Insider Threats Cases

In one very interesting article "The Insider Threat to Information Systems The Psychology of the Dangerous Insider" by Eric Shaw, Ph.D., Keven G. Ruby, M.A. and Jerrold M. Post, M.D" I found some summarized cases related to malicious kind of insider threats, in which they have been interestingly catagorized:

Peopleware Problems

people who designed the systems, attack the systems, and understanding the psychology of information systems criminals is crucial to protecting those systems.

• A Management Information Systems (MIS) professional at a military facility learns she is going to be downsized. She decides to encrypt large parts of the organization’s database and hold it hostage. She contacts the systems administrator responsible for the database and offers to decode the data for $10,000 in “severance pay” and a promise of no prosecution. He agrees to her terms before consulting with proper authorities. Prosecutors reviewing the case determine that the administrator’s deal precludes them from pursuing charges.

• At the regional headquarters of an international energy company, an MIS contractor effectively “captures” and closes off the UNIX-based telephonic switching system for the entire complex. Investigators discover that the contractor had been notified a week earlier that he was being terminated in part for chronic tardiness. Further investigation finds the employee to have two prior felony convictions and to be a member of a notorious hacker group under investigation by the FBI. The employee reports he is often up all night helping colleagues with their hacking techniques. Additional investigation reveals that he is the second convicted hacker hired at this site. An earlier case involved a former member of the Legion of Doom who had been serving as a member of a corporate information security team. He had been convicted of computer intrusion at a local phone company. Neither individual had disclosed their criminal history or had been subject to background checks sufficient to discover their past activities.

Threats with Purpose of Ego Gratification

• A senior MIS specialist at an international energy firm regularly created outages at Company sites around the world so that he could spend time abroad while gaining attention for his technical expertise.

• Michael Lauffenberger, a 31-year old programmer for the General Dynamics Atlas Missile Program, reportedly felt unappreciated for his programming work on a parts-tracking system. He planted a “logic bomb” in the system designed to erase critical data after he resigned. He then anticipated returning to rescue the company as a highly paid and valued consultant.

Greedy Type

• Regional PC manager for the King Soopers supermarket chain Jay Beaman and two clerks were charged in an intricate computer fraud that cost the supermarket over two million dollars over two years. The motives are described by investigators as beginning with financial necessity but quickly escalating into greed and ego. Among the strategies used was manipulating the computer accounting system to funnel certain purchases into a dummy account. At the end of the day, the perpetrators would take the amount funneled into the dummy account right out of the cash registers and then delete the account, also erasing any trace of their fraud.

Caused By poor screening measures

• A major international energy company

  recently discovered a logic bomb in software

  created by a contracted employee. It was

  installed as “job insurance” by the contracted

  employee with five prior convictions related to

  hacking. The contractor’s firm failed to screen

  this employee who installed the code in anticipation

  of using it as leverage against his employer in

  case his criminal record was discovered.

Ambiguous Motives

• Zhangyi Liu, a Chinese computer

  programmer working as a subcontractor for

  Litton/PRC Inc., illegally accessed sensitive Air

  Force information on combat readiness. He also

  copied passwords, which allow users to create,

  change or delete any file on the network, and

  posted them on the Internet.

Former Employees Threats

• Donald Burleson, a computer programmer

  for USPA & IRA Co., a Fort Worth

  securities trading firm, designed a virus after

  being reprimanded for storing personal letters on

  his company computer. The virus was designed

  to erase portions of the Company’s mainframe

  and then repeat the process if a predetermined

  value was not reset in a specific location. After

  being fired, Burleson used a duplicate set of keys

  to return to the facility at 3 a.m. and employ an

  unauthorized backdoor password to reenter the

  system and execute the virus.

Foreign connections

of IT specialists

• On the programming staff of Ellery Systems, a Boulder Colorado software firm working on advanced distributive computing software, was a Chinese national who transferred, via the Internet, the firms entire proprietary source code to another Chinese national working in the Denver area. The software was then transferred to a Chinese company, Beijing Machinery. Ellery Systems was subsequently driven to bankruptcy by foreign competition directly attributed to the loss of the source code.

Best way to protect companies against insider threats is to get familiarized with their types.

studying cases are the best way for this purpose. I'll try to find more cases to share with.