209449 Resource 183011 204728 204728 1216664953805 1216673335327 Controlled Insider IT Sabotage - Super Villain of the Digital World? San Francisco network sabotage leaves administrators feeling helpless <p><img style="WIDTH: 69px; HEIGHT: 97px" height="97" alt="Hancock mirrors IT sabotage as super villain" hspace="0" src="http://larryfire.files.wordpress.com/2008/04/hancock1.jpg" width="69" align="baseline" border="0" />It's still &quot;dark&quot; within the city of <a title="ChannelWeb story on San Francisco network lock-out" href="http://www.crn.com/security/209101383?cid=ChannelWebBreakingNews" target="_blank"><strong><u>San Francisco's network</u></strong></a> and IT organization after it was determined one of its own&nbsp;network administrators went rogue and changed passwords and allegedly enabled lock-out code preventing any others from accessing the key components. He is still&nbsp;holding the master password for ransom.</p><p>According to Insider <a href="www.cert.org/insider_threat"><strong><u>Threat Research</u></strong></a> from CERT there most likely would have been pre-cursory warning signs:</p><p>Summary of Observations made within a study conducted by CERT, US Secret Service and the National Threat Assessment Center</p><p>- 90% of Insiders were granted system administrator or privileged system access when hired by the organization</p><p>- 57% of Insiders were perceived as being disgruntled due to unmet expectations</p><p>- 92% of Insiders attacked following&nbsp;a negative work-related situation such as termination, dispute with employer, demotion or transfer</p><p>- 87% of Insiders performed technical precursors prior to the attack that were undetected by the organization</p><p>- 75% of Insiders created access paths unknown to the organization, 57% did not have authorized system access at the time of the attack</p><p>- 93% of Insiders exploited insufficient access controls</p><p>This should be chapter one in the &quot;Worst Case Scenario&quot; book for CIOs and corporate boards.</p><p>Ensure that controls are in place to allow IT administrators (role) to perform their duties (responsibilities) within their job function and scope (segmentation). However monitor, track and alert on all password changes to ensure that the keys to the digital foundation of your organization are not enabling IT Sabotage and or malicious hi-jinks.</p><p>This type of drama is unfolding like a comic book, similar to the Marvel comic character Rogue, who at times is good, at times is evil but shares one trait with today's Digital Super Villain&nbsp;- the ability to absorb the powers of others. This could even be exemplifed by the modern day boxoffice thriller <a title="Sony pictures Hancock official site" href="http://www.sonypictures.com/movies/hancock/" target="_blank"><strong><u>Hancock</u></strong></a>.&nbsp; </p><p>Bottom line: Don't let your controls only be policies on paper.&nbsp;Make sure you have the power of enforcement!</p><p><b>Kim Singletary<br /></b>Director of Embedded Solutions<br /><a href="mailto:ksingletary@solidcore.com">ksingletary@solidcore.com</a></p><p><b>Rajesh Rajamani<br /></b>Product Manager<br /><a href="mailto:raj@solidcore.com">raj@solidcore.com</a></p> 9 application/xml false change control Hancock network hijack San Francisco hack San Francisco Network Hijack ChannelWeb news story on the San Francisco network lock-out http://www.crn.com/security/209101383?cid=ChannelWebBreakingNews CERT Research on Insider Threat Insider threat research from CERT http://www.cert.org/insider_threat/ Hancock Sony pictures Hancock page http://www.sonypictures.com/movies/hancock/ Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322) 127.0.0.1 127.0.0.1 tthompson 67.187.228.183 false true false false true 183020 false false true false false false true 183011 blog blogsite/SolidCore/web