FREE NEWSLETTER: Econintersect sends a nightly newsletter highlighting news events of the day, and providing a summary of new articles posted on the website. Econintersect will not sell or pass your email address to others per our privacy policy. You can cancel this subscription at any time by selecting the unsubscribing link in the footer of each email.

posted on 20 February 2016

When Cyber Security Is An Inside Threat


-- this post authored by Scott Stewart

According to a recent article by Business Insider, hackers in Ireland, stymied by Apple's information systems security, are taking another approach to gain access to the corporation's data. They are offering Apple employees up to 20,000 euros for valid login credentials. While not all approaches to insiders are so overt, this case nevertheless serves as a great reminder that malicious actors are actively recruiting insiders to exploit their status.

Beyond that, it demonstrates that the insider threat is not just confined to an Edward Snowden type who steals a mass of data in one swoop before leaving the company. Insiders can pose a far more subtle and enduring threat. Because of this, we should think beyond Snowden when considering how insider threats can manifest.

Thinking About Insider Threats

It's important when considering insider cyber threats to not let the cyber element distract from the basic problem; hacking is still fundamentally theft of information. In fact, I would encourage security managers to think about these insider threats much as they would any other sort of corporate or government espionage.

Certainly, those looking to recruit an insider would love to have access to a systems administrator - essentially the corporate equivalent of an embassy communications officer. Systems administrators normally hold the keys to the kingdom, and in many cases they can access a variety of email accounts and other systems of interest to those conducting corporate espionage, whether they are motivated by ideology, looking to steal proprietary secrets or seeking information for insider trading purposes. That said, company IT staffs are not the only people who could be recruited to help carry out a cyberattack.

In addition to the outright sale of a valid system login, as in the Apple example, insiders can also perform more subtle tasks to help hackers. One is to fill the role that an "access agent" would in traditional espionage: identifying potential sources. Rather than pinpointing and approaching individuals, in the cyber realm insiders can help hackers understand a company's systems and security procedures. They can also provide company organizational charts and examples of company communications. Perhaps more important, an insider has knowledge of who talks to whom and what topics they discuss; they may even pass along sample emails that show how people interact.

This level of detail can be incredibly useful in helping set targets up for a well-crafted and convincing attempt at spear phishing, an email attack tightly focused on an individual user. If a hacker learns that Carol regularly sends text documents or spreadsheets to Bob and even has examples of how Carol normally addresses Bob, including any company or personal jargon, he or she can then craft a highly tailored message spoofing Carol's email address and with it deliver an attachment loaded with malware.

Access agents can also be used to help spot troubled coworkers whose financial or other vulnerabilities, such as anger at the company or drug use, might make them easier to recruit. Sex also works as a highly effective recruiting tool, and access agents can identify people most likely to be vulnerable to a "honey trap."

Non-IT staff insiders can also be used to introduce malware into a company's computer system. They may knowingly open a spear phishing tool, allowing them to feign victimization later if they get caught. As noted above, they have the knowledge to help craft a plausible spear phishing presentation that can give them the cover of apparent innocence. They could also, for example, steal a thumb drive from a coworker's desk and allow hackers to install malware on it before returning it. There are many ways a non-IT insider can help inject malware into company systems - even sensitive "air gapped" systems, or secure networks separated from the Internet.

Persistent Insider Threat

Insider threats are not limited to one-hit wonders like Snowden. Insider agents who make their actions seem innocuous and maintain plausible deniability can stay in place at the targeted company for a long time. Again, thinking in traditional espionage terms, it was always a great windfall when someone would walk into an embassy and hand an intelligence officer a briefcase full of classified documents. But a good intelligence officer isn't satisfied with just those documents. Sharp officers protect walk-ins and encourage them to continue working; that way, they can provide a continuing stream of valuable intelligence instead of just a single document dump.

But even when we are dealing with a recruited agent instead of a walk-in, the best strategy is to leave the agent in place for a prolonged period to maximize the extracted intelligence. National intelligence agencies running computer intelligence operations will follow the same principles in recruiting sources as they do for other operations. Intelligence services draw little distinction between an asset recruited for cyber and one meant for traditional intelligence gathering, and once recruited, agents can serve both purposes.

Anyone who doubts that intelligence agencies from an array of countries actively recruit sources from within many different types of companies has not been paying much attention. States frequently use false-flag approaches, sometimes presenting themselves as competitors or even criminals rather than intelligence officers.

But even beyond intelligence agencies, it is easy to see how ideologically motivated leakers, competitors and criminals could benefit greatly by having inside sources embedded long-term within a company.

