Insider Threats

New plan to stop leaks: Squeal on your cubicle mate who may or may not be a whistleblower

New plan to stop leaks: Squeal on your cubicle mate who may or may not be a whistleblower

By

An investigative report shows the Obama administration's insider threat program is far more expansive, and troubling, than even critics had thought.

Worry more about the cubicle dweller and less about the Chinese hacker

Worry more about the cubicle dweller and less about the Chinese hacker

While intellectual property theft at the hands of regular employees may not yield the provacative headlines as a Chinese military unit spreading APTs from an office in Shanghai, the former scenario is the more likely one.

Server breached at a Vancouver-area school

By

The personal medical data of nearly 13,000 students and staff at Canada's British Columbia Institute of Technology (BCIT) may have been exposed.

Mitigating the next WikiLeaks: Insider threats

Mitigating the next WikiLeaks: Insider threats

The operating environment itself must be altered, says Verdasys' Dan Geer.

Court ruling limits reach of U.S. anti-hacking law

By

A U.S. Circuit Court of Appeals ruling has said employees who violate their organization's user policies do not violate the federal Computer Fraud and Abuse Act (CFAA).

Secure access, authorization among areas still lacking at IRS

By

A favorite whipping boy of the Government Accountability Office, the Internal Revenue Service has yet to clean up its security act, though improvements continue, according to a new audit.

Solving the hardest problems in enterprise data security

Companies targeted by APT will need to upgrade their defenses strategy to include multiple, integrated layers of extremely sensitive anomaly detection and mitigation.

Personal data of nine million Israelis posted online

By

Details emerged this week of an Israeli government contract worker believed to be behind a massive information theft case, in which the personal data of millions of Israeli citizens' was stolen and subsequently posted online in a searchable database.

White House order tackles insider threat post-WikiLeaks

By

The order follows a seven-month, government-wide review, prompted by the leak of classified U.S. documents by whistleblower site WikiLeaks.

More insiders snooping into health records, says survey

By

Breaches into protected health information (PHI) are on the rise, and staffers are responsible for more than a third of the intrusions, a new survey has found.

IT worker pleads guilty to crippling ex-employer's network

By

Jason Cornish, 37, of Smyrna, Ga., faces up to 10 years in prison and a $250,000 fine for breaking into the computer network of the U.S.-based subsidiary of a Japanese pharmaceutical company

UCLA Health System fined over celebrity patient snooping

By

UCLA Health System must pay $865,500 as part of a settlement with the U.S. Department of Health and Human Services (HHS) over complaints that employees snooped on the health records of two celebrities.

California state workers' data taken from state offices

By

The personal information of thousands of current and former California state employees was improperly copied to a hard drive and removed from state offices.

Wind power company disputes alleged SCADA hack

By

A major U.S. energy supplier has found no evidence of breach despite claims by a former employee that he hacked into the company's New Mexico wind turbine facility as revenge for being fired.

Former Gucci insider charged with hacking network

By

A former network engineer at Gucci has been charged with hacking into the company's network, deleting data and shutting down servers and networks.

U.S. government warns of SCADA flaws

By

The U.S. government's ICS-CERT has issued alerts for four software products used to control hardware appliances at industrial facilities.

Texas hospital hacker sentenced to nine years

By

A former Dallas hospital guard was sentenced last week to nine years in federal prison for breaking into hospital computers, planting malicious software and planning a distributed-denial-of-service (DDoS) attack.

Goldman Sachs programmer sentenced for code theft

By

A software programmer charged with copying secret financial trading code from Goldman Sachs computers was sentenced Friday to eight years in prison. Sergey Aleynikov, 41, a naturalized U.S. citizen who emigrated from Russia, had resigned from his $400,000-a-year Goldman Sachs position in June 2009 to take a new job in Chicago. Before going, however, he uploaded code related to the firm's proprietary trading program from his workstation to a server in Germany and then downloaded it to his computers at home. Aleynikov was also ordered to pay a $12,500 fine and serve three years of supervised release following his sentence.

Colorado county files mistakenly posted online

By

More than 20 years worth of personal and investigative Sheriff's Department records from Mesa County, Colo. were inadvertently posted online, where they remained for several months.

IT security budget issues: Fiscal reality

IT security budget issues: Fiscal reality

By

The financial crisis will have a lasting impact, but some organizations have found ways of doing more with less.

Disgruntled IT head sentenced for hacking website

By

A former IT head in Virginia, upset about being fired, was sentenced Friday to two years and three months in prison for hacking into his former employer's website to delete files.

Texas insider sentenced to 15 years for medical ID theft

By

A Texas woman's 15-year prison sentence for stealing hospital patient information underscores a continued upswing in medical identity theft cases.

Disgruntled Fannie Mae "logic bomber" found guilty

By

A federal jury in Baltimore has convicted a former Fannie Mae programmer of computer intrusion after he sought to destroy more than 4,000 company servers by planting a malicious script that was scheduled to activate roughly three months after he was fired. Rajendrasinh Makwana, 36, faces up to 10 years in prison for seeding a common application with "logic bomb" malware on Oct. 24, 2008, the day he was fired, the U.S. Department of Justice said last week in a news release. Five days later, a senior engineer discovered the disgruntled Makwana's actions, which were meant to destroy financial, securities and mortgage information. Makwana, who had pleaded innocent, is scheduled to be sentenced Dec. 8. — DK

Swiss bank accounts under CRA investigation

By

The Canadian Revenue Agency (CRA) is investigating more than 1,000 high-value bank accounts in Switzerland, after a former employee stole the account data and handed it to investigators.

Entrapment: Somebody told me to do it, officer

Is a sting merely legitimized social engineering? Why cops don't have to tell you they're cops - online or off.

Leading Stuxnet theory points toward sabotage and SCADA inside players

IACS researcher says, Welcome to cyberwar

Geek squad vs. mod squad: Should use policy become a federal beef?

Should violations of corporate computer use policy be a federal crime, asks Charles Jeter, ESET cybercrime investigator.

Delaware retirees' personal information posted on state website

By

The personal information of Delaware state retirees was included in a request for proposal that made its way onto the state's website for five days before it was discovered and removed.

Judge OKs Countrywide breach settlement

By

A U.S. District Court judge in Kentucky this week granted final approval to settle a class-action lawsuit relating to a data breach that pinned millions of Countrywide Financial customers against the mortgage company. The agreement provides free credit monitoring for up to 17 million people whose personal data was exposed, according to reports. To be eligible, victims must have used Countrywide, now owned by Bank of America, before July 1, 2008. In addition, participants are eligible to receive up to $50,000 per incident of identity theft, though Countrywide representatives have denied that anyone fell victim to fraud. — DK

Security perspectives on call center ID theft risks, Part 2

Call centers have real threats from insiders.

Sign up to our newsletters

POLL