Insider Threats

Solving the hardest problems in enterprise data security

Jim Ricotta, CEO, Verdasys • January 23, 2012

Companies targeted by APT will need to upgrade their defenses strategy to include multiple, integrated layers of extremely sensitive anomaly detection and mitigation.
 

Personal data of nine million Israelis posted online

October 26, 2011

Details emerged this week of an Israeli government contract worker believed to be behind a massive information theft case, in which the personal data of millions of Israeli citizens' was stolen and subsequently posted online in a searchable database.
 

White House order tackles insider threat post-WikiLeaks

October 07, 2011

The order follows a seven-month, government-wide review, prompted by the leak of classified U.S. documents by whistleblower site WikiLeaks.
 

More insiders snooping into health records, says survey

August 31, 2011

Breaches into protected health information (PHI) are on the rise, and staffers are responsible for more than a third of the intrusions, a new survey has found.
 

IT worker pleads guilty to crippling ex-employer's network

August 18, 2011

Jason Cornish, 37, of Smyrna, Ga., faces up to 10 years in prison and a $250,000 fine for breaking into the computer network of the U.S.-based subsidiary of a Japanese pharmaceutical company
 

UCLA Health System fined over celebrity patient snooping

July 11, 2011

UCLA Health System must pay $865,500 as part of a settlement with the U.S. Department of Health and Human Services (HHS) over complaints that employees snooped on the health records of two celebrities.
 

California state workers' data taken from state offices

July 01, 2011

The personal information of thousands of current and former California state employees was improperly copied to a hard drive and removed from state offices.
 

Wind power company disputes alleged SCADA hack

April 18, 2011

A major U.S. energy supplier has found no evidence of breach despite claims by a former employee that he hacked into the company's New Mexico wind turbine facility as revenge for being fired.
 

Former Gucci insider charged with hacking network

April 05, 2011

A former network engineer at Gucci has been charged with hacking into the company's network, deleting data and shutting down servers and networks.
 

U.S. government warns of SCADA flaws

March 23, 2011

The U.S. government's ICS-CERT has issued alerts for four software products used to control hardware appliances at industrial facilities.
 

Texas hospital hacker sentenced to nine years

March 21, 2011

A former Dallas hospital guard was sentenced last week to nine years in federal prison for breaking into hospital computers, planting malicious software and planning a distributed-denial-of-service (DDoS) attack.
 

Goldman Sachs programmer sentenced for code theft

March 21, 2011

A software programmer charged with copying secret financial trading code from Goldman Sachs computers was sentenced Friday to eight years in prison. Sergey Aleynikov, 41, a naturalized U.S. citizen who emigrated from Russia, had resigned from his $400,000-a-year Goldman Sachs position in June 2009 to take a new job in Chicago. Before going, however, he uploaded code related to the firm's proprietary trading program from his workstation to a server in Germany and then downloaded it to his computers at home. Aleynikov was also ordered to pay a $12,500 fine and serve three years of supervised release following his sentence.
 

Colorado county files mistakenly posted online

December 07, 2010

More than 20 years worth of personal and investigative Sheriff's Department records from Mesa County, Colo. were inadvertently posted online, where they remained for several months.
 

IT security budget issues: Fiscal reality

December 01, 2010

The financial crisis will have a lasting impact, but some organizations have found ways of doing more with less.
 

Disgruntled IT head sentenced for hacking website

November 01, 2010

A former IT head in Virginia, upset about being fired, was sentenced Friday to two years and three months in prison for hacking into his former employer's website to delete files.
 

Texas insider sentenced to 15 years for medical ID theft

October 19, 2010

A Texas woman's 15-year prison sentence for stealing hospital patient information underscores a continued upswing in medical identity theft cases.
 

