News

Embarrassing Insider Jobs Highlight Security, Privacy Holes

Rogue employees are not a new phenomenon. But an ever-more technical workforce, coupled with massive amounts of data and records, now mean it's even easier for them to break the rules

By Joan Goodchild, Senior Editor

January 19, 2009 — CSO —

Officials in San Francisco last summer found out just how easy it can be for one person to hold the city, or at least critical parts of its IT network, hostage for several days. In July, a disgruntled network administrator for the city locked up a multimillion-dollar municipal computer system that handles sensitive data. The employee, Terry Childs, refused to give up the password to the FiberWAN system, which he had helped design. Childs eventually gave the password to San Francisco mayor Gavin Newsom, but not before a lockout that lasted almost two weeks and cost the city close thousands of dollars to fix.

The lockout was one of several incidents featuring bad acts by company employees, both current and former, that made headlines in 2008.

"Insider threats have always been an issue," said Matthew Doherty, a security expert with Hillard Heintze, a Washington, D.C.-based consultancy. "But as the workforce becomes more technologically sophisticated, it will continue to be more of an issue."

In the Childs case, the reasons for his actions were unclear. His defense claims he was protecting the network from harm. Others theorize he was feeling territorial about the network. Some say that attitude is not uncommon among senior IT administrators. But it is more often financial gain that can lead an insider to go rogue, said Doherty.

Money was the motivator in the 2008 case that involved mortgage lender Countrywide. In July, the company alleged one of its employees stole personal information about customers and sold it for financial gain. Rene Rebollo was arrested by FBI officials who accused him of stealing information about Countrywide customers throughout the country over a two-year period. A second person, Wahid Siddiqi, was also arrested for allegedly buying the stolen data and also selling it.

"In these times, corporations need to be very attuned to the effect the economy may have on them. For instance, downsizing employees may have not only a financial impact but also an emotional impact on people."

Doherty was once a special agent with the U.S. Secret service and, in that role, surveyed victim corporations, as well as offenders, about insider attacks. Many insider jobs, he learned, are the work of a disgruntled employee or ex-employee looking to avenge a perceived wrong. Today, Doherty advises clients to ensure passwords are disabled before a downsizing and that remote access of any kind is no longer possible. Layoffs could prompt a person to attempt to sabotage the company infrastructure.