SOCNET

Go Back   SOCNET: The Special Operations Community Network > Areas of Expertise > Technology and Communications

Reply
 
Thread Tools Display Modes
  #1  
Old 5 September 2019, 10:38
CV's Avatar
CV CV is offline
Authorized Personnel
 
Join Date: Apr 2003
Location: US
Posts: 8,099
Insider Threats should be your org's biggest concern

I've given presentations and talks at various conferences covering topics surrounding insider threats and social engineering that are married to technical capability. This article highlights why I always say it's the biggest threat when someone asks.

https://arstechnica.com/tech-policy/...ware-doj-says/


TL:DR
AT&T workers took over $1 million to unlock millions of cell phones and install malware.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #2  
Old 5 September 2019, 16:42
cedsall's Avatar
cedsall cedsall is offline
giving you a number
 
Join Date: Aug 2010
Location: Washington, DC
Posts: 544
HUMINT and the irresistible lure of money still wins.

Who woulda thought...
Reply With Quote
  #3  
Old 6 September 2019, 12:02
Polypro's Avatar
Polypro Polypro is offline
BTDT
 
Join Date: Oct 1999
Location: A Noisy Bar In Avalon
Posts: 14,048
Crocodile tears from me. The US cell phone landscape is one big, giant, rip-off to customers. Combine that with the fact that the companies spy on you for themselves and others, and give up/sell your data on a whim - boohoo.

Yup, I get it - "then don't use a cell phone, no one is making you" and "there's a law and he/they broke it" - agree on both counts.

Still: Boohoo

Oh yeah, this could have been insiders doing anything else - what are all these "privacy nuts" on about? LOL
__________________
FOR IMMEDIATE RELEASE
On February 20, 2018, President Trump issued a memorandum instructing the Attorney General “to dedicate all available resources to… propose for notice and comment a rule banning all devices that turn legal weapons into machineguns.”

“I like taking the guns early, like in this crazy man’s case that just took place in Florida ... to go to court would have taken a long time”

“Take the guns first, go through due process second”

"Or, Mike, take the firearms first, and then go to court"
Reply With Quote
  #4  
Old 6 September 2019, 23:22
pavegnr's Avatar
pavegnr pavegnr is offline
Been There Done That
 
Join Date: Mar 2003
Location: bama
Posts: 1,064
The one thing that always killed me was when you have an IT person turn in a two week notice. My theory is to go ahead and cut them out and let them leave. You are giving them 2 weeks to do what ever they want to do.
__________________
"Life is hard. It's even harder if you're stupid." John Wayne

William Tecumseh Sherman-
I hate newspapermen. They come into camp and pick up their camp rumors and print them as facts. I regard them as spies, which, in truth, they are. If I killed them all there would be news from Hell before breakfast.
Reply With Quote
  #5  
Old 8 September 2019, 11:42
Atrax's Avatar
Atrax Atrax is offline
Confirmed User
 
Join Date: Sep 2005
Location: CONUS
Posts: 376
Are any of the big companies establishing insider threat programs, similar to .gov? Given a few high profile incidents (Apple, Uber, Amazon) I imagine a lot of the Fortune 500 would do so, if they haven't already.
Reply With Quote
  #6  
Old 8 September 2019, 19:53
yrot yrot is offline
Registered User
 
Join Date: Sep 2019
Location: Odessa, Texas
Posts: 46
Quote:
Originally Posted by Atrax View Post
Are any of the big companies establishing insider threat programs, similar to .gov? Given a few high profile incidents (Apple, Uber, Amazon) I imagine a lot of the Fortune 500 would do so, if they haven't already.
Some of the major oil companies started addressing it at least 15 years ago both in the areas of corporate espionage and computer sabotage.
Reply With Quote
  #7  
Old 9 September 2019, 10:16
CV's Avatar
CV CV is offline
Authorized Personnel
 
Join Date: Apr 2003
Location: US
Posts: 8,099
Quote:
Originally Posted by Atrax View Post
Are any of the big companies establishing insider threat programs, similar to .gov? Given a few high profile incidents (Apple, Uber, Amazon) I imagine a lot of the Fortune 500 would do so, if they haven't already.
In a lot of public tech firms, insider threat programs are fairly mature. There's also better ways to manage access to sensitive data in the first place, but that's an entirely new thread. I'm willing to write it up, if someone would find value in it. It maps parallel to combating insider threat activities.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #8  
Old 9 September 2019, 15:00
usmc_3m's Avatar
usmc_3m usmc_3m is offline
Confirmed User
 
Join Date: Jun 2013
Location: PR of Kali
Posts: 1,340
Where I work we have a fairly robust and mature Insider Threat program and set of capabilities. That team works hand-in-hand with our cyber threat intel and counter-intel teams. From a certain point of view - especially for larger, highly targeted orgs - almost all threats can eventually be distilled down to insider threat.
__________________
"He who does not punish evil commands that it be done." -- Leonardo Da Vinci
Reply With Quote
  #9  
Old 9 September 2019, 15:52
HighDragLowSpeed's Avatar
HighDragLowSpeed HighDragLowSpeed is offline
Been There Done That
 
Join Date: Dec 2006
Location: Only Place For Me
Posts: 5,484
Quote:
Originally Posted by usmc_3m View Post
almost all threats can eventually be distilled down to insider threat.
The moment anyone gains access to valid access credentials is the moment they need to be considered an insider.

Understanding that really changed our senior executive team's viewpoint on an insider threat program.
__________________
Come for the infosec, stay for the dumpster fires.

God made machine language; all the rest is the work of man.
Reply With Quote
Reply

Thread Tools
Display Modes

Our new posting rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -4. The time now is 11:24.
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2019, vBulletin Solutions Inc.
Socnet.com All Rights Reserved
© SOCNET 1996-2018