Enemy at The Water Cooler

Another insider threat book????

That's right guys, in this post I decided to introduce another interesting book related to insider threats. The good thing is that the whole book is available online, you can read it at:

http://books.google.com.my/books?id=LKRGF8WQ-cQC&pg=PA57&lpg=PA57&dq=insider+threat+examples&source=bl&ots=d5szCkXZtJ&sig=eVMAN0QL70HxbsYW0K9nngl_N2Y&hl=en&ei=ew8bTNW5AtHBrAfRpeytDA&sa=X&oi=book_result&ct=result&resnum=1&ved=0CBkQ6AEwADgK#v=onepage&q=insider%20threat%20examples&f=false

This book is full of good examples of insider threats and wonderful guidance regard of protective measures. Make sure to read examples in chapter 2 page 57. Enjoy!!

Even Google has it!!!

Hello again!!

I beleive you all heard about dispute between google and china regard the internet censorship of this country and there is possibility that google close its branch in the China soon. Durring the despute there was repeated attempts to hack into the Gmail accounts of Chinese human rights activists which according to Reuters, who cited two unnamed sources, Google was looking into the notion that their own employees helped instigate the attack on their infrastructure.

you can look up the story in following links:

http://www.eweekeurope.co.uk/news/news-security/google-investigates-insider-threat-after-china-hack-3061

http://www.thetechherald.com/article.php/201003/5098/Google-investigating-insider-threat-possibility

http://blogs.securiteam.com/index.php/archives/category/insider-threat/

So if google may has insider threats, other companies should be really worry about it!!

Interesting thing here is that after google was hacked by china, they carried out a counterattack!!

DuPont Case

Hey guys, I searched for insider threat cases in the web for you and you will be surprised to find out how many cases I found, I mean a lot!!!!

how ever some were more interesting than the others and DuPont case was one of them.

the story is from:

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1244018_mem1,00.html

DuPont Case

Gary Min, also known as Yonggang Min, is a former senior chemist for DuPont who faces up to a decade in prison and a $250,000 fine after pleading guilty to stealing trade secrets in November. The case was unsealed by federal prosecutors in Wilmington, Del., Thursday.

Min, 43, was accused of stealing approximately $400 million worth of information from DuPont and attempting to leak it to a third party. He is scheduled to be sentenced March 29.

According to local news reports, a naturalized U.S. citizen from China surrendered his passport and is cooperating with federal authorities. Min's attorney, Michael Mustokoff, said his client accepts responsibility for what he did.

Investigators say Min joined DuPont in 1995 but began exploring a new job opportunity in Asia in 2005 with Victrex PLC, a DuPont competitor. Shortly after opening the dialog with Victrex, Min reportedly proceeded to download approximately 22,000 abstracts from DuPont's data library and accessed about 16,700 documents. After Min gave his notice, DuPont discovered what he was up to and brought in the FBI.

In the DuPont case, Ben-Natan noted how Min downloaded tens of thousands of documents. "A normal employee wouldn't need to review 16,000 documents. Why would you? In hindsight, they would find that a normal employee wouldn't download more than a couple hundred documents a day," Ben-Natan said. "The key is to know what is normal activity so you can spot the abnormal."

you can also find more information about DuPont case in following websites:

http://www.informationweek.com/news/security/showArticle.jhtml?articleID=197006474

http://www.computerworld.com/s/article/283564/DuPont_Data_Theft_Shows_Insider_Risks

these so many cases confirm this fact that insider threat is very important issue and ignoring it can create huge losses for the companies.

thanks to these cases we can get better understanding of the ways that employees position themselves as insider threat.

these experiences created so much losses for its company but its free for you!!! so don't hesitate of reading the cases.

Inside Security Tactics

Can we protect our network and information against unauthorized insiders by using the same protective measures and applications that we use against outsiders?

If you think we can then check this out!!

Statistics

Trust me, you will get surpised when you read it!!!

