SlideShare a Scribd company logo

Insider Attacks: Theft of Intellectual and Proprietary Data

Download as DOCX, PDF
L
Lindsey Landolfi

The document summarizes insider threats and data theft by employees or contractors. It discusses how insiders pose a major security risk as they have legitimate access to internal networks and data. Several case studies are presented that resulted in large losses of sensitive data and intellectual property. Common motives for insider theft include financial gain, business advantage for a new employer, and espionage. The document also outlines various technical methods insiders could use to steal data, such as installing malware, exploiting system vulnerabilities, and physically copying files. Strong access controls, monitoring of employee behavior, and encryption of sensitive data are recommended to mitigate risks from malicious insiders.

TechnologyNews & Politics
1 of 11
Insider Attacks: Theft 1 Running Head: INSIDER ATTACKS: THEFT Insider Attacks: Theft of Intellectual and Proprietary Data Lindsey Landolfi Towson University Network Security Professor Charles Pak June 2011 1
Insider Attacks: Theft 2 While hacking and malware are major threats responsible for data compromise, the misuse of insider privileges is the leading threat action in 2009. The term insider refers to an individual who has or has had access privileges and is knowledgeable of the organization and its functioning such as employees of the organization, former employees, or contractors. Malicious insider threats are becoming increasingly prevalent. The 2010 Data Breach Investigations Report (DBIR) analyzed a compilation of “900+ breaches, and over 900 million compromised records”, (Verizon RISK Team, 2010, p. 5) their investigation of computer crime revealed that “48% were caused by insiders”. (Verizon RISK Team, 2010, p. 2) That is an approximate 26 percent increase from the previous year. Specifically, the United States Secret Service has observed notable increases of insider threat incidents in their own data breaching cases. As network security is becoming increasingly advanced the threat of internal attacks is a greater concern. Privileged data is much more accessible to insiders in comparison to external attackers; therefore a system is more vulnerable to an organized or sporadic internal malicious incident. The motivations and intentions for theft of intellectual property occur for various reasons. Behavioral catalysts for employee theft range from disgruntle employees who have experienced dissatisfaction with their job or organization, to those employees who possess a sense of entitlement to the data. In some cases encouragement from an external source will persuade an insider to take advantage of their access privileges. “A striking finding is that in over two-thirds of the cases of theft for financial gain, the insider was recruited to steal by someone outside the organization.” (Carnegie Mellon, 2008, p.12) There are numerous incidents when unintentional insider incidents result in damages, but “malicious attacks have surpassed human error for the first time in three years”. (Identity Theft Resource Center, 2010) This paper will specifically address those insiders with malicious 2
Insider Attacks: Theft 3 intentions. Prevalent thievery objective categories include espionage in the government sector, the attempt for business advantage, and for financial gain. The use of proprietary intellectual property can be beneficial in creating a new business or used to coordinate with competition to sell trade secrets for new position; this is the concept supporting the business advantage. Theft for profit typically occurs in the banking and finance sector, a typically example would be fraud. Typically intellectual property theft is either targeted at the organization’s product such as a software system, or specific organization data such as strategic plans or client information. The thievery techniques tend to be different depending on the intentions of the attacker. It is possible for the insider to be a rouge employee for an extended period of time while they slowly steal small amounts of data or they can plan for a major malicious attack that will compromise massive amounts of data and then resign from their position with the company. A recent insider data theft case which is still undergoing investigation resulted in an estimated 10 million dollar loss for Bank of America. An employee had accessed and stolen, "names, addresses, Social Security numbers, phone numbers, bank account numbers, driver's license numbers, birth dates, email addresses, mother's maiden names, PINs and account balances." (Lazarus, 2011) The insider then proceeded to leak out this information to external scammers; the information was then used to execute identity theft fraud. Since insiders are inside of the firewall on the network or their section of the network, they have access via network privileges. If there is a lack of access control it is relatively easy for a malicious insider to exploit their technical access. They can proceed to snoop around the network and discover privileged information much like the Bank of America employee. This case and similar security breaches may have been prevented if a form of encryption was used to secure the customers personal identity information. 3
Insider Attacks: Theft 4 The catastrophic WikiLeaks incident highlights the seriousness of insider breaches. Bradley Manning was a United States military analyst in Iraq who had access to classified information via the secure Secret Internet Protocol Router Network. He disclosed confidential military data to a database driven website called WikiLeaks. WikiLeaks describes their service as an “uncensorable system for untraceable mass document leaking”. (Moss, 2010) The release of a massive cache of sensitive government records has potential to do serious damage to national security. Manning is being charged with delivering secure national defense information including diplomatic cables to an unauthorized source, the illegal transfer of classified data onto a personal device, and for adding unauthorized software onto a classified computer system. Manning explained in an online chat with fellow hackers that "weak servers, weak logging, weak physical security, weak counter-intelligence, inattentive signal analysis"(Dilanian, 2010) made it possible for him to execute the data theft. The evolution of technical infiltration and theft is progressing, insiders are able to exploit their organization specific knowledge and use it to support their technical expertise while executing an attack. Insiders are knowledgeable of the system and are aware of the security holes within it; this makes it easier for them to exploit the vulnerabilities of the system or procedures. Due to their system privileges and supporting knowledge it is reasonable to state that insiders have a higher probability for successfully breaching a system than an external hacker. The following paragraphs will discuss the major alternative techniques and strategies that are possible to execute in an insider theft attack scenario. There are different possible locations where attacks can originate from, for example within the internal system perimeter, remote access, and internet. With insiders it is especially necessary to consider the direct physical security of an authenticated computer network. 4
