Bradley Manning case signals US vulnerability to 'insider' cyberattack
The US government says Bradley Manning carried out a cyberattack from the inside, stealing thousands of secret US intelligence documents. Nearly half of US companies deal with similar cyberattacks each year, data suggest.
(Page 2 of 2)
One company's mobile devices were suddenly disabled for nearly 1,000 employees, grinding sales and delivery operations to a halt for days, she wrote in a June report. A network architect had programmed the cyber “bomb” to go off three months to the day after resigning after being demoted.Skip to next paragraph
Subscribe Today to the Monitor
In another instance, a company sued a former programmer who was discovered selling a competing product at a tradeshow. Investigators discovered copies of the company's source code on his home computer – stolen on his last day of work there, Cappelli's report recounts.
Fraud is usually a longer-term, more subtle insider attack, she notes. A financial company’s audit discovered a $90,000 discrepancy in a software engineer's personal loan account. As it turns out, the employee had modified critical source code to siphon off money to cover fraudulent personal loans he had created.
And the 700 cases documented by CERT are just the tip of the proverbial iceberg, since most cases never see the light of day.
"I've led about 71 major insider threat investigations over the last 12 years, none of which have become public to date," says Paul Williams, director of security services for White Badger Security, a security company in Breinigsville, Pa. "It's often the people in charge who are the problem. Network administrators in charge of the security systems of those companies accounted for about half of all those cases."
Even social networks have become a security threat. "It's really a new vulnerability: Employees talking about products, big contracts, bragging to friends and family on these sites,” says Michael Rustad, codirector of the Intellectual Property Program at Suffolk University Law School in Boston. “Then it turns out to be a violation of a trade secret.”
What's needed is a better awareness of how to lessen the risks, experts say.
Restricting access is vital. The State Department has completely revised its access privileges in the wake of the Manning case. Many observers say he should never have been allowed access to documents he didn’t need for his work.
"Companies need to do a better job with basic security measures as simple as performing background checks on employees and limiting their access to highly sensitive information," says Fernando Pinguelo, a trial lawyer and partner at Norris, McLaughlin & Marcus, specializing in technology law.
Another easy step is monitoring the company computer network activities of fired or demoted employees for at least a month before and after they leave the company, Cappelli notes.
Research has shown gains in automated monitoring to detect insider threats – the accessing of sensitive files by the wrong people or at the wrong time, for instance. But for now, humans are still the best detector.
"Yes, the research is there and automated tools will emerge in due course," writes Shambhu Upadhyaya, a researcher at the University of Buffalo. But today, a "completely automated tool doesn't exist."
Get daily or weekly updates from CSMonitor.com delivered to your inbox. Sign up today.