Follow me on Twitter @AndyMalone Andy Malone Microsoft MVP (Enterprise Security) Founder: Cybercrime Security Forum! Microsoft International Event Speaker MCT (18 Years) Winner: Microsoft Speaker Idol.
Download ReportTranscript Follow me on Twitter @AndyMalone Andy Malone Microsoft MVP (Enterprise Security) Founder: Cybercrime Security Forum! Microsoft International Event Speaker MCT (18 Years) Winner: Microsoft Speaker Idol.
Follow me on Twitter @AndyMalone Andy Malone Microsoft MVP (Enterprise Security) Founder: Cybercrime Security Forum! Microsoft International Event Speaker MCT (18 Years) Winner: Microsoft Speaker Idol 2006 Agenda The Inside Man Threat? Understanding the Psychological & Sociological impact of Espionage Understanding Espionage Tactics, Threats & Techniques Counter Espionage Techniques & Technologies The Art of Social Engineering & Corporate Deception Q&A Session Review “Economic Espionage, Losses to the American Economy now Total more that $13 Billion Per Year…” Assistant Director Counter Intelligence, FBI It could be Worse than you Think! Firstly, What exactly is the Threat? Malicious insider threat to an organization is a current or former employee, contractor, or other business partner who has or had authorized access to an organization's network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization's information or information systems. Common Espionage / Computer Crimes include.! • Intellectual Property Theft • Damage of Company Computer • • • • • • Network Embezzlement Copyright Piracy Planting of Viruses, Worms on Company Computers Use of Stealth Listening Devices / Recording Equipment Information Trafficking Illegal Email Information Theft The Inside Man: The Invisible Threat! • All Employees are • • • • • • Trustworthy right? Often difficult to Identify Specific Employee Actions are Unpredictable… Difficult to Trace / Track By the time discovery is made the damage has already been done! Plausible Deniability Poor security measures, procedures & policies Understanding the Psychological & Sociological impact of Espionage Why do they do it? • Evidence shows that principle espionage threats do not come from clever and devious foreigners. It comes from "insiders“ • Of the 98 US Citizens arrested for espionage over the past 20 years, most were trustworthy and loyal at the time they were investigated and first approved for clearance • Most surprising is that a majority of those who became spies volunteered their services to a foreign government • They were not enticed, persuaded, manipulated, or coerced into betraying their Source: United States Central Intelligence Agency Psychological & Sociological impact • Selling secrets is seldom a sudden, • • • • uncontrolled impulse It is usually the last act of a longsimmering emotional crisis Treatable before the damage was done Spies are not "crazy," but they usually are emotionally disturbed or suffer from one or more personality disorders Of the personality disorders found in spies, the two most common are antisocial personality disorder and narcissism Types of Malicious Incidents • "IT sabotage” Typically committed by system administrators, programmers, technically sophisticated users, privileged users who become very disgruntled • “Theft of intellectual property” or industrial espionage involving trade secrets like scientific information and source code is typically committed by scientists, engineers and programmers • When insiders steal intellectual property, they usually act within a 30-day window, because of audit processes. “And to think I Trusted You!” I’ve Had Enough… I Have Dark Thoughts… I Want Revenge… I Want More Money… I Want to Believe… I Just Can’t Say No… I do it for the Excitement Factor… I’m So Gullible… I’m So Unbelievable… Demo Information Gathering! How they do it? How do they do it? • Use stealth recording devices (Audio, video, software based bugs to record private conversations, meetings • Plant Keyloggers, malicious Software onto company computers • Illicitly obtain private files / information with intention to illegally share / sell. Amazing Spy Gear! Buy Yours Today • The UZI Tactical • • • • • Defender Pen Allows users to break glass Can obtain DNA samples from attackers Get out of handcuffs ... And of course to write Only $24.99 Amazing Spy Gear! Buy Yours Today • 1080p HD infrared spy camera fits your keychain • Rechargeable battery • USB interface for transferring videos and battery recharging • Takes regular and IR videos and pictures, as desired • Motion-detecting record activation • video recorded as AVI • Records audio Why? The Threat Landscape has Changed! Demo Getting the Tools! Spot the Warning Signs Spot the Warning Signs! • Takes unauthorised material home via • • • • documents, thumb drives, computer disks, or e-mail Obtains