The following blog entry is a guest post by Dawn Capelli of CERT. As a preview to her Thursday technical session, Dawn shares her thoughts on insider threat.
Since I was a software engineer prior to joining the CERT Program in the SEI in 2001, it is enjoyable for me to go back to my roots at SEPG. I am now Technical Manager of the CERT Insider Threat Center, and have been working on the insider threat problem for the past ten years of my life. It is interesting for me to be reminded, at the SEPG presentations, that programmers make mistakes every day. Even serious mistakes, resulting in disastrous consequences. You see, I read about these types of situations every day, but the cases I read about involve malicious employees, contractors, and trusted business partners who INTENTIONALLY inject defects into their code.
I analyze real life cases where developers exact revenge on their employer by planting malicious code that is set to execute after they are fired or quit their job. This code wipes out data, brings down systems, or severely damages the reputation of the organization.
I also review cases of developers who deliberately modify source code to enable them to override security controls so they can commit fraud. In fact, I had the opportunity to talk to a foreign investment trader who did just that – and covered up almost $700 million US for more than five years as a result. (He did serve over 6 years in prison for his crime).
Finally, we have collected many cases in which developers quit their job, taking their source code with them – to their new job with a competitor, to start their own business, or to give to a foreign government or organization.
The good news is that after collecting and analyzing almost 650 malicious insider threat cases for the past 10 years, we have developed interesting mitigation strategies for preventing, detecting, and responding to these types of crimes. (Please note that only a fraction of the 650 cases were developers).
I will give a short presentation on Thursday afternoon to describe some interesting case examples, as well as the patterns we have observed in these cases. Fortunately, these patterns can provide good indicators that you can recognize – if you’re watching, and if you know what to look for – so you can stop these crimes before they happen to you!
Hope to see you Thursday!