Feeds

Old people can sabotage software too

Games insiders play

Top 5 reasons to deploy VMware with Tegile

RSA Software teams must act to protect systems and development projects from revenge attacks by disgruntled current and former employees.

So says Carnegie Mellon Software Engineering Institute's CERT, which is advising organizations take basic steps including code encryption, enforcement of code-change and access controls, reading their log monitors and denying access to non-project staff, such as systems administrators.

"Organizations need to recognize the software they develop is crucial - they need to restrict access and protect systems from administrators who don't need access to that information," Software Engineering Institute business manager Joseph McLeod told the RSA security conference in San Francisco today. "Things like encryption can be used to protect that IP."

Sharing its insights from 245 cases since 1996 on internal attack, CERT told RSA a third of IT attacks come from inside organizations - and that they can inflict as much damage as external hackers in terms of stolen IP, financial loss, and even threats to personal safety.

CERT calls this "IT sabotage" - attacks by disgruntled employees intended to harm an organization directly, by preventing its ability to trade or by causing embarrassment through activities like forwarding private information to customers, competitors or employees, or by binging down a web site.

These differ to attacks from managers stealing trade secrets to enrich themselves and from employees accessing things like customer records to, for example, sell information like social security numbers to identity thieves.

What constitutes a disgruntled employee? Somebody whose expectations have not been meet, such as being passed over for a promotion, or getting let go.

Saboteurs span the ages, from 17 to 70, unlike those simply stealing trade secrets or social security numbers who average out in their mid-30s. "Who'd picture a 60 year old trying to do IT sabotage," Dawn Cappelli, a senior member of SEI technical staff, mused to Reg Dev, after her joint presentation to RSA.

And while the signs of a disgruntled staffer - such as slipping personal hygiene, increased absenteeism, or violent and aggressive behavior - are easy to identify and can be acted on, the tell-tale technical signs often get overlooked by organizations.

These include the insertion of back-door accounts into systems, and the creation of malicious code followed by its testing, installation, downloading and execution.

The most convenient channels to launch what CERT calls "technically sophisticated" attacks are the exploitation of access paths such as those back doors, use of shared or stolen passwords, planting logic bombs, and exploitation of colleagues' machines that have been left running.

Not all attacks are purely digital. Carnegie Mellon recounted the tale of one staffer who stole a contractor's IT badge and used it to access a restricted building, and take down a 9/11 emergency phone number/address look-up system in an attempt to impress a new boss starting work the next day.

For more on the insider threat to software development, see CERT's podcast here

Internet Security Threat Report 2014

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Home Depot ignored staff warnings of security fail laundry list
'Just use cash', former security staffer warns friends
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.