One Article Review
| Source |  taosecurity |
|---|---|
| Identifiant | 1020293 |
| Date de publication | 2019-02-09 09:30:04 (vue: 2019-02-09 16:03:05) |
| Titre | Forcing the Adversary to Pursue Insider Theft |
| Texte |  Jack Crook pointed me toward a story by Christopher Burgess about intellectual property theft by "Hongjin Tan, a 35 year old Chinese national and U.S. legal permanent resident... [who] was arrested on December 20 and charged with theft of trade secrets. Tan is alleged to have stolen the trade secrets from his employer, a U.S. petroleum company," according to the criminal complaint filed by the US DoJ.Tan's former employer and the FBI allege that Tan "downloaded restricted files to a personal thumb drive." I could not tell from the complaint if Tan downloaded the files at work or at home, but the thumb drive ended up at Tan's home. His employer asked Tan to bring it to their office, which Tan did. However, he had deleted all the files from the drive. Tan's employer recovered the files using commercially available forensic software.This incident, by definition, involves an "insider threat." Tan was an employee who appears to have copied information that was outside the scope of his work responsibilities, resigned from his employer, and was planning to return to China to work for a competitor, having delivered his former employer's intellectual property.When I started GE-CIRT in 2008 (officially "initial operating capability" on 1 January 2009), one of the strategies we pursued involved insider threats. I've written about insiders on this blog before but I couldn't find a description of the strategy we implemented via GE-CIRT.We sought to make digital intrusions more expensive than physical intrusions.In other words, we wanted to make it easier for the adversary to accomplish his mission using insiders. We wanted to make it more difficult for the adversary to accomplish his mission using our network.In a cynical sense, this makes security someone else's problem. Suddenly the physical security team is dealing with the worst of the worst!This is a win for everyone, however. Consider the many advantages the physical security team has over the digital security team.The physical security team can work with human resources during the hiring process. HR can run background checks and identify suspicious job applicants prior to granting employment and access.Employees are far more exposed than remote intruders. Employees, even under cover, expose their appearance, likely residence, and personalities to the company and its workers.Employees can be subject to far more intensive monitoring than remote intruders. Employee endpoints can be instrumented. Employee workspaces are instrumented via access cards, cameras at entry and exit points, and other measures.Employers can cooperate with law enforcement to investigate and prosecute employees. They can control and deter theft and other activities.In brief, insider theft, like all "close access" activities, is incredibly risky for the adversary. It is a win for everyone when the adversary must resort to using insiders to accomplish their mission. Digital and physical security must cooperate t |
| Envoyé | Oui |
| Condensat | 2003 2008 2009 2018 about access accomplish according activities advantage advantages adversary all allege alleged appearance appears applicants are arrested asked available background before bejtlich blog blogspot brief bring burgess about business but by christopher cameras can capability cards charged checks china chinese cirt close collaborating com commercially company competitor complaint consider control cooperate copied copyright could couldn cover criminal crook pointed cynical dealing december definition deleted delivered description deter did difficult digital doj downloaded drive during easier else employee employees employer employers employment ended endpoints enforcement entry even everyone exit expensive expose exposed far fbi filed files find forcing forensic former from granting had has have having hiring his home hongjin however human identify implemented incident incredibly information initial insider insiders instrumented intellectual intensive intruders intrusions investigate involved involves its jack january job law legal leverage like likely lines make makes many maximum measures mission monitoring more must national network not office officially old one operating other outside over permanent personal personalities petroleum physical planning points prior problem process property prosecute pursue pursued recovered remote residence resident resigned resort resources responsibilities restricted results return richard risky run scope secrets security sense software someone sought started stolen story strategies strategy subject suddenly suspicious tan taosecurity team technology tell than theft these threat threats thumb toward trade under using wanted when which who win words work workers workspaces worst wring written www year |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.