Disgruntled Fannie Mae "logic bomber" found guilty

October 11, 2010

A federal jury in Baltimore has convicted a former Fannie Mae programmer of computer intrusion after he sought to destroy more than 4,000 company servers by planting a malicious script that was scheduled to activate roughly three months after he was fired. Rajendrasinh Makwana, 36, faces up to 10 years in prison for seeding a common application with "logic bomb" malware on Oct. 24, 2008, the day he was fired, the U.S. Department of Justice said last week in a news release. Five days later, a senior engineer discovered the disgruntled Makwana's actions, which were meant to destroy financial, securities and mortgage information. Makwana, who had pleaded innocent, is scheduled to be sentenced Dec. 8. — DK
 

Swiss bank accounts under CRA investigation

October 08, 2010

The Canadian Revenue Agency (CRA) is investigating more than 1,000 high-value bank accounts in Switzerland, after a former employee stole the account data and handed it to investigators.
 

Entrapment: Somebody told me to do it, officer

Charles Jeter, ESET cybercrime investigator September 22, 2010

Is a sting merely legitimized social engineering? Why cops don't have to tell you they're cops - online or off.
 

Leading Stuxnet theory points toward sabotage and SCADA inside players

Charles Jeter, ESET cybercrime investigator September 17, 2010

IACS researcher says, Welcome to cyberwar
 

Geek squad vs. mod squad: Should use policy become a federal beef?

Charles Jeter, ESET cybercrime investigator September 16, 2010

Should violations of corporate computer use policy be a federal crime, asks Charles Jeter, ESET cybercrime investigator.
 

Delaware retirees' personal information posted on state website

August 31, 2010

The personal information of Delaware state retirees was included in a request for proposal that made its way onto the state's website for five days before it was discovered and removed.
 

Judge OKs Countrywide breach settlement

August 26, 2010

A U.S. District Court judge in Kentucky this week granted final approval to settle a class-action lawsuit relating to a data breach that pinned millions of Countrywide Financial customers against the mortgage company. The agreement provides free credit monitoring for up to 17 million people whose personal data was exposed, according to reports. To be eligible, victims must have used Countrywide, now owned by Bank of America, before July 1, 2008. In addition, participants are eligible to receive up to $50,000 per incident of identity theft, though Countrywide representatives have denied that anyone fell victim to fraud. — DK
 

Security perspectives on call center ID theft risks, Part 2

Charles Jeter, ESET cybercrime investigator August 13, 2010

Call centers have real threats from insiders.
 

Security perspectives on call center ID theft risks, Part 1

Charles Jeter, ESET cybercrime investigator August 13, 2010

It is far too easy for an insider to gather personally identifiable information.
 

Disgruntled San Francisco admin sentenced to four years

August 09, 2010

Two years after he was charged with holding the city of San Francisco digitally hostage, a disgruntled former network administrator was sentenced to four years in prison.
 

Laptop containing patient data stolen from Philadelphia hospital

August 04, 2010

A laptop containing the personal information of patients was stolen from an office at Thomas Jefferson University Hospital in Philadelphia.
 

Internal threats double as attackers shift strategy

July 28, 2010

Cybercriminals are partnering with malicious insiders, according to a report from Verizon Business and the U.S. Secret Service.
 

Cybercrime costs businesses $3.8 million per year

July 26, 2010

Web attacks, malware and insider threats can cost organizations millions of dollars in losses each year, according to a new Ponemon Institute study.
 

Employee at Maryland state agency posts client information online

July 21, 2010

The personal information of clients of the Maryland Department of Human Resources (DHR) recently was posted on a third-party website, where it remained for nearly three months.
 
Powered by Disqus
Popular Topics
Analyst Reports & Industry Surveys Android Anonymous Breaches & Exposures Canada Data Breaches DNS Education Finance Government Hackers Hacktivism Health Care Lawbreakers & Cybercrime Lawsuit Legislation LulzSec Malware Mobile Applications Mobile Devices Phishing Rootkits SC Awards 2012 Social Engineering Trojans