Insider Attacks: Theft 5 According to a major survey conducted by the U.S. Secret Services and the CERT, “the majority of crimes were committed during normal working hours using authorized access.” (Carnegie Mellon, 2008, p.11) There are many possibilities for an attack to access a secure system. For example, if the data the attacker is attempting to access in on a computer they do not have the password to the attack can use the trust established with co-workers to trick them into providing access to the system. If they can not directly gain access they could verbally pry to learn secrets into getting access to the system, this form of attack is known as social engineering. Social engineering can be as simple as an attacker probing a computer that was left logged on. An attacker who can gain access to a secured machine could quickly install malicious code onto the machine and steal data undetected. An insider may plant malware internally that will shoot to a server on the outside, that way when an unsuspecting user logs in the data outside the company making it harder to trace. The malware can be set on a timer and run behind a program; doing so will make it less likely that the user will notice. The prior knowledge to the organizational programs and procedures that an insider would posses makes it easier to facilitate an attack. Explicit deception will make it more difficult for the organization to suspect or detect the rogue employee. “About a third (34%) of the insiders used deception to hide their plans for the theft of IP.” (Moore, 2009, p.10) This figure may seem lower then expected, but it is important to consider that many insiders especially those who feel a sense of entitlement may not feel it necessary to dissimulate their activities. Address Resolution Protocol poison routing can be use by an insider to attack the local- area network and take or block information. By sending out rouge spoof messages the attacker can associate their MAC address with the IP address of another node, hence any traffic intending 5
Insider Attacks: Theft 6 for the compromised IP address will be forwarded to the attacker instead. The attacker can then choose to forward the information back to the actual node or modify before sending. An insider may choose to passively sniff the data, stealing information they consider valuable. Generally, it is easier to manipulate TCP/IP communication as an insider since they are already within the organizations firewall. Insider could construct, test, plant, and deploy a logic bomb into the system. The malicious function specified in the code of a logic bomb is activated when certain conditions are met inside the network or when commanded by the attacker. A computer programmer can design the logic bomb code to facilitate data theft by having it send proprietary information to unauthorized systems. Logic bombs do not replicate themselves or spread over the network as some other malicious programs do; therefore it is easier to target a specific victim or goal. In a series of case studies conducted by Carnegie Mellon University “an insider prepared for the future release of a logic bomb by systematically centralizing the critical manufacturing programs for his organization onto a single server.” (Band, 2006, p.27) This technique will make the attack easier to execute and result in greater damages. This is form of attack is difficult to detect within the system and it is not necessary for it to be exfiltrated, therefore it is unlikely to identify the attacker through tracing the communication. Certain deployment methods can even be used to frame other employees for example, using a hacked into account of a colleague to commit the attack. It is also plausible for the insider to use their legitimate access to create a backdoor account and then use this account to plant and deploy the bomb or other malicious code. A backdoor account is an unauthorized account that has been created by the attacker and is unknown to the operators of the system. Another illegitimate system access path is the use of 6
Insider Attacks: Theft 7 disregarded inactive accounts. It is also possible to search for and use old password files that may have been created during a system backup that are now forgotten in the system storage. There are many circumstances where the attacker held a position at an institution with full data access privileges, a malicious insider can simply copy proprietary files onto CD or USB. This is one of the techniques used by Bradley Manning in the WikiLeaks incident. At that time workers were permitted to use CD or other media for data transfer among the computer system, Manning explained that he "would come in with music on a CD-RW labeled with something like ' Lady Gaga' … erase the music … then write a compressed split file. No one suspected a thing." (Dilanian, 2010) Damages resulting from insider theft are vast ranging from monetary repercussions, to operational impacts, to reputation hindrance. High profile infrastructures tend to suffer greater reputational damages due to the massive public exposure. Countermeasures enable organizations to minimize risk and potential losses due to insiders. Compliance to prevention techniques such as an auditing system will have a positive effect on security efforts. Finally, it is vital to be observant of employees, there are often technical and behavioral violations exhibited by malicious insiders such as testing after work hours that could have indicated a potential theft attack. 7
Insider Attacks: Theft 8 References 2008 CERT Research Annual Report, Carnegie Mellon University Software Engineering Institute and U.S. Department of Defense and CERT (2008) http://www.cert.org/research/2008research-report.pdf. 2010 Verizon Data Breach Investigations Report, Verizon RISK Team in cooperation with the United States Secret Service (2010) http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach- report_en_xg.pdf Band, S. R., Cappelli, D. M., Fischer, L. F., Moore, A. P., Shaw, E. D., & Trzeciak, R. F. Comparing insider IT sabotage and espionage: a model-based analysis. Technical Report, Carnegie Mellon University, Software Engineering Institute (2006) www.cert.org/archive/pdf/06tr026.pdf Dilanian, K. (2010, December 4). Leaks may clog up anti-terrorism intelligence sharing. Los Angeles Times. Retrieved from http://articles.latimes.com/2010/dec/04/nation/la-na- wikileaks-siprnet-20101205/2 Franqueira, V.N.L., van Eck, P.: Defense against insider threat: a framework for gathering goal-based requirements. Technical Report TR-CTIT-06-75, University of Twente (2006) http://eprints.eemcs.utwente.nl/9615/01/EMMSAD07_TR_v2.pdf. Identity Theft Resource Center. (2010, January 8). Data breaches: the insanity continues. Retrieved June 10, 2010, from http://www.idtheftcenter.org/artman2/publish/lib_survey/Breaches_2009.shtml Lazarus, D. (2011, May 24). Bank of America data leak destroys trust. Los Angeles Times. Retrieved from http://www.latimes.com/business/la-fi-lazarus- 20110524,0,3701056,full.column Moore, A.P., Cappelli, D.M., Caron, T.C. Shaw, E.D. and Trzeciak, R.F. Insider theft of intellectual property for business advantage: A Preliminary Model. paper delivered at The First Workshop on Managing Insider Security Threats, Purdue University (2009) www.cert.org/archive/pdf/11tn013.pdf Moss, S. (2010, July 14). Julian Assange: the whistleblower. Retrieved from guardian.co.uk home website: http://www.guardian.co.uk/media/2010/jul/14/julian-assange- whistleblower-wikileaks 8
Insider Attacks: Theft 9 Appendix A - Tree structures of attack strategies Pre-attack tree structure Gain access tree structure 9
Insider Attacks: Theft 10 Abuse access tree structure Abuse access tree structure Franqueira, V.N.L., van Eck, P.: Defense against insider threat: a framework for gathering goal- based requirements. Technical Report TR-CTIT-06-75, University of Twente (2006) http://eprints.eemcs.utwente.nl/9615/. 10
Insider Attacks: Theft 11 11

