Insider Threat Lecture 8 - PowerPoint PPT Presentation

1 / 23
About This Presentation
Title:

Insider Threat Lecture 8

Description:

1987: Earl E. Pitts special agent FBI. Became: KGB agent. Motivation: financial gain ... Requests special requirements to access such materials ... – PowerPoint PPT presentation

Number of Views:83
Avg rating:3.0/5.0
Slides: 24
Provided by: far1
Category:

less

Transcript and Presenter's Notes

Title: Insider Threat Lecture 8


1
Insider ThreatLecture 8
2
Reading List
  • This class
  • Denning Chapters 6
  • A review of FBI Security Programs,
    http//www.usdoj.gov/05publications/websterreport.
    pdf (Intro, conclusion)
  • Insider threat to security may be harder to
    detect, experts say, http//www.computerworld.com/
    securitytopics/security/story/0,10801,70112,00.htm
    l
  • Treason 101, http//rf-web.tamu.edu/security/secgu
    ide/Treason/Intro.htmTreason20101
  • Next class
  • Denning Chapters 7
  • Orin Kerr, Internet Surveillance Law After the
    USA Patriot Act, 97 Northwestern Law Review,
    2003, http//ssrn.com/abstract_id317501
  • Legal Standards for the Intelligence Community
    in Conducting Electronic Surveillance, Report
    was required by the FY 2000 Intelligence
    Authorization Act, and was transmitted to
    Congress at the end of February 2000,
    http//www.fas.org/irp/nsa/standards.html

3
Perception Management
  • Information operations that aim to affect
    perception of others to influence
  • Emotions
  • Reasoning
  • Decisions
  • Actions

4
Censorship
  • Offensive denies population access to certain
    materials
  • Defensive protect society from materials that
    would undermine its culture or governance
  • Internet makes censorship difficult
  • Children Internet Protection Act, 2000
    (http//www.ifea.net/cipa.html ,
    http//www.cybertelecom.org/cda/cipa.htm )
  • Free speech online
  • Electronic Frontier Foundation http//www.eff.org/
    br/
  • http//www.anu.edu.au/mail-archives/link/link9810/
    0378.html

5
US Restrictions
  • First Amendment to the Constitution of the United
    States freedom of speech and press
  • Exception child pornography, offensive and
    harmful speech, obscene material, etc.
  • Material depicting violence ?
  • 1996 Communications Decency Act (US congress)
  • 1997 Supreme Court ruled that CDA sections 223
    and 224 abridged First Amendment rights

6
Insider Threat
  • Employees working for an organization
  • Generally trusted
  • Easy access to resources
  • Know how the system works
  • Understand data

7
Types
  • State and military espionage
  • Economic espionage
  • Corporate espionage
  • Privacy compromises

8
State and Military Espionage
  • Foreign intelligence agencies
  • Goal collect state and military secrets
  • Target foreign government
  • Insider traitors, foreign agents, spies
  • Motivation of traitor
  • Financial gain, ideology, revenge

9
Examples
  • 1987 Earl E. Pitts special agent FBI
  • Became KGB agent
  • Motivation financial gain
  • Sentencing fine (500,000 250,000)
  • 1994 Aldrich H. Ames CIA agent
  • Became KGB agent
  • Motivation financial gain
  • Sentencing life sentence

10
Economic Espionage
  • Government intelligence
  • Goal acquire economic secret of foreign country,
    trade policies, and trade secrets
  • Target foreign corporations, research
    facilities, universities, defense contractors
  • Method similar to military espionage
  • Technological competitions

11
Example
  • Pierre Marion (France) Admitted spying on
    foreign firms
  • IBM, Texas Instrument, Corning Glass
  • Marc Foldberg (Renaissance Software, Inc. Palo
    Alto, CA) copied software
  • Motivation financial gain
  • Sentencing community service
  • Guillermo (Bill) Gaede temp. employee of Intel
    Corp.
  • Motivation financial gain
  • Sentencing 33 months in federal prison

12
Corporate Espionage
  • Corporation against other corporations
  • Goal acquire competitive advantage in domestic
    or global market
  • Foreign or domestic competitors

13
Corporate Espionage
  • Computer technology convenient way
  • Investigations
  • Go public or not
  • Law
  • Inadequate
  • Gray areas

14
Examples
  • Cadence Design Systems vs. Avant! -- software
    product
  • General Motors vs. VW
  • IBM vs. Hitachi

15
Privacy Violations
  • Personal data
  • SS Administation
  • Law Enforcement
  • Medical
  • Financial
  • Computer systems
  • System administrators
  • Temporary employees

16
Business Relationship
  • Trade secrets acquired during normal business
    relationship
  • Transfer of proprietary secrets
  • Trust in partners

17
Visits and Requests
  • Insider unwittingly release proprietary info
  • Social engineering
  • Privacy violations
  • Illegal?
  • Unethical?
  • Example false identity, overly friendly,
    demanding, etc

18
Foreign Researchers
  • CRA News, November 2005
  • US attracts outstanding researchers, students,
    educators
  • Aids US to become economic power
  • Rule making announcements
  • March 2005 Department of Commerces Bureau of
    Industrial Security (BIS)
  • July 2005 Department of Defense
  • Place restrictions on foreign nationals who use
    or have access to sensitive technologies (export
    control)

19
Foreign Researchers
  • Office of Inspector General Loopholes allow
    leakage of sensitive information
  • Requests special requirements to access such
    materials
  • Criticism academia, industry, other federal
    agencies, U.S. Senate
  • Almost all oppose the proposed rule

20
Proposed Changes
  • Export applications in addition to citizenship
    and country of residence, consider country of
    birth as well
  • Expand the definition of use to any form of
    instructions on export controlled info
  • Exclude from the fundamental research exemption
    those that are soponsored by the government and
    subject to prepublication review.

21
Fraud and Embezzlement
  • False transactions or tampering with system
  • Goal financial gain (usually)
  • Examples
  • Bogus transactions
  • Data diddling (modification)

22
Inside Sabotage
  • Physical attack
  • Software attack

23
Penetration
  • Physical break-ins
  • Search and seizure
  • Dumpster diving
  • Bombs
Write a Comment
User Comments (0)
About PowerShow.com