Forwarded from: Pete Lindstrom <petelindat_private> It certainly bears repeating that insiders are a large risk, if only because no matter how often we say it, it gets ignored. But I am not sure it is appropriate or even reasonable anymore to equate 'insider people' and 'inside the firewall' as the same thing. Certainly, these days it is common to have insiders accessing systems from outside the firewall and to have outsiders already inside the firewall. (I sometimes wonder if the whole insider/outsider debate was really just a lot of grousing about the commercial success of the firewall - what exactly is an 'insider' in today's world of outsourcing, contractors, temps, former employees, and business partners, anyway?) Regardless, I am not sure how your comments fit in with the context of the article, which is about cyberterrorism. Debunking cyberterrorism is getting more popular these days, with perhaps the best debunk article being Rob Lemos' CNET article at http://news.com.com/2009-1001-954780.html and the best commentary Thomas Greene's on The Register http://www.theregister.co.uk/content/6/27819.html. These types of articles are useful for the security community to ensure it isn't 'eating its own dogfood' and indicative of how we will all be scrutinized more carefully about our opinions and attitudes when it comes to applying security within an organization. I think we all may need to be less hyperbolic and apply more intellectual rigor than we ever have in the past. (Now, I digress ;-)). Not every attack is a 'cyberterrorist' attack. There are plenty of other motives to go around - like plain old money in the case of the identity theft ring (and the movie 'Die Hard' for that matter ;-)). But I would suggest that in the case of 'cyberterrorism,' attacks are at least equally likely to come from an external location, and if you count unsuccessful attacks (don't know why we wouldn't), much more likely. Regards, Pete Pete Lindstrom Research Director Spire Security, LLC P.O. Box 152 Malvern, PA 19355 phone: 610-644-9064 fax: 610-644-8212 petelindat_private www.spiresecurity.com "clarity makes the security world stronger" -----Original Message----- From: owner-isnat_private [mailto:owner-isnat_private] On Behalf Of InfoSec News Sent: Monday, December 09, 2002 3:52 AM To: isnat_private Subject: Re: [ISN] Cyber hype Forwarded from: JohnE37179at_private Mike Butcher's article in The Guardian fires wide of the mark. If there is a cyber attack it will most likely come from inside firewall rather than outside the firewall. As the identity theft story from last week demonstrated, unauthorized access to secure systems are not necessarily hacker attacks using technology, but facilitated by compromised or corrupt insiders. Kevin Mittnick, the King of Social Engineering was able to gain access by guile as often as by hacking or cracking. It is the insider and his or her confederates compromising the system from inside the firewall we need to worry about, not the attack from outside the firewall. John Ellingson CEO Edentification - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Dec 10 2002 - 03:29:44 PST