recent news

NSF Awards CyLab’s Norman Sadeh and Columbia’s Bellovin $1.2M to Research for New Family of User-Controllable Policy Learning Technologies

New Web-Based Security Test Suite from CyLab’s Collin Jackson, with Google & UC Berkeley

Sixth Annual CyLab Corporate Partners Conference Highlights Vital Research and Urgent Issues

CyLab Technical Director Adrian Perrig Wins Prestigious “Security 7” Award From Information Security Magazine

CyLab Founder Pradeep K. Khosla To Receive Prestigious Academic Excellence Award at 2009 Pan IIT Conference

[see all cylab news]

recent chronicles

Q&A with Collin Jackson

Q&A with Patrick Tague

Q&A with Jonathan McCune

Q&A with Dena Haritos Tsamitis

Q&A with Anupam Datta

[see all cylab chronicles]

cylab news

CERT Insider Threat Team Releases “Spotlight On: Malicious Insiders with Ties to the Internet Underground Community”

CERT’s Insider Threat Team has released its Spotlight On: Malicious Insiders with Ties to the Internet Underground Community.

Spotlight On is a quarterly report issued by the CERT Insider Threat Team. The Insider Threat Team receives significant funding from CyLab.

As one of their benefits, CyLab's corporate partners receive each issue of Spotlight On three months prior to its public release. So as Malicious Insiders with Ties to the Internet Underground Community is released to the public, CyLab's partners are now moving on to Insider Theft of Intellectual Property inside the U.S. Involving Foreign Governments or Organizations, which will be available to the public in 4Q09.

Spotlight On: Malicious Insiders with Ties to the Internet Underground Community includes analysis of numerous cases.

Here is a brief excerpt:

The threat of insider actions associated with the internet underground is very real. As shown in the case examples, the actions observed in our case database occur primarily out of revenge that stems from unmet expectations and disgruntlement over salary or other work issues. Many of the attacks occurred offsite, after an employee’s termination, using access and prior knowledge the employee had as part of his job role. Further, nearly all attacks involved the use of at least one form of compromised account, such as an authorized third-party account or a backdoor account created specifically for the execution of the insider’s attack plans. Finally, all but two of the insiders in our case sample were considered to be highly-technical and were working in some kind of system administration role for the victim organization.

Of course, it is not always readily apparent that employees have connections with the internet underground. Employers can institute measures to block certain illicit communication channels at the workplace, or monitor and investigate their use. In addition, it is important that managers of technical employees exercise good management practices, including attempting to maintain a degree of awareness of employees’ morale, and suspicious behaviors both at work and outside the workplace. Spotlight On: Malicious Insiders with Ties to the Internet Underground Community also articulates a number of practices to help in mitigating this particular aspect of the insider threat.

For more information:

•  Bookmark the CyLab Insider Threat Analysis Center.
•  See also the third edition of CERT's Common Sense Guide to Prevention and Detection of Insider Threats (.pdf), and its empirically-based insider threat risk assessment diagnostic.
•  Read the CyLab Chronicles Q&A with CERT Insider Threat Team leader Dawn Cappelli.
•  Contact Gene Hambrick, CyLab Director of Corporate Relations, to learn more about partnering with CyLab.

 

Copyright (c) 2009 Carnegie Mellon CyLab Partner login | Carnegie Mellon Home
All Rights Reserved. Privacy Policy