Enemy at The Water Cooler

Another insider threat book????

That's right guys, in this post I decided to introduce another interesting book related to insider threats. The good thing is that the whole book is available online, you can read it at:

http://books.google.com.my/books?id=LKRGF8WQ-cQC&pg=PA57&lpg=PA57&dq=insider+threat+examples&source=bl&ots=d5szCkXZtJ&sig=eVMAN0QL70HxbsYW0K9nngl_N2Y&hl=en&ei=ew8bTNW5AtHBrAfRpeytDA&sa=X&oi=book_result&ct=result&resnum=1&ved=0CBkQ6AEwADgK#v=onepage&q=insider%20threat%20examples&f=false

This book is full of good examples of insider threats and wonderful guidance regard of protective measures. Make sure to read examples in chapter 2 page 57. Enjoy!!

Even Google has it!!!

Hello again!!

I beleive you all heard about dispute between google and china regard the internet censorship of this country and there is possibility that google close its branch in the China soon. Durring the despute there was repeated attempts to hack into the Gmail accounts of Chinese human rights activists which according to Reuters, who cited two unnamed sources, Google was looking into the notion that their own employees helped instigate the attack on their infrastructure.

you can look up the story in following links:

http://www.eweekeurope.co.uk/news/news-security/google-investigates-insider-threat-after-china-hack-3061

http://www.thetechherald.com/article.php/201003/5098/Google-investigating-insider-threat-possibility

http://blogs.securiteam.com/index.php/archives/category/insider-threat/

So if google may has insider threats, other companies should be really worry about it!!

Interesting thing here is that after google was hacked by china, they carried out a counterattack!!

DuPont Case

Hey guys, I searched for insider threat cases in the web for you and you will be surprised to find out how many cases I found, I mean a lot!!!!

how ever some were more interesting than the others and DuPont case was one of them.

the story is from:

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1244018_mem1,00.html

DuPont Case

Gary Min, also known as Yonggang Min, is a former senior chemist for DuPont who faces up to a decade in prison and a $250,000 fine after pleading guilty to stealing trade secrets in November. The case was unsealed by federal prosecutors in Wilmington, Del., Thursday.

Min, 43, was accused of stealing approximately $400 million worth of information from DuPont and attempting to leak it to a third party. He is scheduled to be sentenced March 29.

According to local news reports, a naturalized U.S. citizen from China surrendered his passport and is cooperating with federal authorities. Min's attorney, Michael Mustokoff, said his client accepts responsibility for what he did.

Investigators say Min joined DuPont in 1995 but began exploring a new job opportunity in Asia in 2005 with Victrex PLC, a DuPont competitor. Shortly after opening the dialog with Victrex, Min reportedly proceeded to download approximately 22,000 abstracts from DuPont's data library and accessed about 16,700 documents. After Min gave his notice, DuPont discovered what he was up to and brought in the FBI.

In the DuPont case, Ben-Natan noted how Min downloaded tens of thousands of documents. "A normal employee wouldn't need to review 16,000 documents. Why would you? In hindsight, they would find that a normal employee wouldn't download more than a couple hundred documents a day," Ben-Natan said. "The key is to know what is normal activity so you can spot the abnormal."

you can also find more information about DuPont case in following websites:

http://www.informationweek.com/news/security/showArticle.jhtml?articleID=197006474

http://www.computerworld.com/s/article/283564/DuPont_Data_Theft_Shows_Insider_Risks

these so many cases confirm this fact that insider threat is very important issue and ignoring it can create huge losses for the companies.

thanks to these cases we can get better understanding of the ways that employees position themselves as insider threat.

these experiences created so much losses for its company but its free for you!!! so don't hesitate of reading the cases.

Inside Security Tactics

Can we protect our network and information against unauthorized insiders by using the same protective measures and applications that we use against outsiders?

If you think we can then check this out!!

Statistics

Trust me, you will get surpised when you read it!!!

Infomation bellow extracted from:

http://www.syfuhs.net/article/145.aspx?rss

Survey participants in London and New York: 600

• Departing workers who took sensitive information with them: 40%
• Portion who would provide this information if it would help to find another job: 1/3
• Percentage of employees who are aware of the illegality of stealing information: 85%
• Portion of this population who do it any way: 1/2
• Percentage who believe it will be useful it some point in the future: >50%
• Percentage who find it easier to pilfer information this year: 57%
• Percentage last year: 29%
• Percentage who claimed they would take company info if fired tomorrow: 48%
• Percentage who would download company/competitive information if their jobs are at risk: 39%
• Portion of workers who have lost loyalty to their employers because of the recession: 1/4
• Percentage of those who take information “just in case”: 64%
• Percentage who would use the information in future job negotiations: 27%
• Percentage who would use the information as tools in their new jobs: 20%
• Those who would take customer and contact details: 29%

Stuff Stolen:

• Plans and proposals: 18%
• Passwords and access codes: 13%
• Product information: 11%

Those would go out of their way:

• Percentage of workers who would strive to find the redundancy list: 32%
• Percentage of those who would bribe a co-worker in the human resources department: 43%
• Who would use their own IT-granted access rights: 37%
• Who would use personal contacts of those in the IT dep

There are also some other statistics from Europe which I got from:

http://www.schneier.com/blog/archives/2005/12/insider_threat.html

• One in five workers (21%) let family and friends use company laptops and PCs to access the Internet.
• More than half (51%) connect their own devices or gadgets to their work PC.
• A quarter of these do so every day.
• Around 60% admit to storing personal content on their work PC.
• One in ten confessed to downloading content at work they shouldn't.
• Two thirds (62%) admitted they have a very limited knowledge of IT Security.
• More than half (51%) had no idea how to update the anti-virus protection on their company PC.
• Five percent say they have accessed areas of their IT system they shouldn't have.

So what do you think about it?did you expect this? these statistics somehow change my view toward the employees and I think I won't be able to trust one anymore. Don't you agree with me?

Popular Case of Terry Childs

One of the most controversial cases related to insider threats and computer crimes which occurred in recent year is the case of "Terry Childs".

In July 2008, Terry Childs, network administrator of city of San Fransisco was charged with computer crime in four counts and was arrested and held on 5 million U.S dollar.

The story of Terry Childs was not clearly revealed by authorities, however I found some information about terry's story in one article called "The Story Behind San Francisco's Rogue Network Admin" by" Paul Venezia, InfoWorld"

http://www.pcworld.com/businesscenter/article/148669-1/the_story_behind_san_franciscos_rogue_network_admin.html

It seems that Terry was very intelligent, knowledgeable man, who worked in the company's IT department for long time and worked as network engineer and it seems that he was very good in his job. In July 9, 2008, in very tense situation confronted by management, terry refused to hand over router password to Company (city) staffer. Three days later he was arrested.

exactly what happened was not officially revealed.

Regardless that terry's crime had just or unjust excuse, it is consider as a obvious case of computer crime which is done by an employee, thus we can categorize it as a case of insider threat.

There are many information and opinion about Terry's case, moreover you can read about his court trials.

see also this website:

http://www.infoworld.com/t/insider-threat/how-terry-childs-case-could-harm-password-security-802

Another video!!!

Here is another video in which theses IT guys explain about insider threats, why it requires immediate attention and what are the protective measures.

Enjoy!!!!