beneficial for committing a crime in an area that is, or might be under surveillance. 3. I probably wouldn't accept the job 4. If I had specific info, I'd do an in depth background check on them - not what you can legally pull, but observation and social media. Are they just greedy cunts or desperate because they struggle in life? If it was the latter, I'd tip them off to give them a chance. Regarding the former - right under the bus. 5. I, personally, only have few and close friends, in whom I trust. It'd be a huge surprise to me if I didn't know about such doings beforehand. While I see myself as a loyal individual, I will certainly put personal relationships, particularly close ones, before the interests of a large corporation that makes millions if not billions annually and does nothing with them besides supporting inflation and increase of poverty.
![[66] Practical Lock Picking for Red Teamers](http://i.ytimg.com/vi/LRXGIdg7eNE/mqdefault.jpg)
![[66] Practical Lock Picking for Red Teamers](/img/tr.png)
![[68] Where do you draw the line: Part Two](http://i.ytimg.com/vi/Gn3xSpE1FzY/mqdefault.jpg)
![[61] Covert Entry Tool Tierlist](http://i.ytimg.com/vi/7FullVIDj9o/mqdefault.jpg)
![[53] How To Become a Physical Penetration Tester](/img/1.gif)
Very interesting set of hypotheticals. Some thoughts on #3 and #4 that I think are important:
#3: A phishing campaign based on the bonuses is a legitimate threat vector, and ought to be *considered* adequately by the consultant: but that does not mean tested at all costs. There is a real and important cost to the business of the hit in employee morale, and trust in their employer, that performing this test would create. You as the expert need to make a risk-based assessment for your clients what the true costs of performing this test will be, and whether the risk mitigation it affords is worth it.
#4: I think most seasoned red teamers would hesitate here not because of the ethics of getting people fired, but because of concerns about their own qualifications, and the blunt path the client is asking them to take. If you are not a licensed PI, you should not be taking this job. If your client has not run every detail of the plan through an employment lawyer, you should not be taking this job. If you are not experienced in this form of investigation (to the level of having been qualified by a court as an expert witness in relevant fields before) - you should not be taking this job. If the client does not have these concerns from the outset, your duty is to inform them. If the client wants to press on despite any of these conditions being true: you need to seriously examine who your client is, because you might well have been hired by a front for organised crime. It happens more than you'd think once you've been in this business long enough, and you need to be vigilant of it.
Damn that's interesting, that organised crime could act as a client and get an honest professional to hand deliver them an excellent guide to robbing the company
Wow, this really made me think - not just about for physical pen testing, but about integrity and morality in real life. I liked how you put this video together; good job.
Thank you!
At last some discussion on morality - often mentioned but rarely actually examined.
I'd like to do more of this stuff in the future!
1. Asking for a company branded item is simple and will almost always be granted. Don't take the risk.
2. This is something that depends on several factors. Have I been vaccinated? What are the social distancing protocols? What are my personal risks?
3. For the phishing campaign, any legitimate information will be used by the bad guys, however, when in doubt seek guidance from your point of contact with the company.
4. This is very shaky ground legally. I would seek the advice of an attorney with experience in the field.
5. If you know someone at the company, your first duty is to inform the company of your relationship with one of their employees. There are always forces inside a company that are opposed to any pen testing. Should someone who is against the pen test later discover your relationship with the employee, that can be used to cast dispersion upon your results.
(I am a retired IT security profession, with almost three decades of experience.)
The first couple for me are easy-
1. Nope
2. No mask - I’m vaccinated and feel it’s good enough.
The rest are more interesting to ponder, and generally come down to “it depends”. I need more information and context for most of it.
The phishing expedition is one that I’ve been giving some thought to recently, and it’s a hard one.
Great videos, I’ve watched nearly all of them over this long weekend!
#1. No.
#2. In theory sure. In practice, I live with a person who is at risk, so no.
#3. Sure. You would want to be careful not to spread disinformation about those topics though.
#4. Absolutely not. That's entrapment with the difference that because you're not a cop, entrapment wouldn't be a defense to criminal charges. Entrapping people is wrong.
#5. Your specific friendship with that specific employee doesn't seem like an interesting threat model for the company to defend against. It doesn't seem like they would learn much of value by testing this specific employee you randomly happen to be friends with.
I was a cop, and I think that you have a different definition of entrapment. Being a cop doesn't give you rights to do it, it actually makes it harder. The criminal aspect of entrapment is getting someone to do something that they are not prone to do. Like hounding a guy to get you weed, and he tells you he doesn't do that anymore. And then you say, Come on! I really need this! And he says, You need to find someone else, I don't sell it any more. And you say, Pleeeease! Do it for me, you are my friend, we go way back! The End.
THAT is criminal entrapment in a very broad sense. I guess there might be civil entrapment or something.
@@noahway13In common parlance, entrapment refers to inducing someone to take some action with the intention to punish them for it. This is usually considered unethical.
I'm also aware courts have a much narrower scope of conduct they consider to be entrapment. But most importantly here, if the person entrapping you does not work for the government, it is not entrapment under the law. So if I go and badger someone endlessly to convince them to accept a bribe and then call the cops when they finally do, they can't use the fact that I badgered them as a defense.