Recommended

Introduction to Ethical Hacking
Introduction to Ethical HackingIntroduction to Ethical Hacking
Introduction to Ethical Hacking
Kevin Chakre
 
SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15
haney888
 
The Evolving Landscape on Information Security
The Evolving Landscape on Information SecurityThe Evolving Landscape on Information Security
The Evolving Landscape on Information Security
Simoun Ung
 
3 f6 security
3 f6 security3 f6 security
3 f6 security
op205
 
An overview study on cyber crimes in internet
An overview study on cyber crimes in internetAn overview study on cyber crimes in internet
An overview study on cyber crimes in internet
Alexander Decker
 
220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?
Spire Research and Consulting
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security Protection
Shawn Crimson
 
CyberCrime attacks on Small Businesses
CyberCrime attacks on Small BusinessesCyberCrime attacks on Small Businesses
CyberCrime attacks on Small Businesses
Jose L. Quiñones-Borrero
 

Recommended

Introduction to Ethical Hacking
Introduction to Ethical HackingIntroduction to Ethical Hacking
Introduction to Ethical Hacking
Kevin Chakre
 
SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15
haney888
 
The Evolving Landscape on Information Security
The Evolving Landscape on Information SecurityThe Evolving Landscape on Information Security
The Evolving Landscape on Information Security
Simoun Ung
 
3 f6 security
3 f6 security3 f6 security
3 f6 security
op205
 
An overview study on cyber crimes in internet
An overview study on cyber crimes in internetAn overview study on cyber crimes in internet
An overview study on cyber crimes in internet
Alexander Decker
 
220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?
Spire Research and Consulting
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security Protection
Shawn Crimson
 
CyberCrime attacks on Small Businesses
CyberCrime attacks on Small BusinessesCyberCrime attacks on Small Businesses
CyberCrime attacks on Small Businesses
Jose L. Quiñones-Borrero
 
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Andrea Rossetti
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
IOSR Journals
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
Ahmad Sharifi
 
Hacking presentation
Hacking presentationHacking presentation
Hacking presentation
dineshgarhwal77
 
Customer Involvement in Phishing Defence
Customer Involvement in Phishing DefenceCustomer Involvement in Phishing Defence
Customer Involvement in Phishing Defence
Jordan Schroeder
 
C018131821
C018131821C018131821
C018131821
IOSR Journals
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber security
AdvAbdulMueedAhmad
 
7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank
shreemala1
 
Iaetsd cyber crimeand
Iaetsd cyber crimeandIaetsd cyber crimeand
Iaetsd cyber crimeand
Iaetsd Iaetsd
 
CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?
RONIKMEHRA
 
Cyber security and threats
Cyber security and threatsCyber security and threats
Cyber security and threats
Harsh Kumar
 
Top 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in BankingTop 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in Banking
Seqrite
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
Sonu Sunaliya
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
kailash shaw
 