Bad Operations Security

Finally, in addition to knowing collaborators who act intentionally, sloppy insiders also pose a significant threat - and arguably a larger and more persistent one. Whether or not the slip-up is as high-profile as the case of an Apple employee who left a top secret iPhone 4 prototype at a bar, or the case of the Qualcomm CEO whose laptop was stolen shortly before his company reported its quarterly results, there's always the chance that a low-level insider will fall for a clumsy phishing email and introduce malware onto company servers through a personal laptop.

Of course, such negligence can play a role in attacks involving knowing insiders as well. All the potentially threatening actors we've discussed, from intelligence agencies to criminals, can and do pounce on mistakes made by unwitting, inattentive insiders. But compared with recruiting an insider, which requires more effort and is more easily detected, a targeted cyberattack is a low-cost, low-risk method that can be just as effective. Negligence makes those attacks easier to execute. Poor operations security is also not just confined to non-technical employees. Inexperience, laziness or poor practices can make IT staff negligent as well. In short, employees should be well informed and on guard. The threat posed by a Snowden-like insider is grave. But it is far from the only type of insider threat that can harm your company.

"When Cyber Security Is an Inside Threat" is republished with permission of Stratfor.

>>>>> Scroll down to view and make comments <<<<<<

Click here for Historical News Post Listing

Make a Comment

Econintersect wants your comments, data and opinion on the articles posted.  As the internet is a "war zone" of trolls, hackers and spammers - Econintersect must balance its defences against ease of commenting.  We have joined with Livefyre to manage our comment streams.

To comment, using Livefyre just click the "Sign In" button at the top-left corner of the comment box below. You can create a commenting account using your favorite social network such as Twitter, Facebook, Google+, LinkedIn or Open ID - or open a Livefyre account using your email address.

You can also comment using Facebook directly using he comment block below.

Econintersect Contributors


Print this page or create a PDF file of this page
Print Friendly and PDF

The growing use of ad blocking software is creating a shortfall in covering our fixed expenses. Please consider a donation to Econintersect to allow continuing output of quality and balanced financial and economic news and analysis.

Take a look at what is going on inside of
Main Home
Analysis Blog
A Short Note on a Connection Between Marginalist Economics and Folk Medicine
Run A High Pressure Economy? Janet Yellen Does Not Understand the Problem
News Blog
How A Lack Of Sleep Affects Your Brain - And Personality
How Accurate Are Final US Election Polls
What We Read Today 27 October 2016
A Pony And His Beloved Teddy Bear Reunite After Being Apart For 3 Years
October 2016 Kansas City Fed Manufacturing Remains In Expansion
September 2016 Median Household Income Not Statistically Different Than The Previous Month
September 2016 Pending Home Sales Index Improves
22 October 2016 Initial Unemployment Claims: Rolling Averages Marginally Worsen
Durable Goods New Orders Marginally Declined in September 2016
Infographic Of The Day: 41 Interesting Facts About Tesla Motors
Early Headlines: Asia Stocks Down, Oil Lower, Great Lakes Wind Power, Chinese Moving Mfg To US, Tesla Reports Profit, Dems Forecast To Take Senate, China's Debt And More
How Miller Stacks Up Against His Draft Class
Inside The Machine: How Two Nobel Winners Taught Us How Companies Tick
Investing Blog
Galaxy Note Disaster Wipes Out Samsung's Mobile Profits Technical Report 27 October 2016
Opinion Blog
A Hard Brexit And Reduced Migration Won't Benefit UK Workers
What Triggers Collapse?
Precious Metals Blog
Inflation Surging As Platinum Signals Stock Market Decline
Live Markets
27Oct2016 Market Close: Wall Street Closes Fractionally Lower, Interest-Rate Stocks Outweighed Gains In Healthcare, Market Indicators Bearish
Amazon Books & More

.... and keep up with economic news using our dynamic economic newspapers with the largest international coverage on the internet
Asia / Pacific
Middle East / Africa
USA Government

Crowdfunding ....



Analysis Blog
News Blog
Investing Blog
Opinion Blog
Precious Metals Blog
Markets Blog
Video of the Day


Asia / Pacific
Middle East / Africa
USA Government

RSS Feeds / Social Media

Combined Econintersect Feed

Free Newsletter

Marketplace - Books & More

Economic Forecast

Content Contribution



  Top Economics Site Contributor TalkMarkets Contributor Finance Blogs Free PageRank Checker Active Search Results Google+

This Web Page by Steven Hansen ---- Copyright 2010 - 2016 Econintersect LLC - all rights reserved