Lessons On Insider Threats at the Highest Level
REMINDER: Preparing for Escalating Cyber Threats
March 2, 2022
Bugs in the “Snap-owned” tracking app reveal phone numbers and allow account hijacking
March 2, 2022
Summary:
The recent John Durham filing alleged that a Tech Executive used his then-company’s access “to nonpublic domain name system (DNS) data” in order to analyze potential links between the Trump organization and a Russian bank. Per the filing, the purpose of this effort was to purposefully gather “derogatory information” about Donald Trump. Ostensibly, the Tech Executive ultimately used the company’s contract with the Executive Office or the transitional team to exploit this relationship to spy on Trump’s residences when he was a candidate and the White House when Trump was president. According to one forensics expert, the data was “highly manipulated” suggesting that the Tech Executive selectively chose data intentionally trying to manufacture connections between Trump and Russia. The Tech Executive was a willing participant in the process, having stated his dislike for Trump when he stated he’d never take the top cybersecurity job from Trump if offered the position. Insiders are a pervasive threat. A recent 2022 report by a company specializing in insider risk revealed that there was a 72 percent increase in insider incidents with 42 percent of these activities focusing on the theft of sensitive information. Additionally, an aggregation of this data cited government being in the top five of industry sectors exploited. The report cited three types of insider threats: an insider not intending to do harm but may do so because of negligence; an insider who intends to do harm via data theft or sabotage; and a “super malicious” insider threat whose technical skills and understanding facilitates malicious activities demonstrating an ability to conceal his operations from detection. If Durham’s filing proves correct, the Tech Executive clearly demonstrates this third category of insider threat as he was well positioned to “normalize” his actions in the specific environment without raising immediate red flags.
Additional Discussion:
Interestingly, February 18, 2022, marked the anniversary of the arrest of another infamous insider, Robert P. Hanssen. the Federal Bureau of Investigation (FBI) agent had spied for the Russians on and off for approximately 15 years of his 25 years in the FBI. Representing one of the worst types of insider threats, Hanssen’s espionage compromised some of the United States’ most sensitive counterintelligence and military secrets. Hanssen also exemplifies the super malicious insider, one whose access and technical skills enabled his malicious activities. An unclassified copy of Hanssen’s damage assessment by the Department of Justice marked significant shortcomings in the FBI’s internal security practices as one of several reasons Hanssen was able to operate for so long. The biggest one may have been the Bureau’s failure to continually vet individuals in positions of trust, preferring to look elsewhere instead of internally.
Cybersecurity continues to be a challenge for any public or private organization. Threats are numerous, and the potential consequences of successful attacks can be costly and catastrophic. But as history has taught, failing to learn from past incidents and applying the necessary steps to mitigate future threats risks them being repeated in the future. It is always difficult to get the horse back into the barn when the door has already been opened. The horse is out now and if the door is not fixed expeditiously, more can be expected to follow suit.
Link:
