In the past I’ve worked with two different guys at two separate jobs who, being limited to dialup at home, used the office internet connection to download a significant amount of data from the Internet. In most cases the data that they were downloading was harmless (accessing their MSDN subscriptions and so on), but the amount of data that was the issue.
Both these guys were fairly careful to hide their data downloading habits. Although some of the data was work related, a lot of it was stuff like ISOs of betas that would never be used in either work environment. Both guys configured downloads to occur at off peak times when no-one was around. Both had also found clever ways around having their downloads being specifically tied to them, though at the time both organizations didn’t have sophisticated proxy logging software.
What got each of them found out was the significant drop in the internet bill to each organization that occurred when each went on vacation for a month. Although each had gone to great lengths to hide their activity during their time at work, it was their inactivity that gave them away. It was only after the internet bill decreased significantly and then returned to normal levels when the staff members returned did respective managers start to get curious about what was going on.
Neither guy got fired, but their managers were a lot more watchful in future!