2009: The Year of the Internal Threat?


2008 was a banner year for people who exploited systems from within organizations, or internal threats. In August of 2008, an employee at Countrywide Mortgage stole personal information from two million customers. In July, a San Francisco network administrator held the city's network hostage. In October, an employee of Fannie Mae hid a logic bomb that would have wiped out 4,000 computers. In November, Cisco released its "Data Leakage Worldwide" white paper confirming that the internal threat, whether accidental or on purpose, is still the number-one threat to most organizations.


Earlier this year, a civilian official who worked at the New York Police department (NYPD) was arrested for stealing computer tapes that contained Social Security numbers and direct deposit account information that could be used to steal the identities of 80,000 current and retired police officers. Anthony Bonelli, who served as the director of communications for the NYPD's pension fund, allegedly stole backup tapes from a warehouse on Staten Island. The tapes were found in Bonelli's home at the time of his arrest. The department notified its pension fund members, warning them of what happened and offering help if their identities are stolen.


It is very difficult to defend against attacks that come from the inside. These people know your security and vulnerabilities. In this case, I think that there was a breakdown in physical security. In my blog post, Don't Underestimate Physical Security, I listed several policies that, if implemented, might have stopped this type of attack from happening. Or maybe not.


I predict that 2009 is going to be an even bigger year for internal threats. My reasoning behind this is simple - the economy. In November of 2008, a laid-off network administrator for one of the big high-technology firms, whose name was not released, destroyed data on the company's server in hopes that he would be asked to come back to fix it. Some employees will retaliate against their ex-company to get revenge -- some, like the network administrator, out of desperation to keep their job, some because they can make money from selling company secrets. According to economic reports, job losses have reached 8.1percent, the highest level since 1983. Some analysts say that it will reach 10 percent before it's over. People will do stupid things when faced with a loss of income.


Now, I don't want you to think that I am hoping that 2009 is worse than 2008. I really hope it's not. So far, we are off to few reported threats, and that's a good thing. Do you think we will see more or fewer internal threats in 2009?