Archive for Insider Threat
Author: Dave Lewis
May 2, 2008 at 7:29 am · Filed under Insider Threat
HSBC is back in the news again today. This time for a more positive reason than last we checked in on them. It appears that a rogue employee decided it was pay day. I guess he saw “Catch me if you can” one too many times.
From the Reg:
An HSBC worker has been charged after police were called in to investigate an alleged attempt to defraud the bank out of a whopping £70m.
City of London police have charged Jagmeet Channa, a 25-year-old from Ilford in Essex, with conspiracy to defraud, money laundering, and abusing a position of trust. Three other men have been bailed on related offences. Channa will appear in court on 25 June.
Channa was reportedly a back-office worker at the bank rather than a trader.
Nice and subtle. Well, never said he was smart.
The good ole insider threat cliche rings loud yet again.
Article Link
Author: Dave Lewis
April 18, 2008 at 5:27 am · Filed under Access Control, Insider Threat, Mobile
From Internet News:
Apple’s 160GB iPod Classic, introduced last September, is a music and movie lover’s dream machine. But for IT departments, it’s a security nightmare.
That’s because any employee can plug this pocket-sized USB storage device into their computer and use it to steal vast amounts of corporate information, including mailing lists, databases, financial records and confidential customer data.
Of course you don’t need an iPod to steal data: 4GB USB memory sticks are cheap and ubiquitous, or, for employees intent on stealing really large amounts of data, devices like Buffalo’s recently announced LinkStation Mini offer a terabyte of storage in a case that fits in the palm of the hand.
Nothing all that new in this article. But, it does give me an opportunity to point to this piece on the Windows registry for locking out USB storage devices.
Article Link
Author: Dave Lewis
April 16, 2008 at 7:59 am · Filed under Insider Threat
Here is an interesting piece from InfoWorld:
Corporations are woefully unprepared to counter attempts at corporate espionage, say experts who perform vulnerability assessments designed to uncover security weaknesses. U.S. corporations lose as much as $300 billion a year to hacking, cracking, physical security breaches, and other criminal activity, according to Ira Winkler, author of “Spies Among Us” (Wiley, 2005) and president of the Internet Security Advisors Group, which performs espionage simulations and provides other services.
Although espionage is usually associated with high-tech approaches involving wireless security breaches and zombified PCs, low-tech tactics such as walking into a building are common, says Johnny Long, a security researcher at Computer Sciences Corp. and author of “No-Tech Hacking” (Syngress, 2008).
“To me, computers are irrelevant,” Winkler says. “It’s about what data do I want, what form does it take, and how can I steal it?”
Any company can be a target, says Peter Wood, chief of operations at First Base Technologies, a U.K.-based consultancy that performs ethical hacking services. Spies are interested in anything from financial data to intellectual property and customer data. They might steal information for blackmail purposes, but “the most common motive for physical intrusion is industrial espionage,” he says.
Here are several of the most common ploys and the countermeasures you can put into place to spot — and possibly even stop — the work of a spy.
Article Link
Author: Dave Lewis
February 29, 2008 at 8:22 am · Filed under Insider Threat, Threats
Karen Salmansohn wrote a piece for the Huffington post on “cyber” war (still hate that word) from within.
From Huffington Post:
By all mainstream press accounts, the U.S. remains focused on guarding against inbound attacks by large and small enemies, a classic defensive posture anticipating warfare coming from the outside-in: a War of Mass Destruction.
But what if it’s an inside-out job — a cyber-attack via the internet: a War of Mass Disruption?
Think about it: We’ve become a nation of “internet addicts.” Even the smallest of businesses is obsessively dependent on constantly accessing, transferring, and acting upon information via the Internet.
I confess to personally often feeling like a new millennium O.C.D. character in an Oliver Sachs book: “The girl who couldn’t stop watching my email” — with minor symptoms of “google junkie.”
And the more all of us Americans increase our dependence on the Internet, the more we make the Internet a prime target for “Hacktivists” — enemy cyber terrorists.