Infomation bellow extracted from:

http://www.syfuhs.net/article/145.aspx?rss

Survey participants in London and New York: 600

• Departing workers who took sensitive information with them: 40%
• Portion who would provide this information if it would help to find another job: 1/3
• Percentage of employees who are aware of the illegality of stealing information: 85%
• Portion of this population who do it any way: 1/2
• Percentage who believe it will be useful it some point in the future: >50%
• Percentage who find it easier to pilfer information this year: 57%
• Percentage last year: 29%
• Percentage who claimed they would take company info if fired tomorrow: 48%
• Percentage who would download company/competitive information if their jobs are at risk: 39%
• Portion of workers who have lost loyalty to their employers because of the recession: 1/4
• Percentage of those who take information “just in case”: 64%
• Percentage who would use the information in future job negotiations: 27%
• Percentage who would use the information as tools in their new jobs: 20%
• Those who would take customer and contact details: 29%

Stuff Stolen:

• Plans and proposals: 18%
• Passwords and access codes: 13%
• Product information: 11%

Those would go out of their way:

• Percentage of workers who would strive to find the redundancy list: 32%
• Percentage of those who would bribe a co-worker in the human resources department: 43%
• Who would use their own IT-granted access rights: 37%
• Who would use personal contacts of those in the IT dep

There are also some other statistics from Europe which I got from:

http://www.schneier.com/blog/archives/2005/12/insider_threat.html

• One in five workers (21%) let family and friends use company laptops and PCs to access the Internet.
• More than half (51%) connect their own devices or gadgets to their work PC.
• A quarter of these do so every day.
• Around 60% admit to storing personal content on their work PC.
• One in ten confessed to downloading content at work they shouldn't.
• Two thirds (62%) admitted they have a very limited knowledge of IT Security.
• More than half (51%) had no idea how to update the anti-virus protection on their company PC.
• Five percent say they have accessed areas of their IT system they shouldn't have.

So what do you think about it?did you expect this? these statistics somehow change my view toward the employees and I think I won't be able to trust one anymore. Don't you agree with me?

Popular Case of Terry Childs

One of the most controversial cases related to insider threats and computer crimes which occurred in recent year is the case of "Terry Childs".

In July 2008, Terry Childs, network administrator of city of San Fransisco was charged with computer crime in four counts and was arrested and held on 5 million U.S dollar.

The story of Terry Childs was not clearly revealed by authorities, however I found some information about terry's story in one article called "The Story Behind San Francisco's Rogue Network Admin" by" Paul Venezia, InfoWorld"

http://www.pcworld.com/businesscenter/article/148669-1/the_story_behind_san_franciscos_rogue_network_admin.html

It seems that Terry was very intelligent, knowledgeable man, who worked in the company's IT department for long time and worked as network engineer and it seems that he was very good in his job. In July 9, 2008, in very tense situation confronted by management, terry refused to hand over router password to Company (city) staffer. Three days later he was arrested.

exactly what happened was not officially revealed.

Regardless that terry's crime had just or unjust excuse, it is consider as a obvious case of computer crime which is done by an employee, thus we can categorize it as a case of insider threat.

There are many information and opinion about Terry's case, moreover you can read about his court trials.

see also this website:

http://www.infoworld.com/t/insider-threat/how-terry-childs-case-could-harm-password-security-802

Another video!!!

Here is another video in which theses IT guys explain about insider threats, why it requires immediate attention and what are the protective measures.

Enjoy!!!!

Office Space

Hello guys!!!!

In this post I want to recommend one interesting movie that I saw long time ago which is related to the topic of this blog, the name of this very very interesting movie is "Office Space"

The name of this movie refer to bad and depressing work condition of some employees of one company who work in small cubicles and hate their jobs.

"We have to space out all day, in other word we have to look at our computer which it seems that we are working but we are not, but the trying to be seen as a working employee require as much effort as the job itself" Peter Gibbons commented about his job.

I really recommend the MBA students specially students with Human Resource speciality to see this movie, in which we clearly see why motivating employees is so important.

Anyway, in this movie Peter Gibbons, who believes that every day is the worst day of his life and also have some problem in his love life decide to seek professional help and go to see a psychiatrist. The shrink decide to hypnotise him, so he send Peter to a place that there is no concerns and worries, however the shrink have heart attack in middle of his work, and peter stays in his condition in which he doesn't worry about anything anymore, and creates funny and amazing consequences and make peter successful in his work.

