Welcome to our site

welcome text --- Nam sed nisl justo. Duis ornare nulla at lectus varius sodales quis non eros. Proin sollicitudin tincidunt augue eu pharetra. Nulla nec magna mi, eget volutpat augue. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Integer tincidunt iaculis risus, non placerat arcu molestie in.


Wednesday, April 28, 2010


This weblog is created for the purposes of an MBA project for the subject BYL 7134, Cyberlaw. The materials posted on this weblog are for the purposes of the assignment as well as study and non-profit research. Appropriate acknowledgements to the materials that do not belong to the weblog owner have been publicly made. If you are the author or a copyright owner of any of the articles posted in this weblog and you object to such posting on any grounds, including copyright infringement, please contact me and I will take your material down. I state herein that I am relying on the doctrine of fair use. Thank you for supporting my blog.

Insider Threats Cases

Tuesday, April 27, 2010

In one very interesting article "The Insider Threat to Information Systems The Psychology of the Dangerous Insider" by Eric Shaw, Ph.D., Keven G. Ruby, M.A. and Jerrold M. Post, M.D" I found some summarized cases related to malicious kind of insider threats, in which they have been interestingly catagorized:

Peopleware Problems
people who designed the systems, attack the systems, and understanding the psychology of information systems criminals is crucial to protecting those systems.

  • A Management Information Systems (MIS) professional at a military facility learns she is going to be downsized. She decides to encrypt large parts of the organization’s database and hold it hostage. She contacts the systems administrator responsible for the database and offers to decode the data for $10,000 in “severance pay” and a promise of no prosecution. He agrees to her terms before consulting with proper authorities. Prosecutors reviewing the case determine that the administrator’s deal precludes them from pursuing charges.

  • At the regional headquarters of an international energy company, an MIS contractor effectively “captures” and closes off the UNIX-based telephonic switching system for the entire complex. Investigators discover that the contractor had been notified a week earlier that he was being terminated in part for chronic tardiness. Further investigation finds the employee to have two prior felony convictions and to be a member of a notorious hacker group under investigation by the FBI. The employee reports he is often up all night helping colleagues with their hacking techniques. Additional investigation reveals that he is the second convicted hacker hired at this site. An earlier case involved a former member of the Legion of Doom who had been serving as a member of a corporate information security team. He had been convicted of computer intrusion at a local phone company. Neither individual had disclosed their criminal history or had been subject to background checks sufficient to discover their past activities.

Threats with Purpose of Ego Gratification

  • A senior MIS specialist at an international energy firm regularly created outages at Company sites around the world so that he could spend time abroad while gaining attention for his technical expertise.

  • Michael Lauffenberger, a 31-year old programmer for the General Dynamics Atlas Missile Program, reportedly felt unappreciated for his programming work on a parts-tracking system. He planted a “logic bomb” in the system designed to erase critical data after he resigned. He then anticipated returning to rescue the company as a highly paid and valued consultant.

Greedy Type

  • Regional PC manager for the King Soopers supermarket chain Jay Beaman and two clerks were charged in an intricate computer fraud that cost the supermarket over two million dollars over two years. The motives are described by investigators as beginning with financial necessity but quickly escalating into greed and ego. Among the strategies used was manipulating the computer accounting system to funnel certain purchases into a dummy account. At the end of the day, the perpetrators would take the amount funneled into the dummy account right out of the cash registers and then delete the account, also erasing any trace of their fraud.

Caused By poor screening measures

  • A major international energy company
    recently discovered a logic bomb in software
    created by a contracted employee. It was
    installed as “job insurance” by the contracted
    employee with five prior convictions related to
    hacking. The contractor’s firm failed to screen
    this employee who installed the code in anticipation
    of using it as leverage against his employer in
    case his criminal record was discovered.

Ambiguous Motives
  • Zhangyi Liu, a Chinese computer
    programmer working as a subcontractor for
    Litton/PRC Inc., illegally accessed sensitive Air
    Force information on combat readiness. He also
    copied passwords, which allow users to create,
    change or delete any file on the network, and
    posted them on the Internet.

Former Employees Threats

  • Donald Burleson, a computer programmer
    for USPA & IRA Co., a Fort Worth
    securities trading firm, designed a virus after
    being reprimanded for storing personal letters on
    his company computer. The virus was designed
    to erase portions of the Company’s mainframe
    and then repeat the process if a predetermined
    value was not reset in a specific location. After
    being fired, Burleson used a duplicate set of keys
    to return to the facility at 3 a.m. and employ an
    unauthorized backdoor password to reenter the
    system and execute the virus.

Foreign connections
of IT specialists

  • On the programming staff of Ellery Systems, a Boulder Colorado software firm working on advanced distributive computing software, was a Chinese national who transferred, via the Internet, the firms entire proprietary source code to another Chinese national working in the Denver area. The software was then transferred to a Chinese company, Beijing Machinery. Ellery Systems was subsequently driven to bankruptcy by foreign competition directly attributed to the loss of the source code.

Best way to protect companies against insider threats is to get familiarized with their types.
studying cases are the best way for this purpose. I'll try to find more cases to share with.

Data breach. Inside Job???

Sunday, April 25, 2010

That's right guys, insider threats are now hot stuff!! malicious and careless users are now considered bigger threat than external ones. I mean you can establish firewall, antivirus and anti spam programs to defend your system against external threats, but when you are dealing with internal threats, you don't know where and when its going to hit you. well, you can guess the malicious ones somehow. I mean when you see an employee who is angry at the corporation, it will give you heads up.