1) ask for swag afterwards but mention that stuff can be taken
2) blend in but keep mask in a pocket
3) use the “govt mandate” route
4 and 5) no idea how I’ll respond
Absolutely fantastic video. People should think about the real world knock-on effects.
Thank you!
The hard part about being Red team is the put those morals aside to think and act as the enemy. They will have no qualms to do such acts to get at what they want. You have to do the same to truly test the system in place.
The hard part is to not fall into the trap of doing it while not on the clock. When you see how easy it is to take advantage of poor security, the temptation to act on your own is there for personal gain since you know how to avoid getting caught. It can be a hard balance to have.
Absolutely, that said, while there are certain brutal methods real attackers would perform such as example 3, I think there are easier methods to achieve the same results which don't mess with employees quite as badly.
I am seeing many folks here saying that they would do #4. As at least one individual with security experience pointed out, this puts you on very shaky legal ground. You would have to go about it in a very specific way to prevent an entrapment scenario. If you do it how the blue team requests, you would be in trouble. You can't just directly solicit a person to do wrong for money and then when they agree to it, fire them. They will claim blackmail, coercion, and entrapment. (a.k.a. I wouldn't have ever considered doing wrong if this person hadn't put the opportunity right before me.) Consider you are walking down the street and a person offers you a small bag of pot for free. Even if you have no interest in smoking it, you may very well know someone who would, or at the very least you know that it has value. If you accept in that moment on instinct, the person then reveals that they are a police officer and arrests you for possession. Fair move? Ethical? Well according to the US court system, this is illegal conduct for the police. I wouldn't recommend it for a red team either then.
Probably the best way to go about it would be to make available info about a place where IP can be sold by insiders. That way the individual has to take multiple step to visit the site and research to activity, and then steal and upload the IP to complete the deal. Multiple steps, time, and premeditation will place you in a far safer spot.
thank you for your ınsıght,very interisting
Not sure where i draw the line, haven't reached that point yet. I have seen many lines drawn by many other people on my journey so far. I expect to see many more lines in the future.
Great questions to ask oneself. It may help people decide whether this type of job is for them or not. Thanks for this video, cheers
#1 Stealing: No
#2: Blend in or Stick Out: Blend in
#3: Catching the Prize Phish: Yes
#4: Pay to Play: Yes
#5: Friend & Family: No
Interesting questions.
But what would you for a Klondike bar
Way too much tbh
Seems to me that the only moral question was the last one, the others were more on the territory of illegal actions or putting yourself at personal risk. For me would be no (it's a crime and unrelated to the job), no (I wouldn't blend well with morons anyway), yes (the feelings of the employees are not my concern, also better me than a true attack), illegal in my country (unless done in concern with the police, and only for already established criminal cases), no (the success of a particular campaign is not worth my friendships)
hi, engr, nice video and even more nice subjects to thinkabout...
Tell the phishing targets in some way that the company will not be able to trace back to you, but do not tell them that they are only going to be tested once. Protect yourself from destroying someone's life, protect them from destroying their own life, and protect the company.
#4 I would not do it but I would try to educate the company instead. You don't get a lot of millage out of threats, especially when the people can go to other companies any time they like. First I would try to see why these people should be in special risk of selling the IP. That would probably lead to what to fix instead. Are they payed enough, are they getting the promotions they should, are they treated nicely? If too many people knows too much and try to limit the most essential information.
When they find out they are in constant risk of entrapment, a lot of people would probably leave the company. Unless they have spread key info to non essential people, that would probably hit them hard.
1. Yes, I would take a small prize, nothing too big, just some company branded pen or something, along with pictures of the facility to look back on.
2. I would not wear the mask or only mask up when out of line of sight.
3. Yes because it will mine the most data and get the most clicks, I'm not your boss, I'm here to do a job and do it well.
4. Not today, that could end in a entrapment lawsuit for me and the ruining of someone's career while providing minimal intel.
5. I would not target my friend specifically, I'd try to blend in and cast a wider net, however if it came to that, I'd try my best to make sure the identity of said friend stays anonymous to the company as part of the agreement for the job .
Got the employment data of my seester! No ragrets.
Maybe
The big problem arises when these tools get into the hands of people who know no morals, no discipline, no human dignity... now a question for you, what would you do if you were spied on for years by your immediate surroundings
This isn't a poll is it?
Hah, no!
1. No. The souvenir has nothing to do with the job. That's just plain theft.
2. Depends on the situation, but I would like to wear a mask. If I wanted to give them a chance to catch me, yes. If I absolutely needed to get in, no.
3. Yes. Real criminals wouldn't care, and the topic is too likely to come up to skip.
4. Yes. We want to reduce insider threats as much as possible, and this is just exposing another possible criminal.
5. Yes, but without saying who that friend is in the report. Since leakage to friends and family is in the scope of the operation, it's a viable option.
1. No
Yes to the rest.
I personally draw the line at it effecting personal lives, both my own and the employees.
Taking mementos, personal life and so a no go.