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
IJNSA Journal
 
Cybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftCybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Intellias
 
Case Study of RSA Data Breach
Case Study of RSA Data BreachCase Study of RSA Data Breach
Case Study of RSA Data Breach
Kunal Sharma
 
5 Cybersecurity threats in Public Sector
5 Cybersecurity threats in Public Sector5 Cybersecurity threats in Public Sector
5 Cybersecurity threats in Public Sector
Seqrite
 
Top 5 Cybersecurity Threats in Retail Industry
Top 5 Cybersecurity Threats in Retail IndustryTop 5 Cybersecurity Threats in Retail Industry
Top 5 Cybersecurity Threats in Retail Industry
Seqrite
 
[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world
Seqrite
 
fault injection in operating systems
fault injection in operating systemsfault injection in operating systems
fault injection in operating systems
Lukas Pirl
 
Mobile binary code - Attack Tree and Mitigation
Mobile binary code - Attack Tree and MitigationMobile binary code - Attack Tree and Mitigation
Mobile binary code - Attack Tree and Mitigation
Sunil Paudel
 

More Related Content

What's hot

Customer Involvement in Phishing Defence
Customer Involvement in Phishing DefenceCustomer Involvement in Phishing Defence
Customer Involvement in Phishing Defence
Jordan Schroeder
 
7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank
shreemala1
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
Sonu Sunaliya
 
Case Study of RSA Data Breach
Case Study of RSA Data BreachCase Study of RSA Data Breach
Case Study of RSA Data Breach
Kunal Sharma
 

What's hot (20)

Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
 
Hacking presentation
Hacking presentationHacking presentation
Hacking presentation
 
Customer Involvement in Phishing Defence
Customer Involvement in Phishing DefenceCustomer Involvement in Phishing Defence
Customer Involvement in Phishing Defence
 
C018131821
C018131821C018131821
C018131821
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber security
 
7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank
 
Iaetsd cyber crimeand
Iaetsd cyber crimeandIaetsd cyber crimeand
Iaetsd cyber crimeand
 
CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?
 
Cyber security and threats
Cyber security and threatsCyber security and threats
Cyber security and threats
 
Top 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in BankingTop 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in Banking
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
 
Cybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftCybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
Cybersecurity Challenges in Retail 2020: How to Prevent Retail Theft
 
Case Study of RSA Data Breach
Case Study of RSA Data BreachCase Study of RSA Data Breach
Case Study of RSA Data Breach
 
5 Cybersecurity threats in Public Sector
5 Cybersecurity threats in Public Sector5 Cybersecurity threats in Public Sector
5 Cybersecurity threats in Public Sector
 
Top 5 Cybersecurity Threats in Retail Industry
Top 5 Cybersecurity Threats in Retail IndustryTop 5 Cybersecurity Threats in Retail Industry
Top 5 Cybersecurity Threats in Retail Industry
 
[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world
 

Viewers also liked

Het veld, feit of fictie
Het veld, feit of fictieHet veld, feit of fictie
Het veld, feit of fictie
MindConsult
 
Towson University: COOP: Conduct of Classes During Campus Closings
Towson University: COOP: Conduct of Classes During Campus ClosingsTowson University: COOP: Conduct of Classes During Campus Closings
Towson University: COOP: Conduct of Classes During Campus Closings
Lindsey Landolfi
 
GT Presentation
GT PresentationGT Presentation
GT Presentation
joellewong
 
Nether Poppleton by Esme
Nether Poppleton by EsmeNether Poppleton by Esme
Nether Poppleton by Esme
helensavage1979
 

Viewers also liked (20)

fault injection in operating systems
fault injection in operating systemsfault injection in operating systems
fault injection in operating systems
 
Mobile binary code - Attack Tree and Mitigation
Mobile binary code - Attack Tree and MitigationMobile binary code - Attack Tree and Mitigation
Mobile binary code - Attack Tree and Mitigation
 
Hardware hacking 101
Hardware hacking 101Hardware hacking 101
Hardware hacking 101
 
Hardware Reverse Engineering: From Boot to Root
Hardware Reverse Engineering: From Boot to RootHardware Reverse Engineering: From Boot to Root
Hardware Reverse Engineering: From Boot to Root
 
Het veld, feit of fictie
Het veld, feit of fictieHet veld, feit of fictie
Het veld, feit of fictie
 
CB3 Facilities and Agenda
CB3 Facilities and AgendaCB3 Facilities and Agenda
CB3 Facilities and Agenda
 
Presentatie iPad project Onderwijskunde UU
Presentatie iPad project Onderwijskunde UUPresentatie iPad project Onderwijskunde UU
Presentatie iPad project Onderwijskunde UU
 
#IoTuesday 2014 Highlights
#IoTuesday 2014 Highlights#IoTuesday 2014 Highlights
#IoTuesday 2014 Highlights
 
KONTRAKTOR PEREDAM SUARA STUDIO MUSIK
KONTRAKTOR PEREDAM SUARA STUDIO MUSIKKONTRAKTOR PEREDAM SUARA STUDIO MUSIK
KONTRAKTOR PEREDAM SUARA STUDIO MUSIK
 
