Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Ignoring The Insider Threat Can Lead To Incidents Such as The Wikileak Saga

Imperva : 30 November, 2010  (Technical Article)
Imperva explains the benefits of tackling the insider threat and actively managing access to data to prevent embarrassing public leaks
The Wikileaks saga of the last few days, which climaxed with the release of the first batch of more than 250,000 secret and confidential diplomatic cables sent by US embassies around the world published last night, are a classic example of what can happen when the evolving insider security threat is ignored says Imperva.

According to Amichai Shulman, CTO with the data security specialist, the saga - which took a curious twist on Sunday when Wikileaks' servers came under a distributed denial of service attack - shows that organisations of all sizes seem to be preoccupied with defending against external attacks on their digital data assets, and are ignoring the internal security threat issue.

'Yes, there are hackers out there, but IT history has shown that the rogue employee is also a threat. The banking community is now starting to take action to protect its assets, but organisations have a long way to go before they can truly tackle the very real risks that insider threats pose to their reputation and integrity,' he said.

According to the Guardian, Bradley Manning, 22 - a soldier (an intelligence analyst), has admitted to stealing the information and in fact stated how easy it was to gain access to the files:

It was childishly easy, according to the published chatlog of a conversation that Manning had with a fellow-hacker. 'I would come in with music on a CD-RW labelled with something like 'Lady Gaga' … erase the music … then write a compressed split file. No one suspected a thing ... [I] listened and lip-synched to Lady Gaga's Telephone while exfiltrating possibly the largest data spillage in American history.' He said that he 'had unprecedented access to classified networks 14 hours a day 7 days a week for 8+ months'.

Shulman says that the source of the leak is believed to be the same individual responsible for the 75,000 document leak earlier this year - identified as a low ranking soldier who abused legitimate access to the information, he explained. This is the second time this has happened without any measures put into place to stop this happening. This illustrates the potential damage that insiders can cause in an organization

And, says the Imperva CTO, as with most incidents of this type, the most noticeable sign of problems should have been the easily observable intensive access to multiple documents by an authorised user. However, it is very difficult for organizations today to control access to files at an individual level. The rate with which sensitive information is generated in the form of files is ever growing, collaborative behavior is widely encouraged by management and employee turnover rates are high. Thus, while organizations must control and monitor individual access to specific files based on their contents, they must monitor employee behavior with respect to files in general.

'Any user retrieving large numbers of documents a day should raise an alert on a good business IT security system. This presumes, of course, that the organisation is not pre-occupied with conventional security and has ignored the abuse of data access privileges,' he said.

'This embarrassing fiasco - which is certain to drag on for some time - shows that the internal threat is not necessarily about unauthorised access to data, but rather the abuse of legitimate access,' he added.

'Organisations need to wake up to the complexities of internal threats, rather than simply relying on conventional IT security systems.'
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo