Email this article   Print article 


CERT: Insider Threats Can Have Costly Security Consequences

By Marcia Savage
February 28, 2013    7:58 PM ET

Page 2 of 2

Shared computers are another source of potential insider fraud she said. At a university, two students loaded malware onto publicly accessible computers in order to steal credentials and spy on student records and professors' communications. At a hospital, a disgruntled security guard with a background in system administration installed malware on systems. He boasted of his work by videotaping it, which another hacker saw and contacted the FBI.

"If his malware had executed, it probably would have cost lives," CERT's Cappelli said.

At a retail company, a network engineer who knew he was going to be fired created a VPN token for a fake employee before he left. He then called the company's help desk and pretended to be a new employee to activate the credential. Several months later, he deleted corporate email accounts, virtual machines and wreaked havoc in general.

Another case was simply tremendously embarrassing for the CEO of a company. When he was giving a PowerPoint presentation to the board, the presentation shut down and was replaced with pornography. The culprit, who installed a keylogger to sabotage the presentation, was the MIS director the CEO had recently fired.

In another case, three employees at a law firm used Dropbox to transfer 78,000 client files outside the organization before they all abruptly quit. They set up the information sync in both directions, so that their former employer wound up with modified data, which led to unhappy clients.

Organizations can use mitigation measures, such as tuning an intrusion detection system to watch out for Web protocols associated with the service, to protect themselves from such inappropriate use of services like Dropbox, Alex Nicoll, lead of the technical solutions team at CERT. And, organizations can monitor system traffic to track down unauthorized access of file sharing utilities, he said.

Cappelli described an insider threat case in which a financial engineer stole a hedge firm's trading algorithm by using two virtual machines to bypass the firm's security mechanisms. He had plans to set up his own hedge firm in China.

Nicoll said steps organizations can take to prevent misuse of virtual machines include scanning memory files and tying virtual environments into existing security systems.

PUBLISHED FEB. 28, 2013

<< Previous | 1 | 2

To continue reading this article, please download the free CRN Tech News app for your iPad or Windows 8 device.
Related: Videos | Slide Shows | Comments

SHARE THIS ARTICLE

More Security

Comments by
Recent Articles

Head-To-Head: Symantec Vs. McAfee In Endpoint Protection

McAfee and Symantec are archrivals with a firm grip on the North American security market. CRN pits both vendors' endpoint security products against each other and names a winner.

The 8 Steps Behind The Massive $45M Cyber Bank Heist

More than $45 million was stolen from banks in the U.S. and 19 other countries in a scheme that law enforcement is calling an international conspiracy to drain millions from bank accounts using stolen debit cards and PIN numbers. Here's how they did it.

Name Of The Game: Top 10 States For Identity Theft

A Federal Trade Commission report provides statistics on identity theft and fraud complaints in 2012. Learn which state has the dubious distinction of having the most victims.
  More Slide Shows




Related Videos
Loading...


 




Related Articles