The reason that I saw this movie as a good example of insider threat and cybercrime is that the company in which Peter is working decides to layoff some of its employees. When layoffs affect Peter's two best friends, they conspire to plant a virus that will embezzle money from the company into their account.

This movie clearly shows a case of Insider threat in which unhappy employees decide to manipulate company's network by planting a virus and steal the company's money.

Make sure to see this movie, it does really worth seeing.

here is the trailer of this movie, enjoy!!

Global recession causing more security risk

Increasingly displaced and malicious employees are turning to cyber crime by trying to damage and exploit, steal information network which can cost a lot for the company, here we talk about billions of dollars guys!!!! do not underestimate it.

nowadays due to global recession companies' vital informations are at greater risk than ever before.

based on an official report "Unsecured Economies: Protecting Vital Information" which was released at World Economic Forum shows the 42 percent increase in corporations' security risk and suggest that the biggest threat to sensitive information are insiders!!!!

here is another cases of insider threats that i found from (http://www.readwriteweb.com/archives/laid_off_employees_turning_to.php)

"The most recent example can be found in disgruntled Fannie Mae engineer Rajendrashinh Makwana who was indicted for allegedly planting a logic bomb in the mortgage lender's computer network. Fortunately, the embedded code was discovered by another engineer before it caused any damage, which would have been substantial. "Had the virus been released it would have caused millions of dollars of damage and reduced if not shut down operations for at least a week," said FBI Special Agent Jessica Nye.

According to some reports this breach may have been averted had Fannie Mae terminated Makwana's network access immediately after firing him.

Last year, Terry Childs, a San Francisco computer engineer was charged with masterminding the hijacking of the city's network when he allegedly refused to allow other administrators to get into the system; locking down law enforcement records and payroll documents.

In another 2008 incident, 21 year old David Everett, a tech support person at Wand Corporationdecided to turn to cybercrime to seek revenge on his former employer after he was laid off. Breaking into the network, Everett allegedly planted three malicious files on 1000 servers in an attempt to bring the system down. Although he did get into the system, he only managed to crash 25 computers before the company was informed of the attack by concerned customers. Earlier this year, Everett pleaded guilty to computer hacking charges and now faces 10 years in prison.

Clearly, corporations must begin to proactively protect themselves against insider cybercrime."

Ways of malicious insider's attack

here is a video about the ways that malicious insider can harm the company's network. In this video we are also persented by possible protective measurs.

Insider Threats e-book

Here is very interesting book about insider threat. the whole book is available at:

http://books.google.com.my/books?id=3tOVQwCaKikC&printsec=frontcover&dq=insider+threat&source=bl&ots=3uYD_E_Aay&sig=Zvjyohm-X-5ZVeJnBO20AHFSmkE&hl=en&ei=dy_hS6PvC4GmrQfV3pWoBw&sa=X&oi=book_result&ct=result&resnum=9&ved=0CDUQ6AEwCA#v=onepage&q&f=false

In this book authors have different view toward the insider threats and categorized them into four main group:

• Pure insider
• Insider associate
• Insider affiliate
• Outside affiliate

• pure insider is the person who are employed by the company and have all access associated with it such as accessing to company's network. authors sees this group as the most important threat since they already have most of the access they need.

• On the other hand insider associates are people who employed by the company, but they do not have as many access as pure insider. for example cleaner.

• The third group is insider affiliate who are friend, spouse of employees or have some relation with them and use their credentials to gain access

• Outside affiliate are unauthorized persons who use open access to gain access to company's resources. this cases do not happen because they break into you company but because we left a door open for them. for example wireless network can act as open door for outsiders.

as I mentioned in my previous post insider threat are bigger threats than outsider one. in this book authors agree with me and they mentioned these reason for it:

1. It is easier: it is obvious when insiders already have access to the network of the organization they can endanger company's security easier
2. most of the security devices and soft wares are implemented in order to stop external threats
3. There is high chance of success since employees have detailed information and access they need so success is almost guaranteed
4. since employees who have access don't break in, therefore the chance of getting caught are way lower than external one

Insider threats has been explained elaborately in this book and I really recommend you to read it .

