Peopleware Problems
people who designed the systems, attack the systems, and understanding the psychology of information systems criminals is crucial to protecting those systems.
- A Management Information Systems (MIS) professional at a military facility learns she is going to be downsized. She decides to encrypt large parts of the organization’s database and hold it hostage. She contacts the systems administrator responsible for the database and offers to decode the data for $10,000 in “severance pay” and a promise of no prosecution. He agrees to her terms before consulting with proper authorities. Prosecutors reviewing the case determine that the administrator’s deal precludes them from pursuing charges.
- At the regional headquarters of an international energy company, an MIS contractor effectively “captures” and closes off the UNIX-based telephonic switching system for the entire complex. Investigators discover that the contractor had been notified a week earlier that he was being terminated in part for chronic tardiness. Further investigation finds the employee to have two prior felony convictions and to be a member of a notorious hacker group under investigation by the FBI. The employee reports he is often up all night helping colleagues with their hacking techniques. Additional investigation reveals that he is the second convicted hacker hired at this site. An earlier case involved a former member of the Legion of Doom who had been serving as a member of a corporate information security team. He had been convicted of computer intrusion at a local phone company. Neither individual had disclosed their criminal history or had been subject to background checks sufficient to discover their past activities.
Threats with Purpose of Ego Gratification
- A senior MIS specialist at an international energy firm regularly created outages at Company sites around the world so that he could spend time abroad while gaining attention for his technical expertise.
- Michael Lauffenberger, a 31-year old programmer for the General Dynamics Atlas Missile Program, reportedly felt unappreciated for his programming work on a parts-tracking system. He planted a “logic bomb” in the system designed to erase critical data after he resigned. He then anticipated returning to rescue the company as a highly paid and valued consultant.
Greedy Type
- Regional PC manager for the King Soopers supermarket chain Jay Beaman and two clerks were charged in an intricate computer fraud that cost the supermarket over two million dollars over two years. The motives are described by investigators as beginning with financial necessity but quickly escalating into greed and ego. Among the strategies used was manipulating the computer accounting system to funnel certain purchases into a dummy account. At the end of the day, the perpetrators would take the amount funneled into the dummy account right out of the cash registers and then delete the account, also erasing any trace of their fraud.
Caused By poor screening measures
- A major international energy companyrecently discovered a logic bomb in softwarecreated by a contracted employee. It wasinstalled as “job insurance” by the contractedemployee with five prior convictions related tohacking. The contractor’s firm failed to screenthis employee who installed the code in anticipationof using it as leverage against his employer incase his criminal record was discovered.
Ambiguous Motives
- Zhangyi Liu, a Chinese computerprogrammer working as a subcontractor forLitton/PRC Inc., illegally accessed sensitive AirForce information on combat readiness. He alsocopied passwords, which allow users to create,change or delete any file on the network, andposted them on the Internet.
Former Employees Threats
- Donald Burleson, a computer programmerfor USPA & IRA Co., a Fort Worthsecurities trading firm, designed a virus afterbeing reprimanded for storing personal letters onhis company computer. The virus was designedto erase portions of the Company’s mainframeand then repeat the process if a predeterminedvalue was not reset in a specific location. Afterbeing fired, Burleson used a duplicate set of keysto return to the facility at 3 a.m. and employ anunauthorized backdoor password to reenter thesystem and execute the virus.
Foreign connections
of IT specialists
- On the programming staff of Ellery Systems, a Boulder Colorado software firm working on advanced distributive computing software, was a Chinese national who transferred, via the Internet, the firms entire proprietary source code to another Chinese national working in the Denver area. The software was then transferred to a Chinese company, Beijing Machinery. Ellery Systems was subsequently driven to bankruptcy by foreign competition directly attributed to the loss of the source code.
Best way to protect companies against insider threats is to get familiarized with their types.
studying cases are the best way for this purpose. I'll try to find more cases to share with.
3 comments:
Organizational behavior and human resource management can help us about these cases
Your case is good, it reminds me of the saying that, "Your best friend is your worst enermy". like in my country, there is commonly kind of crime, to be precised transformer vandalization and we all know that it gets to do with electrical power supply and noone wants to be electrocuted at the quest of making money by stealing such things that get to do with electric, ie 'Fishing in troubled waters',in the essence everyone knows that the people that installed the transformer executed the act. Insiders do play a major role by conniving and accomplishing criminal acts that is illegal and unlawful.
Your post sounds great. I like it .I learned too much from it .but please put some links to more support your post.keep up your effort.
Post a Comment