At first blush it would appear English is not your strong suit; nevertheless, it would behoove you to have a senior member of your leadership contact the local police "computer crimes" division and let them open an investigation. The planning for such contacts should not be made in your office but at some other secure location away from nettlesome ears. Always remember "walls have ears."
Enjoy the day,
Bill

As there is no way for me to know who you are, I will offer some general comments.

Companies are often worried about negative press so making that conversation, as noted above with a senior manager "off site & quiet" very important.

Look into having staff sign non disclosure agreements.

Provide better access control to sensitive areas.

Hiring an outside Investigation company could be a consideration - beware if word gets out though of a mole being put in place.

Set up an employee complaint line through an off site contractor.

Deposit into the SecurityInfoWatchForums retirement fund for aging Security Officers

[QUOTE=Eric

Deposit into the SecurityInfoWatchForums retirement fund for aging Security Officers[/QUOTE]

I'm on your side Eric.

A few general suggestions:

1. If you have windows servers, get a Microsoft Certified Professional who is Microsoft Security Certified to do an audit. Hopefully, this company will know what discretion is! Have them check group policies, etc.

2. If you have UNIX/Linux based servers, get a LPI certified engineer, or if they're Red Hat, a Red Hat Certified Engineer. We have people with both certification types on call for support issues, and work to train all our techs to Ubuntu Certified Systems Administrator rating through Linux Professional Institute, as well as Certified Security Admin.

3. Review your wetware for problems. By wetware, I mean your peoples. Are there unattended computers lurking around? Do people freely give out escalated account passwords? Are there odd people roaming around in places they shouldn't?

4. When's your last risk assessment been for your information infrastructure? In English: When's the last time an outside professional has looked at you IT stuff to figure out the ways in? You should be performing an external risk assessment from time to time, and an internal audit every few months.

5. Do you have logs? Intrusion detection systems setup? Firewalls in place? It should not be easy to delete your tracks when you blow up a computer, even a Windows Server based PC. Someone needs to start pouring through the logs and taking a look.

6. I will have to note that the police may not have enough to go on right now, because this is simply an unexplained transient downtime. It could be, for all anyone knows, a computer that reboots unexpectedly or a virus infection. This is why one goes to an information security agency first, who will consult with the client on what's going on, then together they can build a case for police action. Remember: The police cannot be your IT security division, they're only there to enforce the law.

Nate - I'm glad you explained "wetware." A lot of images started flashing through my mind. Now I feel the sudden need to go to church.

inside sabotage

I agree with N.A. Corbier. Another thought is not only to hire external auditors, but develop a program to conduct threat assesments, risk analysis, and vulnerability assements. All three have different aspects that may identify your problem.

Or simply notify all employees that all intranet traffic will be monitored, as per policy, to identify any deficiencies in the system. Step back and see if your system crashes. This may be a job for an external agency, depending on your state laws.

hardware, software, wetware, woodware.