Tavola Rotonda: Disruption dei confini di settore e sfide per la Loyalty
Tavola Rotonda: Disruption dei confini di settore e sfide per la LoyaltyTavola Rotonda: Disruption dei confini di settore e sfide per la Loyalty
Tavola Rotonda: Disruption dei confini di settore e sfide per la Loyalty
 
An empirical study of how chinese graduate student
An empirical study of how chinese graduate studentAn empirical study of how chinese graduate student
An empirical study of how chinese graduate student
 
Polariteiten - van Monoloog naar Dialoog
Polariteiten - van Monoloog naar DialoogPolariteiten - van Monoloog naar Dialoog
Polariteiten - van Monoloog naar Dialoog
 
Towson University: COOP: Conduct of Classes During Campus Closings
Towson University: COOP: Conduct of Classes During Campus ClosingsTowson University: COOP: Conduct of Classes During Campus Closings
Towson University: COOP: Conduct of Classes During Campus Closings
 
E-commerce Security
E-commerce SecurityE-commerce Security
E-commerce Security
 
GT Presentation
GT PresentationGT Presentation
GT Presentation
 
How to publish your Art book with blurb
How to publish your Art book with blurbHow to publish your Art book with blurb
How to publish your Art book with blurb
 
Crescita e crisi: lo scenario macroeconomico
Crescita e crisi: lo scenario macroeconomicoCrescita e crisi: lo scenario macroeconomico
Crescita e crisi: lo scenario macroeconomico
 
Angels in need of love
Angels in need of loveAngels in need of love
Angels in need of love
 
Sbobet
SbobetSbobet
Sbobet
 
Nether Poppleton by Esme
Nether Poppleton by EsmeNether Poppleton by Esme
Nether Poppleton by Esme
 

Similar to Insider Attacks: Theft of Intellectual and Proprietary Data

ryan harris a day ago 404 wordsWhile I feel that any of the .docx
ryan harris a day ago 404 wordsWhile I feel that any of the .docxryan harris a day ago 404 wordsWhile I feel that any of the .docx
ryan harris a day ago 404 wordsWhile I feel that any of the .docx
gemaherd
 
Assignment 2 LASA 2 Submissions AssignmentThis assignment .docx
Assignment 2 LASA 2 Submissions AssignmentThis assignment .docxAssignment 2 LASA 2 Submissions AssignmentThis assignment .docx
Assignment 2 LASA 2 Submissions AssignmentThis assignment .docx
annrodgerson
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
alinainglis
 
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxThe uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
arnoldmeredith47041
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
24sneha
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
banerjeea
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber security
Andrea Rossetti
 

Similar to Insider Attacks: Theft of Intellectual and Proprietary Data (20)

IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-EgbulemIT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
 
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
 
A Survey On Cyber Crime Information Security
A Survey On Cyber Crime Information SecurityA Survey On Cyber Crime Information Security
A Survey On Cyber Crime Information Security
 
ryan harris a day ago 404 wordsWhile I feel that any of the .docx
ryan harris a day ago 404 wordsWhile I feel that any of the .docxryan harris a day ago 404 wordsWhile I feel that any of the .docx
ryan harris a day ago 404 wordsWhile I feel that any of the .docx
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Assignment 2 LASA 2 Submissions AssignmentThis assignment .docx
Assignment 2 LASA 2 Submissions AssignmentThis assignment .docxAssignment 2 LASA 2 Submissions AssignmentThis assignment .docx
Assignment 2 LASA 2 Submissions AssignmentThis assignment .docx
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
 
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxThe uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cyber Crimes.pptx
Cyber Crimes.pptxCyber Crimes.pptx
Cyber Crimes.pptx
 
Phishing and hacking
Phishing and hackingPhishing and hacking
Phishing and hacking
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
 
A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.com
 
Combating Phishing Attacks
Combating Phishing AttacksCombating Phishing Attacks
Combating Phishing Attacks
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber security
 
7 Major Types of Cyber Security Threats.pdf
7 Major Types of Cyber Security Threats.pdf7 Major Types of Cyber Security Threats.pdf
7 Major Types of Cyber Security Threats.pdf
 
Computer hacking
Computer hackingComputer hacking
Computer hacking
 

More from Lindsey Landolfi

Department of Defense, U.S. Northern Command, National Guard, and Defense Su...
Department of Defense, U.S. Northern Command, National Guard, and Defense Su...Department of Defense, U.S. Northern Command, National Guard, and Defense Su...
Department of Defense, U.S. Northern Command, National Guard, and Defense Su...
Lindsey Landolfi
 
Proactive vs. Reactive Approaches to Software Security Strategy
Proactive vs. Reactive Approaches to Software Security StrategyProactive vs. Reactive Approaches to Software Security Strategy
Proactive vs. Reactive Approaches to Software Security Strategy
Lindsey Landolfi
 
US Government Software Assurance and Security Initiativesi
US Government Software Assurance and Security InitiativesiUS Government Software Assurance and Security Initiativesi
US Government Software Assurance and Security Initiativesi
Lindsey Landolfi
 
