The U.S. Secret Service, in partnership with Carnegie Mellon Software Engineering Institute, Pittsburgh, released in May its latest Insider Threat Study (ITS): "Computer System Sabotage in Critical Infrastructure Sectors."A follow-on to its August 2004 report on illicit cyber activity in the banking and finance sector, the latest report found that at the time of the incident, 59% of the insiders were former employees or contractors of the organization, and 41% were current employees.
The study, which tracked 49 insiders, noted that 96% were male, 49% were married at the time of the incident, and just under one-third had an arrest record. A full 86% were employed in technical positions.
Circumstances surrounding the majority of insiders who committed acts of sabotage and their resultant acts of destruction followed similar paths:
* The attack was triggered by a negative work-related event.
* Insiders planned their attack in advance.
* When hired, perpetrators had been granted system administrator or privileged access (one-half did not have authorized access at time of incident).
* They used unsophisticated methods for exploiting systemic vulnerabilities in applications, processes and/or procedures.
* They compromised computer accounts, created unauthorized backdoor accounts, or used shared accounts in their attacks.
* They used remote access to carry out some of the attacks.
* The attacker was detected only after there was a noticeable irregularity in the information system, or when a system became unavailable.