Phishing attack by including their personal life, no go.
I'm hired to conduct testing on what the company/client can prevent, if it leaks into personal life that should be too far.
You think an attacker will draw a line? So you're leaving your clients exposed because you're too scared to open their eyes to real life attacks?
True attacks wont draw the line.
Humans will always be the flaw.
Those are just facts which any company should accept.
No matter the training for phishing attacks, a personal enough email will always get through.
What I'm here todo is to find flaws which can be mitigated properly, like miss configurations, flaws in web apps, or even physical flaws like masterlock being used.
The go daddy bonus phishing attack is a good case study, where it wrecked employees personal lifes, and makes it difficult for proper mitigation to be implemented since they hated the testers.
You just can't fix human nature, you can fix email scanning, user account management and logging of both without the needless harm.
I am from entirely different field (entertainment), but i will give you my two cents.
1.) Definitely not. I would not hesitate to steal during the job to achieve my objective, but anything else is just theft.
2.) I will not wear mask and blend in. It`s a job. You may have different opinion, but in my job we are used to do anything to make show go on.
3.) Yes. If this is clicable topic (which is). Job is job.
4.) Hey... This is hard, especially correlate to num. 5, but again... It is a job.
5.) I`d probably pass the job. I know I am hypocrite. But yeah, that is my moral compass.
Feel free to discuss. :)
Number 2) you contract covid without realising and go on to infect your family and friends some of who die, all for a job?
Wearing a mask doesn't make you not contact Covid-19. Wearing a mask does little to nothing at that if everybody else isn't wearing one. I don't even believe wearing a mask is the end-all because people still get Covid-19 while both wear a mask.
Rather than pass on #5, treat it like any other job in that you don't know anyone working there...just take extra measures to avoid your friend in the process.
Why not just ask the company for a coffee mug after the job is done?
These are not moral dilemmas
- I wouldn't take a "souvenir", if I really wanted one, I'd just ask the company after the job was over.
- This will be controversial, but I wouldn't wear the mask to blend in.
- For phising, I might user a "version" of the topic. So nothing as direct as "bonuses cut this year", but more like "It was a tough year, here is how we're handling it". Then don't go into any specifics.
- For the IP/Insider threats, yes, I would have no problem with this. If they got fired for breaking the law or violating NDAs, I don't have a moral issue with that
- Friends & Family: No I wouldn't test my own friend or family. Or if I did and they violated protocol, I would inform them what I am doing and educate them, without turning them in.
Personally I tend to draw the line on my canvas. But, I'm designing a painting atm. I feel like maybe that's not the line you're talking about =p
1: no. stealing is a good way to not keep getting jobs.
2: fuck no, my health and my households health is worth more than a job. as someone with asthma and other physical ailments i can't afford to get covid.
3: yes. odds are that's something that will be used. so yes, do it.
4: nope. hard pass.
5: no. if you know someone working on the inside, that needs to be talked about with the company. odds are you can recommend someone else for the job.
Being snarky aside, love your videos! Just found your channel and it's fantastic! You do an awesome job of explaining things.
This did not age well. #2 is clown shoes nonsense, was then, and is still.
1. No, not really. I could easily get one from whomever hired me 99% of the time.
2. If a company is allowing its employees to walk around without masks on, they'll die off soon enough so I wouldn't even bother taking their case.
3. How is this a moral dilemma?
4. See #3. These are people who are already at risk of being corrupted and I have little-to-no concern for their lack of morals. I faced a similar issue in the early 2000s and I wouldn't hesitate to do it again.
5. Yes.
If bonuses are a major percentage of an 3mployees income YOU are runningnthe company very poorly. Hire someone to manage it for you cause youre going out of business
1. Not worth it, maybe take a selfie sitting at an important person's desk?
2. Is any job worth your own health? So, nope, sorry my health is worth more than your contract.
3. The EOY bonuses would be a hot topic and quickly ingratiate you with, even mildly, disgruntled employees. I'd avoid the topic of the Govt assistance.
4. Yes. It's not your integrity that is in question.
5. I'm unsure, it would depend on the friendship and the people involved. So, case by case.
1. I would, only to present it to them later, with no intention of keeping anything. It's pointless and contraproductive.
2. Virus particles are far smaller than the fibres of a mask, made from any kind of fabric. They carry no value of protection. To eliminate a contamination risk, masks with special filters are necessary. Instead, masks from fabric are extremely beneficial for committing a crime in an area that is, or might be under surveillance.
3. I probably wouldn't accept the job
4. If I had specific info, I'd do an in depth background check on them - not what you can legally pull, but observation and social media. Are they just greedy cunts or desperate because they struggle in life? If it was the latter, I'd tip them off to give them a chance. Regarding the former - right under the bus.
5. I, personally, only have few and close friends, in whom I trust. It'd be a huge surprise to me if I didn't know about such doings beforehand.
While I see myself as a loyal individual, I will certainly put personal relationships, particularly close ones, before the interests of a large corporation that makes millions if not billions annually and does nothing with them besides supporting inflation and increase of poverty.
At last some discussion on morality - often mentioned but rarely actually examined.