Always scrutinize your employees

As I have mentioned in my previous posts, nowadays insider threats are more important than outsider ones, because it is generated from inside the company, it has many types, most of the time employees do it without bad intentions and because of lack of knowledge.

Human resource is a critical resource of a company and it has direct effect on company's profitability, for example by generating right culture and attribute to support strategic goals of the company the revenue of the company can be affected considerably.

On the other hand employees can make loss for the company. What I am trying to say is that managers can take so much benefit from understanding human psychology and by scrutinizing their employees' psychology continuously,they will know in what psychological stage each of their employees are, what type of action they are capable of in those stages and on some necessary cases carry out the preventive action, in this way they can increase revenue of the company and prevent bad things that can cause losses for the company.

the process of scrutinizing employees takes so much time and money, but I believe it worth it compare to future losses that a company can incur on the future.

I found another video clip in which speaker believes that the insider threats happens mainly because of pressures and circumstances that happen in the employee's life.

so monitor your employees closely!!

Disclaimer

DISCLAIMER

This weblog is created for the purposes of an MBA project for the subject BYL 7134, Cyberlaw. The materials posted on this weblog are for the purposes of the assignment as well as study and non-profit research. Appropriate acknowledgements to the materials that do not belong to the weblog owner have been publicly made. If you are the author or a copyright owner of any of the articles posted in this weblog and you object to such posting on any grounds, including copyright infringement, please contact me and I will take your material down. I state herein that I am relying on the doctrine of fair use. Thank you for supporting my blog.

Insider Threats Cases

In one very interesting article "The Insider Threat to Information Systems The Psychology of the Dangerous Insider" by Eric Shaw, Ph.D., Keven G. Ruby, M.A. and Jerrold M. Post, M.D" I found some summarized cases related to malicious kind of insider threats, in which they have been interestingly catagorized:

Peopleware Problems

people who designed the systems, attack the systems, and understanding the psychology of information systems criminals is crucial to protecting those systems.

• A Management Information Systems (MIS) professional at a military facility learns she is going to be downsized. She decides to encrypt large parts of the organization’s database and hold it hostage. She contacts the systems administrator responsible for the database and offers to decode the data for $10,000 in “severance pay” and a promise of no prosecution. He agrees to her terms before consulting with proper authorities. Prosecutors reviewing the case determine that the administrator’s deal precludes them from pursuing charges.

• At the regional headquarters of an international energy company, an MIS contractor effectively “captures” and closes off the UNIX-based telephonic switching system for the entire complex. Investigators discover that the contractor had been notified a week earlier that he was being terminated in part for chronic tardiness. Further investigation finds the employee to have two prior felony convictions and to be a member of a notorious hacker group under investigation by the FBI. The employee reports he is often up all night helping colleagues with their hacking techniques. Additional investigation reveals that he is the second convicted hacker hired at this site. An earlier case involved a former member of the Legion of Doom who had been serving as a member of a corporate information security team. He had been convicted of computer intrusion at a local phone company. Neither individual had disclosed their criminal history or had been subject to background checks sufficient to discover their past activities.

Threats with Purpose of Ego Gratification

• A senior MIS specialist at an international energy firm regularly created outages at Company sites around the world so that he could spend time abroad while gaining attention for his technical expertise.

• Michael Lauffenberger, a 31-year old programmer for the General Dynamics Atlas Missile Program, reportedly felt unappreciated for his programming work on a parts-tracking system. He planted a “logic bomb” in the system designed to erase critical data after he resigned. He then anticipated returning to rescue the company as a highly paid and valued consultant.

Greedy Type

• Regional PC manager for the King Soopers supermarket chain Jay Beaman and two clerks were charged in an intricate computer fraud that cost the supermarket over two million dollars over two years. The motives are described by investigators as beginning with financial necessity but quickly escalating into greed and ego. Among the strategies used was manipulating the computer accounting system to funnel certain purchases into a dummy account. At the end of the day, the perpetrators would take the amount funneled into the dummy account right out of the cash registers and then delete the account, also erasing any trace of their fraud.

