Welcome to our site

welcome text --- Nam sed nisl justo. Duis ornare nulla at lectus varius sodales quis non eros. Proin sollicitudin tincidunt augue eu pharetra. Nulla nec magna mi, eget volutpat augue. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Integer tincidunt iaculis risus, non placerat arcu molestie in.

Popular Case of Terry Childs

Saturday, May 29, 2010

One of the most controversial cases related to insider threats and computer crimes which occurred in recent year is the case of "Terry Childs".
In July 2008, Terry Childs, network administrator of city of San Fransisco was charged with computer crime in four counts and was arrested and held on 5 million U.S dollar.

The story of Terry Childs was not clearly revealed by authorities, however I found some information about terry's story in one article called "The Story Behind San Francisco's Rogue Network Admin" by" Paul Venezia, InfoWorld"

It seems that Terry was very intelligent, knowledgeable man, who worked in the company's IT department for long time and worked as network engineer and it seems that he was very good in his job. In July 9, 2008, in very tense situation confronted by management, terry refused to hand over router password to Company (city) staffer. Three days later he was arrested.
exactly what happened was not officially revealed.

Regardless that terry's crime had just or unjust excuse, it is consider as a obvious case of computer crime which is done by an employee, thus we can categorize it as a case of insider threat.
There are many information and opinion about Terry's case, moreover you can read about his court trials.
see also this website:

Another video!!!

Tuesday, May 25, 2010

Here is another video in which theses IT guys explain about insider threats, why it requires immediate attention and what are the protective measures.


Office Space

Wednesday, May 19, 2010

Hello guys!!!!
In this post I want to recommend one interesting movie that I saw long time ago which is related to the topic of this blog, the name of this very very interesting movie is "Office Space"

The name of this movie refer to bad and depressing work condition of some employees of one company who work in small cubicles and hate their jobs.

"We have to space out all day, in other word we have to look at our computer which it seems that we are working but we are not, but the trying to be seen as a working employee require as much effort as the job itself" Peter Gibbons commented about his job.

I really recommend the MBA students specially students with Human Resource speciality to see this movie, in which we clearly see why motivating employees is so important.

Anyway, in this movie Peter Gibbons, who believes that every day is the worst day of his life and also have some problem in his love life decide to seek professional help and go to see a psychiatrist. The shrink decide to hypnotise him, so he send Peter to a place that there is no concerns and worries, however the shrink have heart attack in middle of his work, and peter stays in his condition in which he doesn't worry about anything anymore, and creates funny and amazing consequences and make peter successful in his work.

The reason that I saw this movie as a good example of insider threat and cybercrime is that the company in which Peter is working decides to layoff some of its employees. When layoffs affect Peter's two best friends, they conspire to plant a virus that will embezzle money from the company into their account.

This movie clearly shows a case of Insider threat in which unhappy employees decide to manipulate company's network by planting a virus and steal the company's money.
Make sure to see this movie, it does really worth seeing.
here is the trailer of this movie, enjoy!!

Global recession causing more security risk

Saturday, May 15, 2010

Increasingly displaced and malicious employees are turning to cyber crime by trying to damage and exploit, steal information network which can cost a lot for the company, here we talk about billions of dollars guys!!!! do not underestimate it.
nowadays due to global recession companies' vital informations are at greater risk than ever before.
based on an official report "Unsecured Economies: Protecting Vital Information" which was released at World Economic Forum shows the 42 percent increase in corporations' security risk and suggest that the biggest threat to sensitive information are insiders!!!!

here is another cases of insider threats that i found from (http://www.readwriteweb.com/archives/laid_off_employees_turning_to.php)

"The most recent example can be found in disgruntled Fannie Mae engineer Rajendrashinh Makwana who was indicted for allegedly planting a logic bomb in the mortgage lender's computer network. Fortunately, the embedded code was discovered by another engineer before it caused any damage, which would have been substantial. "Had the virus been released it would have caused millions of dollars of damage and reduced if not shut down operations for at least a week," said FBI Special Agent Jessica Nye.

According to some reports this breach may have been averted had Fannie Mae terminated Makwana's network access immediately after firing him.

Last year, Terry Childs, a San Francisco computer engineer was charged with masterminding the hijacking of the city's network when he allegedly refused to allow other administrators to get into the system; locking down law enforcement records and payroll documents.

In another 2008 incident, 21 year old David Everett, a tech support person at Wand Corporationdecided to turn to cybercrime to seek revenge on his former employer after he was laid off. Breaking into the network, Everett allegedly planted three malicious files on 1000 servers in an attempt to bring the system down. Although he did get into the system, he only managed to crash 25 computers before the company was informed of the attack by concerned customers. Earlier this year, Everett pleaded guilty to computer hacking charges and now faces 10 years in prison.

Clearly, corporations must begin to proactively protect themselves against insider cybercrime."

Ways of malicious insider's attack

Tuesday, May 11, 2010

here is a video about the ways that malicious insider can harm the company's network. In this video we are also persented by possible protective measurs.

Insider Threats e-book

Wednesday, May 5, 2010

Here is very interesting book about insider threat. the whole book is available at:

In this book authors have different view toward the insider threats and categorized them into four main group:
  • Pure insider
  • Insider associate
  • Insider affiliate
  • Outside affiliate

  • pure insider is the person who are employed by the company and have all access associated with it such as accessing to company's network. authors sees this group as the most important threat since they already have most of the access they need.

  • On the other hand insider associates are people who employed by the company, but they do not have as many access as pure insider. for example cleaner.

  • The third group is insider affiliate who are friend, spouse of employees or have some relation with them and use their credentials to gain access

  • Outside affiliate are unauthorized persons who use open access to gain access to company's resources. this cases do not happen because they break into you company but because we left a door open for them. for example wireless network can act as open door for outsiders.
as I mentioned in my previous post insider threat are bigger threats than outsider one. in this book authors agree with me and they mentioned these reason for it:

  1. It is easier: it is obvious when insiders already have access to the network of the organization they can endanger company's security easier
  2. most of the security devices and soft wares are implemented in order to stop external threats
  3. There is high chance of success since employees have detailed information and access they need so success is almost guaranteed
  4. since employees who have access don't break in, therefore the chance of getting caught are way lower than external one

Insider threats has been explained elaborately in this book and I really recommend you to read it .

Always scrutinize your employees

Saturday, May 1, 2010

As I have mentioned in my previous posts, nowadays insider threats are more important than outsider ones, because it is generated from inside the company, it has many types, most of the time employees do it without bad intentions and because of lack of knowledge.
Human resource is a critical resource of a company and it has direct effect on company's profitability, for example by generating right culture and attribute to support strategic goals of the company the revenue of the company can be affected considerably.

On the other hand employees can make loss for the company. What I am trying to say is that managers can take so much benefit from understanding human psychology and by scrutinizing their employees' psychology continuously,they will know in what psychological stage each of their employees are, what type of action they are capable of in those stages and on some necessary cases carry out the preventive action, in this way they can increase revenue of the company and prevent bad things that can cause losses for the company.
the process of scrutinizing employees takes so much time and money, but I believe it worth it compare to future losses that a company can incur on the future.

I found another video clip in which speaker believes that the insider threats happens mainly because of pressures and circumstances that happen in the employee's life.
so monitor your employees closely!!