The Unix contractor that planted a malicious script on the server of Fannie Mae when he was fired in 2008 faces a jail term of up to 10 years for computer intrusion, computer intrusion? He had full access and the threat was done while he still had full access I would hardly call that intrusion, but I’m guessing a loop hole that the US can charge him with. I am by no means fighting for his plight just the charges don’t make sense to me that’s all (enough on my thoughts on it). The malicious script was time bombed to run on the 31st January 2009, according to reports it would have taken Fannie Mae weeks to recover had it been successful. This is not the first or that last we have seen, read about or helped fix and just goes to show the biggest threat to any organisation is the insider threat.
Graham Cluley, senior technology consultant at Sophos, said this should serve as a timely reminder to all companies as to what they should be prepared for. “Implementing a combination of robust user policies and security measures is crucial in order to safeguard their IT networks -and ultimately their business -against such incidents.”
The whole story on Computer Weekly and some more
Distributed denial of service (DDoS) or Denial of Service (DoS) are used often as a targeted attack or to make a point. As is the case in Spain were the Spanish Copyright Protection Society (SGAE) is a target of a DDoS attack by the anonymous group calling for free peer to peer (P2P) file sharing among other things. There is rumor in the underworld of many such attacks over the next months against intellectual property groups for “Operation Payback”, as we have already seen against the RIAA and MPAA in September. Below is what the anonymous group had to say to the media:
“Paying the government for digital media is ridiculous. The artist who makes music wants to be paid. Music labels want their fair share for producing, watchdogs want their share and thanks to the Spanish Ministry of Culture, the government assumes an additional profit. The result is an extraordinary high price for music, or a minimal fee for the artist (the one that should be rewarded instead!). The SGAE has as slogan “Believe in culture”, while they restrict new creativity by preventing that creativity is shared. They lobbied this Canon Law, which states that suspected piracy websites can be taken down without a court order. This is a danger to freedom of speech, since any site can just be taken down with the excuse that intellectual property is hosted. The “Ministerio of Cultura” should get a message that their current course will only lead to more controversy and protest.”
read more on Operation Payback
A typical example of whats called an insider threat, a threat that not even the best external security design or systems can stop. The one that is built on poor access control, bad security policy and simple failure at the HR level to identify potential insider risks through regular people, roles and access assessment. Which should always be part of a regular security policy and procedure.
I agree 100% that security should not be disruptive to work flow or productivity but it must be in place, enforced and implemented. First and foremost to best suit the company’s interests, then the work processes and procedures then the employee roles and responsibilities. There is no reason this can’t be achieved, there are POC’s all over the world from the Mom & Pops shop right through to the Blue Chip companies.
Security policy, Assessment and Access control the first three steps to avoid this happening to you, or your could simply call us.
Read the full story here
For further reading on the subject of Insider Threats read the eCrime Summary released earlier this year by CERT/US Secret Service/CSO magazine.
Source Data - http://www.net-security.org/secworld.php?id=8534
Click image for larger version