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
Lindsey Landolfi
 
The Integration of Geospatial Technologies: GIS and GPS
The Integration of Geospatial Technologies: GIS and GPS The Integration of Geospatial Technologies: GIS and GPS
The Integration of Geospatial Technologies: GIS and GPS
Lindsey Landolfi
 
Nuclear Reactors, Materials, and Waste CIKR Sector: Case Study of the Nuclea...
Nuclear Reactors, Materials, and Waste CIKR Sector: Case Study of the Nuclea...Nuclear Reactors, Materials, and Waste CIKR Sector: Case Study of the Nuclea...
Nuclear Reactors, Materials, and Waste CIKR Sector: Case Study of the Nuclea...
Lindsey Landolfi
 
Nuclear Reactors, Materials, and Waste CIKR Sector: Case Study of the Nuclea...
Nuclear Reactors, Materials, and Waste CIKR Sector: Case Study of the Nuclea...Nuclear Reactors, Materials, and Waste CIKR Sector: Case Study of the Nuclea...
Nuclear Reactors, Materials, and Waste CIKR Sector: Case Study of the Nuclea...
Lindsey Landolfi
 
Generic College: Crisis Communication Plan
Generic College: Crisis Communication PlanGeneric College: Crisis Communication Plan
Generic College: Crisis Communication Plan
Lindsey Landolfi
 

More from Lindsey Landolfi (8)

Department of Defense, U.S. Northern Command, National Guard, and Defense Su...
Department of Defense, U.S. Northern Command, National Guard, and Defense Su...Department of Defense, U.S. Northern Command, National Guard, and Defense Su...
Department of Defense, U.S. Northern Command, National Guard, and Defense Su...
 
Proactive vs. Reactive Approaches to Software Security Strategy
Proactive vs. Reactive Approaches to Software Security StrategyProactive vs. Reactive Approaches to Software Security Strategy
Proactive vs. Reactive Approaches to Software Security Strategy
 
US Government Software Assurance and Security Initiativesi
US Government Software Assurance and Security InitiativesiUS Government Software Assurance and Security Initiativesi
US Government Software Assurance and Security Initiativesi
 
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
 
The Integration of Geospatial Technologies: GIS and GPS
The Integration of Geospatial Technologies: GIS and GPS The Integration of Geospatial Technologies: GIS and GPS
The Integration of Geospatial Technologies: GIS and GPS
 
Nuclear Reactors, Materials, and Waste CIKR Sector: Case Study of the Nuclea...
Nuclear Reactors, Materials, and Waste CIKR Sector: Case Study of the Nuclea...Nuclear Reactors, Materials, and Waste CIKR Sector: Case Study of the Nuclea...
Nuclear Reactors, Materials, and Waste CIKR Sector: Case Study of the Nuclea...
 
Nuclear Reactors, Materials, and Waste CIKR Sector: Case Study of the Nuclea...
Nuclear Reactors, Materials, and Waste CIKR Sector: Case Study of the Nuclea...Nuclear Reactors, Materials, and Waste CIKR Sector: Case Study of the Nuclea...
Nuclear Reactors, Materials, and Waste CIKR Sector: Case Study of the Nuclea...
 
Generic College: Crisis Communication Plan
Generic College: Crisis Communication PlanGeneric College: Crisis Communication Plan
Generic College: Crisis Communication Plan
 

Recently uploaded

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Recently uploaded (20)

