Amid Cyberattacks, Insider Threats Targeted as Information Wars Begin to Rage

The information wars have begun, and the insider threat is a key target of governments and businesses, alike.
Amid Cyberattacks, Insider Threats Targeted as Information Wars Begin to Rage
Joshua Philipp
12/8/2010
Updated:
10/1/2015
<a><img src="https://www.theepochtimes.com/assets/uploads/2015/09/OperationPaybackTwitter.jpg" alt="BLACK HATS: A screenshot of Anon Operation Twitter feed, just before it were shut down by Twitter. The Twitter feed represented Operation Payback, a group that launched cyber attacks against Mastercard and Visa on Dec. 8. (Screenshot of twitter.com)" title="BLACK HATS: A screenshot of Anon Operation Twitter feed, just before it were shut down by Twitter. The Twitter feed represented Operation Payback, a group that launched cyber attacks against Mastercard and Visa on Dec. 8. (Screenshot of twitter.com)" width="320" class="size-medium wp-image-1811121"/></a>
BLACK HATS: A screenshot of Anon Operation Twitter feed, just before it were shut down by Twitter. The Twitter feed represented Operation Payback, a group that launched cyber attacks against Mastercard and Visa on Dec. 8. (Screenshot of twitter.com)
The information wars have begun, and the insider threat is a key target of governments and businesses, alike.

Although the threat has been present for years, the current scramble to secure networks was spurred into motion by data-leaking organization WikiLeaks and its release of hundreds of thousands of confidential government documents—which were allegedly supplied by an insider, Army intelligence officer Bradley Mannings.

“This outbreak is not surprising or sudden,” said James Watts, data protection lead in the Digital Content Protection (DiCOP) product team at PC virtualization company Zinstall , via e-mail.

Watts specializes in internal threat protection, and informs leading defense and financial institutions on the subject. “All these cases have one thing in common—the data was not leaked by a foreign power or malicious hackers breaking into the system,” he said. “The source, time after time, is part of the staff, fully authorized to use the secret data.”

The insider threat includes a spectrum of individuals who would potentially steal and leak company or federal secrets. They range from disgruntled employees, to the curious hacker, to individuals being paid to steal the information. The insiders are different from hackers who try to break through networks, as insiders already have access and stealing data is as simple as saving it to a CD.

Cyberwars


On Dec. 8, a small-scale cyberwar broke out as black hat hackers retaliated against actions taken by governments and companies against WikiLeaks.

One of the main groups behind the attacks was Operation Payback, a group of hackers that was formed to seek revenge on the crackdown on online piracy. Their attacks targeted websites of companies including Visa and MasterCard, in retaliation against actions against finances through PayPal. The attacks they used were DDoS (Distributed Denial of Service) attacks that overload servers with queries to temporarily disable or shut them down.

At 4 p.m., Anon_Operation, part of Operation Payback, posted to his Twitter account “IT’s DOWN! KEEP FIRING!!!” after the group hit Visa’s website. The form of attack typically doesn’t last long, however, and is the standard used today by black hats (hackers who use their skills to cause harm) when trying to shut down websites.

Despite the buzz around the squabble, insiders pose a much larger concern than groups launching DDoS attacks, since a DDoS attack can usually be defended against. Insiders on the other hand, are much closer to traditional spies and can slip by unnoticed.

Many of the security defense systems currently in place are made to protect against external threats. “They were simply created with a different concept, developed in the early 2000s, with the primary goal of protecting from an external attacker trying to penetrate the system,” Watts said.

Insider Attacks


Insiders have had a relatively easy time getting information from networks. Theft of intellectual property makes up 19 percent of insider attacks, with nearly a quarter of the insiders having been recruited by outsiders, according to a report from the Software Engineering Institute CERT (Computer Emergency Readiness Team) Program.

There are two other main forms of insiders. Insiders who maliciously sabotage a system are typically former employees who damage an organization’s network in revenge, and their actions add up to about 34 percent of insider attacks. Another 39 percent are those who engage in fraud by adding, changing, or deleting company databases. Half of these individuals are recruited, according the report.

Continued on the next page...


“The overwhelming majority (about 75 percent) of Americans arrested for espionage during the past 20 years, and who had security clearance, were either volunteers who took the initiative in contacting a foreign intelligence service or were recruited by a close American friend who had volunteered to a foreign intelligence service,” states a report from Richards J. Heuer Jr. from the DSS/Security Research Center.

“The world is in the midst of an information revolution that many believe will have as far reaching an impact on politics, economics, and culture as that of the industrial revolution,” the report states. “It is surely affecting the manner in which nation states and other international actors compete economically as well as militarily, including the role of espionage in international competition and conflict.”

In the days before (and similar sites that are emerging), these individuals had only a small audience, and limited options, when it came to making their stolen information available. The Internet has entered a new age, however, and has sent federal IT professionals scrambling for ways to guard system information—and solutions have already begun to appear.

Watts is currently working on one such program, the DiCOP system, developed by Zinstall . The program makes documents and content only viewable on its designated networks. “If the user takes confidential files on a USB drive and tries to access them unauthorized—the files will simply not contain any information at all,” Watts said.

The government is also developing its own technology. DARPA, the research and development office of the Department of Defense, has one such project underway, known as CINDER.

The CINDER program is among the first government programs to eliminate the insider threat, following the post. The threat to the private Internet is minimal, however, as it’s focus is on government and military networks.

According to a DARPA report on CINDER, it aims to detect insider threat activity within government and military interest systems and networks.

The program “starts with the premise that most systems and networks have already been compromised“ and ”does not focus on intrusion prevention, but instead seeks to identify ongoing missions at various points in their lifecycles with extremely high confidence and without false alarms,” states a DARPA report on CINDER.

By using “novel approaches,” it aims to “impede the ability of adversaries to operate undetected within government and military interest networks,” the report states.

“Is the situation hopeless? The answer is no, it isn’t,” Watts said. “The key to the solution is changing the overall approach. Existing systems are built to fight past wars, not the war that has now begun—defending digital data from an internal threat.”
Joshua Philipp is an award-winning investigative reporter with The Epoch Times and host of EpochTV's "Crossroads" program. He is a recognized expert on unrestricted warfare, asymmetrical hybrid warfare, subversion, and historical perspectives on today’s issues. His 10-plus years of research and investigations on the Chinese Communist Party, subversion, and related topics give him unique insight into the global threat and political landscape.
twitter
Related Topics