Although the threat has been present for years, the current scramble to secure networks was spurred into motion by data-leaking organization WikiLeaks and its release of hundreds of thousands of confidential government documents—which were allegedly supplied by an insider, Army intelligence officer Bradley Mannings.
"This outbreak is not surprising or sudden," said James Watts, data protection lead in the Digital Content Protection (DiCOP) product team at PC virtualization company Zinstall , via e-mail.
Watts specializes in internal threat protection, and informs leading defense and financial institutions on the subject. "All these cases have one thing in common—the data was not leaked by a foreign power or malicious hackers breaking into the system," he said. "The source, time after time, is part of the staff, fully authorized to use the secret data."
The insider threat includes a spectrum of individuals who would potentially steal and leak company or federal secrets. They range from disgruntled employees, to the curious hacker, to individuals being paid to steal the information. The insiders are different from hackers who try to break through networks, as insiders already have access and stealing data is as simple as saving it to a CD.
Cyberwars
On Dec. 8, a small-scale cyberwar broke out as black hat hackers retaliated against actions taken by governments and companies against WikiLeaks.
One of the main groups behind the attacks was Operation Payback, a group of hackers that was formed to seek revenge on the crackdown on online piracy. Their attacks targeted websites of companies including Visa and MasterCard, in retaliation against actions against finances through PayPal. The attacks they used were DDoS (Distributed Denial of Service) attacks that overload servers with queries to temporarily disable or shut them down.
At 4 p.m., Anon_Operation, part of Operation Payback, posted to his Twitter account “IT’s DOWN! KEEP FIRING!!!” after the group hit Visa’s website. The form of attack typically doesn’t last long, however, and is the standard used today by black hats (hackers who use their skills to cause harm) when trying to shut down websites.
Despite the buzz around the squabble, insiders pose a much larger concern than groups launching DDoS attacks, since a DDoS attack can usually be defended against. Insiders on the other hand, are much closer to traditional spies and can slip by unnoticed.
Many of the security defense systems currently in place are made to protect against external threats. “They were simply created with a different concept, developed in the early 2000s, with the primary goal of protecting from an external attacker trying to penetrate the system,” Watts said.
Insider Attacks
Insiders have had a relatively easy time getting information from networks. Theft of intellectual property makes up 19 percent of insider attacks, with nearly a quarter of the insiders having been recruited by outsiders, according to a report from the Software Engineering Institute CERT (Computer Emergency Readiness Team) Program.
There are two other main forms of insiders. Insiders who maliciously sabotage a system are typically former employees who damage an organization’s network in revenge, and their actions add up to about 34 percent of insider attacks. Another 39 percent are those who engage in fraud by adding, changing, or deleting company databases. Half of these individuals are recruited, according the report.
Continued on the next page…