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 

Insider Attacks: Theft of Intellectual and Proprietary Data

  • 1. Insider Attacks: Theft 1 Running Head: INSIDER ATTACKS: THEFT Insider Attacks: Theft of Intellectual and Proprietary Data Lindsey Landolfi Towson University Network Security Professor Charles Pak June 2011 1
  • 2. Insider Attacks: Theft 2 While hacking and malware are major threats responsible for data compromise, the misuse of insider privileges is the leading threat action in 2009. The term insider refers to an individual who has or has had access privileges and is knowledgeable of the organization and its functioning such as employees of the organization, former employees, or contractors. Malicious insider threats are becoming increasingly prevalent. The 2010 Data Breach Investigations Report (DBIR) analyzed a compilation of “900+ breaches, and over 900 million compromised records”, (Verizon RISK Team, 2010, p. 5) their investigation of computer crime revealed that “48% were caused by insiders”. (Verizon RISK Team, 2010, p. 2) That is an approximate 26 percent increase from the previous year. Specifically, the United States Secret Service has observed notable increases of insider threat incidents in their own data breaching cases. As network security is becoming increasingly advanced the threat of internal attacks is a greater concern. Privileged data is much more accessible to insiders in comparison to external attackers; therefore a system is more vulnerable to an organized or sporadic internal malicious incident. The motivations and intentions for theft of intellectual property occur for various reasons. Behavioral catalysts for employee theft range from disgruntle employees who have experienced dissatisfaction with their job or organization, to those employees who possess a sense of entitlement to the data. In some cases encouragement from an external source will persuade an insider to take advantage of their access privileges. “A striking finding is that in over two-thirds of the cases of theft for financial gain, the insider was recruited to steal by someone outside the organization.” (Carnegie Mellon, 2008, p.12) There are numerous incidents when unintentional insider incidents result in damages, but “malicious attacks have surpassed human error for the first time in three years”. (Identity Theft Resource Center, 2010) This paper will specifically address those insiders with malicious 2
  • 3. Insider Attacks: Theft 3 intentions. Prevalent thievery objective categories include espionage in the government sector, the attempt for business advantage, and for financial gain. The use of proprietary intellectual property can be beneficial in creating a new business or used to coordinate with competition to sell trade secrets for new position; this is the concept supporting the business advantage. Theft for profit typically occurs in the banking and finance sector, a typically example would be fraud. Typically intellectual property theft is either targeted at the organization’s product such as a software system, or specific organization data such as strategic plans or client information. The thievery techniques tend to be different depending on the intentions of the attacker. It is possible for the insider to be a rouge employee for an extended period of time while they slowly steal small amounts of data or they can plan for a major malicious attack that will compromise massive amounts of data and then resign from their position with the company. A recent insider data theft case which is still undergoing investigation resulted in an estimated 10 million dollar loss for Bank of America. An employee had accessed and stolen, "names, addresses, Social Security numbers, phone numbers, bank account numbers, driver's license numbers, birth dates, email addresses, mother's maiden names, PINs and account balances." (Lazarus, 2011) The insider then proceeded to leak out this information to external scammers; the information was then used to execute identity theft fraud. Since insiders are inside of the firewall on the network or their section of the network, they have access via network privileges. If there is a lack of access control it is relatively easy for a malicious insider to exploit their technical access. They can proceed to snoop around the network and discover privileged information much like the Bank of America employee. This case and similar security breaches may have been prevented if a form of encryption was used to secure the customers personal identity information. 3
  • 4. Insider Attacks: Theft 4 The catastrophic WikiLeaks incident highlights the seriousness of insider breaches. Bradley Manning was a United States military analyst in Iraq who had access to classified information via the secure Secret Internet Protocol Router Network. He disclosed confidential military data to a database driven website called WikiLeaks. WikiLeaks describes their service as an “uncensorable system for untraceable mass document leaking”. (Moss, 2010) The release of a massive cache of sensitive government records has potential to do serious damage to national security. Manning is being charged with delivering secure national defense information including diplomatic cables to an unauthorized source, the illegal transfer of classified data onto a personal device, and for adding unauthorized software onto a classified computer system. Manning explained in an online chat with fellow hackers that "weak servers, weak logging, weak physical security, weak counter-intelligence, inattentive signal analysis"(Dilanian, 2010) made it possible for him to execute the data theft. The evolution of technical infiltration and theft is progressing, insiders are able to exploit their organization specific knowledge and use it to support their technical expertise while executing an attack. Insiders are knowledgeable of the system and are aware of the security holes within it; this makes it easier for them to exploit the vulnerabilities of the system or procedures. Due to their system privileges and supporting knowledge it is reasonable to state that insiders have a higher probability for successfully breaching a system than an external hacker. The following paragraphs will discuss the major alternative techniques and strategies that are possible to execute in an insider theft attack scenario. There are different possible locations where attacks can originate from, for example within the internal system perimeter, remote access, and internet. With insiders it is especially necessary to consider the direct physical security of an authenticated computer network. 4
