[ISN] Security experts: Insider threat looms largest

From: InfoSec News (isn@private)
Date: Tue Dec 09 2003 - 02:38:40 PST

  • Next message: InfoSec News: "[ISN] LayerOne CFP"

    Forwarded from: William Knowles <wk@private>
    
    http://www.nwfusion.com/news/2003/1208infowar.html
    
    By Ellen Messmer
    Network World
    12/08/03
    
    WASHINGTON, D.C. - While the U.S. military is building up defenses to 
    fend off network-based attacks from enemy states and terrorists, some 
    say the more-insidious security problem is the threat of an insider 
    bent on sabotage or stealing data. 
    
    At last week's Forum on Information Warfare, researchers from the FBI 
    and George Washington University emphasized the insider threat during 
    presentations that drew military personnel and academics from around 
    the world. In particular, IT systems administrators increasingly are 
    seen as the most potentially dangerous insider threat - and military 
    concern - because of their power over networks. 
    
    In his keynote speech, Lt. Gen. Kenneth Minihan, former head of the 
    National Security Agency (NSA), compared today's systems 
    administrators to the encryption-code clerks of past wars who broke 
    enemy secrets. He said systems administrators deserve greater 
    attention from the military and should be better paid. Some 
    researchers say they have seen the systems administrator go bad and 
    see it as the Achilles' heel of national defense. 
    
    FBI and George Washington researchers have studied the case histories 
    of criminal computers use, including interviews with prisoners. 
    
    "The systems administrator responsible for designing computer systems 
    has the extraordinary ability to do damage," said Jerrold Post, 
    professor of psychiatry, political psychology and international 
    affairs at George Washington. He cited cases that occurred at Fort 
    Bragg in North Carolina, and in banking and other industries, to 
    underscore the danger posed by IT insiders who exploit power over 
    networks. 
    
    Post noted that insiders who commit computer-based crimes, such as 
    fraud, extortion, sabotage and espionage, have a variety of 
    motivations, including revenge and financial gain. He said it is 
    critical to understand the psychology of IT administrators in general 
    to recognize possible danger signs. 
    
    IT specialists are "overwhelmingly represented by introverts" who 
    "internalize stress and express themselves only online," he said. A 
    study of IT specialists caught for computer-based crimes reveals them 
    typically to share some character traits. 
    
    Post said close analysis of work histories of IT administrators who 
    sabotaged their employers' networks or did other damage reveals that 
    they often first commit less-serious infractions, such as refusing to 
    train their backup. Intervention by management early on could help 
    prevent problems from escalating, because introverted people usually 
    don't seek help. 
    
    The FBI has started its own study of those who commit computer crimes 
    - not necessarily focusing on IT administrators - by interviewing 
    those now in jail, said John Jarvis, an FBI behavioral research 
    scientist. "Cybercrime is primarily an insider phenomenon," Jarvis 
    said. Only a quarter can be classified as "outsider," he said. 
    
    Guarding against that minority is the job of insiders such as Timothy 
    Vieregge, deputy of the systems and architecture branch in computer 
    network operations at Fort Belvoir's First Information Operations 
    Command in Virginia. Vieregge helped set up a network-monitoring 
    system for the Army before the start of the war in Iraq. 
    
    The system, based on more than 500 intrusion-detection monitors at 
    Army network facilities around the globe, captured information on 
    cyberattacks and sent it to the security information management 
    product the Army uses, Symantec's CyberWolf, with NSA-developed 
    visualization software called Renoir. 
    
    While Vieregge said he couldn't say where attacks against Army 
    computers originated, the monitoring systems showed which attacks 
    succeeded and which failed. 
    
    While attempted attacks increased 84% between October 2002 through 
    March, the number of successful intrusions against Army facilities has 
    dropped from a high of 16 in October to six in March. Vieregge said 
    the monitoring system helped the Army prioritize areas that needed 
    strengthening - where proper software patching hadn't been done, for 
    example - and setting up routers to block IP addresses from attack 
    points. 
    
    Vieregge said the Army isn't using intrusion-prevention systems yet to 
    automatically block attacks but is following the technology's 
    development. 
    
    
    
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ----------------------------------------------------------------
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ================================================================
    Help C4I.org with a donation: http://www.c4i.org/contribute.html
    *==============================================================*
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Dec 09 2003 - 04:48:28 PST