And, it really wouldn’t be that difficult to do. I would be more concerned with bored teens at this point than with a concerted attack. Think about it. The “bad guys” take out the internet? Not entirely likely as they need it for the same reasons that China wouldn’t hit Atlanta in a nuclear strike. They would want to watch their progress on CNN.
Read on.
Article Link
Tags: Cyber War, Insider Threat
Author: Dave Lewis
February 6, 2008 at 2:13 pm · Filed under Crime, Insider Threat
Printers. Not a fan of them in general. But, they are a necessary tool in our “paperless” society. One of the more annoying aspects of printers is the exorbitant price of replacement toner cartridges. One enterprising (now former) Xerox customer service rep. decided to launch a side business to make some extra cash.
Small problem though. He was doing it with stolen product from his own company.
From the Washington Post:
Between June 2005 and October 2005, Sampayo placed orders for 18 shipments of toner cartridges worth $490,000 using bogus names for a Boeing employee requesting the toners, the U.S. Department of Justice said in a statement. Sampayo at the time was servicing copy machines at Boeing’s Tukwila, Washington facility, the DOJ said.
Xerox became suspicious about the large orders as the cartridges requested were incompatible with the copiers at the facility. Xerox and Boeing security then observed the shipments of the toners and caught Sampayo, handing him over to federal officers.
This hammerhead now faces a possible 20 years in the clink for his troubles. He is due to be sentenced on May 23rd.
Article Link
Tags: Xerox Toner Theft, Xerox Employee, Asdrubal Sampayo, Boeing Security
Author: Dave Lewis
January 25, 2008 at 7:41 am · Filed under Insider Threat
And people wonder why we security folks tend to use the “two missile key” analogy time and again. At the risk of jumping up and down on the dead horse insider threat issue here is an analysis piece on the incident.
From the Wall Street Journal:
In one of the banking world’s most unsettling recent disclosures, France’s Société Générale SA said Mr. Kerviel had cost the bank €4.9 billion, equal to $7.2 billion, by making huge unauthorized trades that he hid for months by hacking into computers. The combined trading positions he built up over recent months, say people close to the situation, totaled some €50 billion, or $73 billion.
Holy crap.
Early details, including accounts from executives at the French bank, paint a picture of an ordinary trader who used extraordinary means to game the bank’s own system and hide massive unauthorized trades on stock-index futures. Even as bank executives were scrambling to deal with the trail of destruction, they were at a loss to describe his motivations. Société Générale executives said that the early investigation indicated the trader didn’t earn a dime on his actions. They also said he appeared to be acting alone.
On his own and no one noticed? Come on now. Let go of my leg.
Read on.
Article Link
Tags: Internal Threat, Security Protocols, Internal Controls
Author: Dave Lewis
December 3, 2007 at 8:06 am · Filed under Insider Threat, SCADA Security
From Computer World:
A former employee of a small California canal system has been charged with installing unauthorized software and damaging the computer used to divert water from the Sacramento River.
Michael Keehn, 61, former electrical supervisor at the Tehama Colusa Canal Authority (TCAA) in Willows, Calif., faces 10 years in prison on charges that he “intentionally caused damage without authorization to a protected computer,” according to Keehn’s Nov. 15 indictment. He did this by installing unauthorized software on the TCAA’s Supervisory Control and Data Acquisition (SCADA) system, the indictment states.
Keehn accessed the system on or about Aug. 15, according to the indictment. He is set to appear in federal court on Dec. 4 to face charges of computer fraud.
As an electrical supervisor with the authority, he was responsible for computer systems and is still listed as the contact for the organization’s Web site.
With a staff of 16, the TCAA operates two canals, the Tehama Colusa Canal and the Corning Canal, that provide water for agriculture in central California, near the city of Chico. Both systems are owned by the federal government.