However, the careless ones are the bad one. they themselves even don't know that they are creating threat for the company, how you can know!!!!!!

for example in many companies employee write their user name and password on peace of paper and put it on the wall!!!!
I found a video clip of one seminar with topic of "Data Breach" which is quite interesting. In this clip we are presented with two cases of these careless employees. So again, don't underestimate them, they can cost a fortune for their company.

Insider Carelessness = Big threat!!!!

Saturday, April 24, 2010

In this post I've decided to share some information about one of the most important aspects of insider threats which is careless employees!! that's right, and it is big one!!!!!

Stefanie Hoffman in "RSA: Insider Carelessness Cause Of Most Security Threats" believes that the greatest threat to any workplace will likely to be from an insider and it will probably be an accident and based on a survey released from RSA, the security division of EMC, the biggest threats in a workplace are often unintentional, often resulting from carelessness or ignorance of individuals within the organization or company.

"The bad guys are into fraud. They're very well funded, and they are extremely motivated to make money. You can reduce a lot of risk by taking away the innocent mistakes."

Hoffman catagorized these innocent mistakes as bellow:

1. Some of these innocent mistakes are committed by individuals who circumvent security regulations just to get their jobs done. In on other survey, 63 percent of employees said that they frequently or sometimes sent work documents to their personal e-mail address so they could complete their tasks at home, and more than half said that they have accessed their work e-mail from a public computer

2. trusting workers literally hold the door wide open for perpetrators. More than a third of respondents said they have opened a secured door for someone they didn't recognize at work, while 40 percent of workers said that someone else they didn't know let them into their building after they had forgotten their access card or key. And of the two-thirds of respondents that said their company provides a wireless network, 19 percent said that access was completely open, with no login credentials required.

"Massive damage is being done to brands. It can be devastating for a small company. If a law firm has had a breach, that can be devastating. They don't have to have 5,000 or more employees," said Chris Clinton, RSA director of worldwide channels.

Be careful !!! They can be anywhere

Thursday, April 22, 2010

"Companies need to make it clear to their employees from day one that they are being monitored,"
Kerry Anderson,vice president, information security group, FMR Corp.

I found some interesting data about forms of insider threat that I am going to share in this post (21 Nov 2006 | SearchSecurity.com | By Bill Brenner, Senior News Writer).

Anderson, a vice president in the information security group at Fidelity Investments Brokerage Company, has seen a variety of troublesome insiders in her career. What are the types? here it is:

1. There's the saboteur who tries to deface critical company data because they have an axe to grind against their bosses or fellow co-workers.

2. Then there's the sole living expert -- someone who has been around so long they think they own the network. They want everyone to be dependent on them, so they manipulate the network in a way to make other employees come to them to access certain pieces of data or perform certain network functions.

3. people who have what she calls the hero syndrome. They break something on the network so they can fix it and be seen as life savers.

"If something is breaking every three weeks and the same person is fixing it, I'd start taking a look at them," she said

These threats can damage companies seriously, but don't worry, whatever the insider's tactics or motives may be, Anderson said there are some common warning signs to look for. check this out:

1. someone who isn't getting along with managers or co-workers and may be preparing to leave the company. If someone is leaving under unhappy circumstances, there's always the chance they could sabotage network data on the way out the door, she said.

2. Companies must also keep an eye on people who may start working hours when nobody else is around. Anyone who suddenly changes their normal work routine bears watching, Anderson said.

Also there are some preventives:

a. "People need to understand that their computers are for business only and that they can be disciplined or even fired for using them for anything that isn't business related," Anderson said.

b. IT security professionals also need to watch for personal technology that could put the company at risk, she said. Cell phones with embedded cameras, for example, could be used to photograph and transmit sensitive data.

While these are important steps, Anderson acknowledged that companies can't prevent every insider-related incident.

"A lot of internal fraud goes unreported because it's embarrassing," she said.

If there is a security breach, companies must be honest about it and come clean publicly, she said. Otherwise, the company's reputation and the security of their customers could take a bigger hit later.

What/Who are Insider Threats?

Wednesday, April 21, 2010

That's right. Not all the threats come from outside the company!! Employees can also be important threats for company's network. In this blog I am going to share information about two kinds of insider threats (for definitions I also used http://searchsecurity.techtarget.com ):

1. Malicious hacker (also called a cracker or a black hat) who is an employee or officer of a business, institution, or agency. The term can also apply to an outside person who poses as an employee or officer by obtaining false credentials. The cracker obtains access to the computer systems or networks of the enterprise, and then conducts activities intended to cause harm to the enterprise.

Insider threats are often disgruntled employees or ex-employees who believe that the business, institution, or agency has "done them wrong" and feel justified in gaining revenge. The malicious activity usually occurs in four steps or phases. First, the cracker gains entry to the system or network. Secondly, the cracker investigates the nature of the system or network in order to learn where the vulnerable points are and where the most damage can be caused with the least effort. Thirdly, the cracker sets up a workstation from which the nefarious activity can be conducted. Finally, the actual destructive activity takes place.

The damage caused by an insider threat can take many forms, including the introduction of viruses, worms , or Trojan horses; the theft of information or corporate secrets; the theft of money; the corruption or deletion of data; the altering of data to produce inconvenience or false criminal evidence; and the theft of the identities of specific individuals in the enterprise. Protection against the insider threat involves measures similar to those recommended for Internet users, such as the use of multiple spware scanning programs,anti-virus programs, firewalls, and a rigorous data backup and archiving routine.

2. The other category that I am going to share information about is careless and untrained insiders which are duped or fall prey to social engineering type attacks.

Protecting a network and critical and sensitive data is done very differently for each type. Policies, procedures, training and a little technology can make a world of difference in reducing an organization's risk to careless insiders.

Check this out, the man can recognize the potentiality of being insder threat by just looking at their pictures!!!!