  • 5. Insider Attacks: Theft 5 According to a major survey conducted by the U.S. Secret Services and the CERT, “the majority of crimes were committed during normal working hours using authorized access.” (Carnegie Mellon, 2008, p.11) There are many possibilities for an attack to access a secure system. For example, if the data the attacker is attempting to access in on a computer they do not have the password to the attack can use the trust established with co-workers to trick them into providing access to the system. If they can not directly gain access they could verbally pry to learn secrets into getting access to the system, this form of attack is known as social engineering. Social engineering can be as simple as an attacker probing a computer that was left logged on. An attacker who can gain access to a secured machine could quickly install malicious code onto the machine and steal data undetected. An insider may plant malware internally that will shoot to a server on the outside, that way when an unsuspecting user logs in the data outside the company making it harder to trace. The malware can be set on a timer and run behind a program; doing so will make it less likely that the user will notice. The prior knowledge to the organizational programs and procedures that an insider would posses makes it easier to facilitate an attack. Explicit deception will make it more difficult for the organization to suspect or detect the rogue employee. “About a third (34%) of the insiders used deception to hide their plans for the theft of IP.” (Moore, 2009, p.10) This figure may seem lower then expected, but it is important to consider that many insiders especially those who feel a sense of entitlement may not feel it necessary to dissimulate their activities. Address Resolution Protocol poison routing can be use by an insider to attack the local- area network and take or block information. By sending out rouge spoof messages the attacker can associate their MAC address with the IP address of another node, hence any traffic intending 5
  • 6. Insider Attacks: Theft 6 for the compromised IP address will be forwarded to the attacker instead. The attacker can then choose to forward the information back to the actual node or modify before sending. An insider may choose to passively sniff the data, stealing information they consider valuable. Generally, it is easier to manipulate TCP/IP communication as an insider since they are already within the organizations firewall. Insider could construct, test, plant, and deploy a logic bomb into the system. The malicious function specified in the code of a logic bomb is activated when certain conditions are met inside the network or when commanded by the attacker. A computer programmer can design the logic bomb code to facilitate data theft by having it send proprietary information to unauthorized systems. Logic bombs do not replicate themselves or spread over the network as some other malicious programs do; therefore it is easier to target a specific victim or goal. In a series of case studies conducted by Carnegie Mellon University “an insider prepared for the future release of a logic bomb by systematically centralizing the critical manufacturing programs for his organization onto a single server.” (Band, 2006, p.27) This technique will make the attack easier to execute and result in greater damages. This is form of attack is difficult to detect within the system and it is not necessary for it to be exfiltrated, therefore it is unlikely to identify the attacker through tracing the communication. Certain deployment methods can even be used to frame other employees for example, using a hacked into account of a colleague to commit the attack. It is also plausible for the insider to use their legitimate access to create a backdoor account and then use this account to plant and deploy the bomb or other malicious code. A backdoor account is an unauthorized account that has been created by the attacker and is unknown to the operators of the system. Another illegitimate system access path is the use of 6
  • 7. Insider Attacks: Theft 7 disregarded inactive accounts. It is also possible to search for and use old password files that may have been created during a system backup that are now forgotten in the system storage. There are many circumstances where the attacker held a position at an institution with full data access privileges, a malicious insider can simply copy proprietary files onto CD or USB. This is one of the techniques used by Bradley Manning in the WikiLeaks incident. At that time workers were permitted to use CD or other media for data transfer among the computer system, Manning explained that he "would come in with music on a CD-RW labeled with something like ' Lady Gaga' … erase the music … then write a compressed split file. No one suspected a thing." (Dilanian, 2010) Damages resulting from insider theft are vast ranging from monetary repercussions, to operational impacts, to reputation hindrance. High profile infrastructures tend to suffer greater reputational damages due to the massive public exposure. Countermeasures enable organizations to minimize risk and potential losses due to insiders. Compliance to prevention techniques such as an auditing system will have a positive effect on security efforts. Finally, it is vital to be observant of employees, there are often technical and behavioral violations exhibited by malicious insiders such as testing after work hours that could have indicated a potential theft attack. 7
  • 8. Insider Attacks: Theft 8 References 2008 CERT Research Annual Report, Carnegie Mellon University Software Engineering Institute and U.S. Department of Defense and CERT (2008) http://www.cert.org/research/2008research-report.pdf. 2010 Verizon Data Breach Investigations Report, Verizon RISK Team in cooperation with the United States Secret Service (2010) http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach- report_en_xg.pdf Band, S. R., Cappelli, D. M., Fischer, L. F., Moore, A. P., Shaw, E. D., & Trzeciak, R. F. Comparing insider IT sabotage and espionage: a model-based analysis. Technical Report, Carnegie Mellon University, Software Engineering Institute (2006) www.cert.org/archive/pdf/06tr026.pdf Dilanian, K. (2010, December 4). Leaks may clog up anti-terrorism intelligence sharing. Los Angeles Times. Retrieved from http://articles.latimes.com/2010/dec/04/nation/la-na- wikileaks-siprnet-20101205/2 Franqueira, V.N.L., van Eck, P.: Defense against insider threat: a framework for gathering goal-based requirements. Technical Report TR-CTIT-06-75, University of Twente (2006) http://eprints.eemcs.utwente.nl/9615/01/EMMSAD07_TR_v2.pdf. Identity Theft Resource Center. (2010, January 8). Data breaches: the insanity continues. Retrieved June 10, 2010, from http://www.idtheftcenter.org/artman2/publish/lib_survey/Breaches_2009.shtml Lazarus, D. (2011, May 24). Bank of America data leak destroys trust. Los Angeles Times. Retrieved from http://www.latimes.com/business/la-fi-lazarus- 20110524,0,3701056,full.column Moore, A.P., Cappelli, D.M., Caron, T.C. Shaw, E.D. and Trzeciak, R.F. Insider theft of intellectual property for business advantage: A Preliminary Model. paper delivered at The First Workshop on Managing Insider Security Threats, Purdue University (2009) www.cert.org/archive/pdf/11tn013.pdf Moss, S. (2010, July 14). Julian Assange: the whistleblower. Retrieved from guardian.co.uk home website: http://www.guardian.co.uk/media/2010/jul/14/julian-assange- whistleblower-wikileaks 8
  • 9. Insider Attacks: Theft 9 Appendix A - Tree structures of attack strategies Pre-attack tree structure Gain access tree structure 9
  • 10. Insider Attacks: Theft 10 Abuse access tree structure Abuse access tree structure Franqueira, V.N.L., van Eck, P.: Defense against insider threat: a framework for gathering goal- based requirements. Technical Report TR-CTIT-06-75, University of Twente (2006) http://eprints.eemcs.utwente.nl/9615/. 10