Caused By poor screening measures

• A major international energy company

  recently discovered a logic bomb in software

  created by a contracted employee. It was

  installed as “job insurance” by the contracted

  employee with five prior convictions related to

  hacking. The contractor’s firm failed to screen

  this employee who installed the code in anticipation

  of using it as leverage against his employer in

  case his criminal record was discovered.

Ambiguous Motives

• Zhangyi Liu, a Chinese computer

  programmer working as a subcontractor for

  Litton/PRC Inc., illegally accessed sensitive Air

  Force information on combat readiness. He also

  copied passwords, which allow users to create,

  change or delete any file on the network, and

  posted them on the Internet.

Former Employees Threats

• Donald Burleson, a computer programmer

  for USPA & IRA Co., a Fort Worth

  securities trading firm, designed a virus after

  being reprimanded for storing personal letters on

  his company computer. The virus was designed

  to erase portions of the Company’s mainframe

  and then repeat the process if a predetermined

  value was not reset in a specific location. After

  being fired, Burleson used a duplicate set of keys

  to return to the facility at 3 a.m. and employ an

  unauthorized backdoor password to reenter the

  system and execute the virus.

Foreign connections

of IT specialists

• On the programming staff of Ellery Systems, a Boulder Colorado software firm working on advanced distributive computing software, was a Chinese national who transferred, via the Internet, the firms entire proprietary source code to another Chinese national working in the Denver area. The software was then transferred to a Chinese company, Beijing Machinery. Ellery Systems was subsequently driven to bankruptcy by foreign competition directly attributed to the loss of the source code.

Best way to protect companies against insider threats is to get familiarized with their types.

studying cases are the best way for this purpose. I'll try to find more cases to share with.

Data breach. Inside Job???

That's right guys, insider threats are now hot stuff!! malicious and careless users are now considered bigger threat than external ones. I mean you can establish firewall, antivirus and anti spam programs to defend your system against external threats, but when you are dealing with internal threats, you don't know where and when its going to hit you. well, you can guess the malicious ones somehow. I mean when you see an employee who is angry at the corporation, it will give you heads up.

However, the careless ones are the bad one. they themselves even don't know that they are creating threat for the company, how you can know!!!!!!

for example in many companies employee write their user name and password on peace of paper and put it on the wall!!!!

I found a video clip of one seminar with topic of "Data Breach" which is quite interesting. In this clip we are presented with two cases of these careless employees. So again, don't underestimate them, they can cost a fortune for their company.

enjoy....

Insider Carelessness = Big threat!!!!

In this post I've decided to share some information about one of the most important aspects of insider threats which is careless employees!! that's right, and it is big one!!!!!

Stefanie Hoffman in "RSA: Insider Carelessness Cause Of Most Security Threats" believes that the greatest threat to any workplace will likely to be from an insider and it will probably be an accident and based on a survey released from RSA, the security division of EMC, the biggest threats in a workplace are often unintentional, often resulting from carelessness or ignorance of individuals within the organization or company.

"The bad guys are into fraud. They're very well funded, and they are extremely motivated to make money. You can reduce a lot of risk by taking away the innocent mistakes."

Hoffman catagorized these innocent mistakes as bellow:

1. Some of these innocent mistakes are committed by individuals who circumvent security regulations just to get their jobs done. In on other survey, 63 percent of employees said that they frequently or sometimes sent work documents to their personal e-mail address so they could complete their tasks at home, and more than half said that they have accessed their work e-mail from a public computer

2. trusting workers literally hold the door wide open for perpetrators. More than a third of respondents said they have opened a secured door for someone they didn't recognize at work, while 40 percent of workers said that someone else they didn't know let them into their building after they had forgotten their access card or key. And of the two-thirds of respondents that said their company provides a wireless network, 19 percent said that access was completely open, with no login credentials required.

"Massive damage is being done to brands. It can be devastating for a small company. If a law firm has had a breach, that can be devastating. They don't have to have 5,000 or more employees," said Chris Clinton, RSA director of worldwide channels.