Article Link
Tags: SCADA, SCADA Security, Insider Threat
Author: Dave Lewis
November 9, 2007 at 3:00 pm · Filed under Airline Security, Insider Threat
Turns out that the Feds raided warehouses around O’Hare airport today. the temp agency that had placed the workers had allegedly done so using fake identification.
From Aero News:
Two managers at Ideal Staffing Solutions Inc, the temporary agency that hired the workers, were also arrested in the sting operation aimed at identifying “national security vulnerabilities,” according to the Chicago Tribune. The agency allegedly hired the workers despite the fact they were in the country illegally, and provided them with deactivated badges giving them access to secure areas around O’Hare.
“Most of these workers loaded pallets, freight and meals for companies doing business at O’Hare,” including commercial airlines, according to US Immigration and Customs Enforcement special agent Elissa A. Brown. “The government can’t be too vigilant when it comes to airport employees gaining access to secure areas, especially if they lie about their identities and we have no idea who they are, and what their true intentions may be.”
ICE agents cited several incidents of alleged shady practices at Ideal Staffing… including actions by manager Norinye Benitez, who allegedly pushed a box filled with 20 ID badges toward a worker, and instructed him to “pick one with a picture that most closely resembled his own likeness.” That worker, who was cooperating with federal agents, used the deactivated badge to access a United Airlines cargo facility, officials say.
It is truly frightening what some unscrupulous companies will do in search of a quick buck. At the risk of leaning on the FUD button, this could have had a much different ending.
Article Link
Tags: O’Hare Illegal Workers, O’Hare Employee Fake ID, Fake ID
Author: Dave Lewis
July 3, 2007 at 9:09 pm · Filed under Data Security, Insider Threat
Is it little more than basic human instinct to avoid trouble that causes people to do stupid things? An IT staffer at the VA has been accused of covering up the enormity of a data breach by trying to mislead investigators.
From Information Week:
Investigators are saying the IT specialist who lost the external hard drive at the U.S. Department of Veterans Affairs failed to follow procedures that would have protected the data, and then he deleted and encrypted files to hide the extent of the data loss.
However, the VA’s Office of Inspector General isn’t stopping there with its criticism. James J. O’Neill, assistant inspector general for investigations, wrote in a report that managers did not follow security policies, failed to physically secure the building, gave the IT specialist too much access, and were not even physically present to oversee daily operations.
The VA, which has been plagued by lost computers in recent years, had earlier revealed that in late January an employee at the Birmingham, Ala., VA Medical Center reported an external hard drive missing. That drive, said the worker, may have contained veterans’ personal files, some of which may have been stored on the drive in unencrypted form. The initial figures released to the public showed that 48,000 veterans’ records were on the drive, and as many as 20,000 weren’t encrypted.
Processes are in place for good reason. I can attest to that. This story is a perfect example of how things can spiral out of control.
Article Link
Tags: VA, Major Data Loss, Veterans Affairs, Data Theft
Author: Dave Lewis
July 3, 2007 at 4:34 pm · Filed under Crime, Data Security, Insider Threat
Here is a poignant example as to why enterprises have to keep tabs on their employees.
From MSNBC:
Fidelity National Information Services, a financial processing company, said Tuesday a worker at one of its subsidiaries stole 2.3 million consumer records containing credit card, bank account and other personal information.
The employee sold the information to an unidentified data broker. The broker then sold it to several direct marketing companies, but the data was not used in identity theft or other fraudulent financial activity, officials from Fidelity subsidiary Certegy Check Services Inc. said in a conference call.
About 2.2 million records stolen from Certegy contained bank account information and 99,000 contained credit card information, company officials said.
“As a result of this apparent theft, the consumers affected received marketing solicitations from the companies that bought the data,” said Renz Nichols, president of St. Petersburg-based Certegy.
“We believe that is the extent of any damage to the public,” he said.
Too often in the past I have encountered companies who “trust their employees”. An ounce of prevention.
Article Link
Tags: Dat Theft, Privacy, Fidelity Data Theft, Insider Threat
Explore
Security Bloggers Network
