Java Reference
In-Depth Information
◾
here is no insider threat.
◾
Geographic location is hacker-proof.
Hacking is really diicult.
◾
◾
One device protects against all.
2.4.1 There Is No Insider Threat
Insiders are one of the largest sources of data theft and other attacks on an organization's critical
information. Insiders are perhaps even more dangerous than the hacker from outside, because the
insider has access to the information and could wreak havoc upon the organization by disclosing
data that he/she is not supposed to disclose, or bring down the network by performing unauthor-
ized vulnerability scanning and exploitation. Disgruntled employees, corporate spies, or plain
simple careless employees with no malicious intent can also cause the organization to lose its
information assets. Some famous cases of insider information attacks were North Bay and UBS
PaineWebber. In the case of North Bay, the former accounts payable clerk Jessica Quituga used
her access to North Bay's accounting system to issue over 120 checks payable to herself and some
others. She pleaded guilty to two counts of fraud and received a jail sentence and a $250,000 ine.
Another case of insider attack was at UBS PaineWebber, where a disgruntled systems administra-
tor at UBS PaineWebber, Roger Duronio, planted a
logic bomb
*
in the company's network, which
would delete all the iles in the company's host server. his afected 2000 servers, and over 400
branches of UBS went oline in the year 2002, causing over $3 million in losses to UBS. Forty-
ive percent of organizations and government agencies have reported that unauthorized insiders
had accessed their networks. Over 60% of employees believe that their coworkers and not hackers
pose the greatest threat to their identity information and personal data.
Disgruntled or malicious employees do not cause all insider threats. Some attacks on an orga-
nization's information assets are caused by careless employees or employees who are ignorant of
the organization's information security policies. According to a 2005 McAfee survey, 51% of
people connect their own devices, including iPods and mobile phones, to their work laptops. Over
60% of them store personal iles and content on their work PC or laptop. Eighteen percent down-
load content of the Internet, elevating the risk of Trojans, viruses, and other malware entering
the work environment. Sixty-two percent admitted ignorance with respect to their organization's
security policies. Several employees allow their family members to use their work laptops for surf-
ing the Internet or playing games. Employees using their laptops to surf from home probably have
no content-iltering or restricted Internet access, thereby opening their machines to nasty malware
from the Internet.
2.4.2 Hacking Is Really Dificult
his is one of the most common misconceptions that people have about hacking. As we already have
seen, the present age is that of information. Everything we need is at our ingertips. Information
interchange and transfer of knowledge have become extremely simple with the Internet. If a hacker
Bob writes an exploit code against a operating system platform, it will not be too long before the
information reaches the far corners of the globe and several people are using Bob's technique and
exploit code to launch attacks against systems worldwide. All these people are not truly hackers.
*
A logic bomb is a malicious piece of code inserted into software that performs a malicious action on the trigger-
ing of a particular event or a series of events.
Search WWH ::
Custom Search