Skip to: Content
Skip to: Site Navigation
Skip to: Search


Bradley Manning case signals US vulnerability to 'insider' cyberattack

The US government says Bradley Manning carried out a cyberattack from the inside, stealing thousands of secret US intelligence documents. Nearly half of US companies deal with similar cyberattacks each year, data suggest.

By Staff writer / December 22, 2011

Army Pfc. Bradley Manning (c.) is escorted out of a courthouse in Fort Meade, Md., Wednesday after a military hearing that will determine if he should face court-martial for his alleged role in a cyberattack that leaked US intelligence to WikiLeaks.

Patrick Semansky/AP

Enlarge

At a time when nation-states and hacker-activists worldwide are increasingly infiltrating US networks to steal sensitive information, the allegations against Pfc. Bradley Manning highlight a cybersecurity threat that might be just as dangerous.

Skip to next paragraph

Private Manning on Thursday enters the seventh and perhaps final day of his pretrial hearing to determine whether he should be face a full court-martial on charges of stealing and leaking US intelligence to the WikiLeaks website.

Among its accusations against Bradley, the US government says he walked out of a US military base in Iraq with a compact disc labeled "Lady Gaga" that actually held more than 251,000 secret State Department diplomatic cables.

If true, the case shows the "insider” cyberthreat to companies, governments, and organizations. The attacks can range from disgruntled employees shutting down 1,000 company mobile phones at once to insiders changing computer codes to hide any records of money they have stolen.

The trend lines for insider attacks are not as dramatic as those for outside attacks. Indeed, they have mostly held steady for a decade.  But a 2011 survey found that nearly half of the organizations it polled reported an “insider incident” last year, suggesting the threat remains significant – and perhaps overlooked.

"Companies today are going to greater lengths to keep outsiders and nation-states out of their networks, yet insiders come to work every day,” says Dawn Cappelli, technical manager of the CERT Insider Threat Center, a division of the federally funded Software Engineering Institute at Carnegie Mellon University in Pittsburgh, Pa. 

“Most of these malicious insiders do what they do every day," she adds.

During the past decade CERT has documented more than 700 cases of insider cyberattacks by previously trusted people at the computerized heart of many organizations.

The 2011 Cyber Security Watch Survey reported that 43 percent of 607 organizations queried reported an "insider incident" last year. That finding fits between the 2006 peak of 55 percent and the 2005 low of 39 percent.

The report also suggested that insider attacks are in many cases more damaging than outsider attacks. One-third of respondents said they were more costly than other types of attack, whereas 38 percent said attacks by outsiders were more costly.

Insider attacks break down to four main categories:

  • Sabotage of company computers.
  • Theft of proprietary information.
  • Release of sensitive data.
  • Espionage.

Ms. Cappelli of CERT has seen it all. 

Permissions

Read Comments

View reader comments | Comment on this story