proprietary or classified information on subjects not related to their work duties Interest in matters outside scope of duties, particularly those of interest to foreign entities or business competitors Unnecessarily copies material, especially if it is proprietary or classified Remotely accesses the computer network while on vacation, sick leave, or at other odd times Spot the Warning Signs! Spot the Warning Signs! • Engages in suspicious contacts • Shows unusual interest in the personal lives of co-workers • Concern that they are being investigated, searches for listening devices or cameras. • Many people experience or exhibit some or all of the above to varying degrees Results of a Breach! • • • • • • • • Company Defamation Damaged Reputation Loss of Customer Confidence Potential Financial Losses Legal Liabilities Loss of Assets Breach of Trust Potential Closure of Business! Demo Selling your Secrets! Discovery & Recovery Mitigate the Risk • Must Place Trust • • • • Aside! Always Monitor Employee Actions Implement a Rigorous Termination Process Maintain Backup and Recovery Invest in Forensic Procedures Mitigation: Managing Risk! • Deliver a Pro Active Security Policy by • • • • Management Communicate Insider Threats Through Security Awareness Programs Conduct Pre-Employment Screening (Facebook, Linked in, Twitter etc) Pay Attention to Performance Issue Handling Enforce Separation of Duties and Need-to-Know Access Mitigation: Tech Ways to Mitigate the Risk! Monitoring of Insider Email Monitoring of Insider Keystrokes Examination of Insider Computer Files Limit the Use of 3rd Party Apps ob Phones / Computers • Monitoring Insider Internet Traffic • Pay Increased Attention to Privileged Accounts • Implement Strict Password and Account Policies • • • • Mitigation: Counter Espionage! • Enforce a Safeguarding proprietary • • • • information Programme (SPI) Hire an external CIO or information protection consultant Initiate Internal & External compliance auditing cover conference room walls with lead sheets to stop bugging by radio transmitters Consider Disabling Camera Phones Mitigation: Defence Against Social Engineering Attacks! • • • • • • • Pretexting (The Impersonation Game) Phishing Attack (Click me please) Diversion Theft (Look at that!) Phone Phishing (Hi I’m Calling from…) Baiting (The USB Stick Attack) Quid pro quo (Bogus Phone Calls) Tailgating Mitigation: Use Employee Monitoring Mitigation: No Camera’s, Phones! Mitigation: Deploy Crypto Solutions Mitigation: Implement Network Segmentation Mitigation: Avoid Future Mistakes… Mitigation: Deploy CCTV Defensive Implications • The networks of critical organizations will need to be run as a military defense at all times. Constant alertness Well staffed Regular defensive drills Standing arrangements for reinforcement under attack • Extensive technological fortification • Excellent personnel and information security • • • • Hygiene • Patches, AV, external firewalls etc • Failsafe design of critical machinery: • Not just idiot-proof but enemy-proof • All critical, but… • There will still be a way in • There will still be vulnerabilities • Current paradigm will be inadequate Picking up the Pieces! • Software damage • Integrity checkers • Backup/rollback systems • Hardware damage • Supply of spares and spare parts • Distributed appropriately • Military logistics approach Prevent Further Data Leakage • Foster a security-aware culture in which protecting data is a normal and natural part of every employee's job • Provide tools and education that employees need to keep data secure, starting with new-hire training and continuing with verbal updates instead of email that might be ignored or lost. • Evaluate employee behaviour and the associated risks based on factors such as the locale and the threat landscape Prevent Further Data Leakage • Continuously analyse the risks of interaction between users and networks, endpoints, applications, data, and of course, other users, to maintain an awareness of the threat environment. • Provide clear leadership through executive commitment and visibility, so employees understand that executives are engaged and accountable. • Proactively set security expectations. Demo Do you have a leak! Conclusions… Q&A What do you think? Review The Inside Man Threat? Understanding the Psychological & Sociological impact of Espionage Understanding Espionage Tactics, Threats & Techniques The Art of Social Engineering & Corporate Deception Counter Espionage Techniques & Technologies Q&A Session Review Trustworthy Computing (TwC) is a long-term, collaborative effort to deliver more secure, private, and reliable computing experiences for everyone. Learn more at: http://microsoft.com/twc http://channel9.msdn.com/Events/TechEd www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn