The news headlines over the past 4 days seem to suggest that breaches in corporate data are becoming more prevelant, but the mechanisms used to commit the acts are a result of human behaviors, and not technology. As more and more layoffs occur in the marketplace, and those individuals who once had access to corporate data bases are now walking the street looking for work, the "human factor" component is registering as a major culprit to the recent spat of corporate data breaches. Many of those individuals will see themselves as a sort of "Robin Hood", and feel that what they are doing (robbing from the rich to give to the poor) is just and noble.
News Story #1: The Associated Press reported on Friday that a fired Fannie Mae contract worker plead not guilty Friday to a charge that he planted a virus designed to destroy all the data on the mortgage giant’s 4,000 computer servers nationwide. The virus had planned to be released on Saturday (1/31/2009) and had that occured, it would have caused massive disruption, and millions of dollars in damages, requiring Fannie Mae to, more than likely, shut down for 1 week. The contractor worker was fired for erroneously writing programming instructions two weeks earlier that changed the settings on the company servers. Fannie Mae did not immediately terminate the worker’s computer access after telling him he was fired, and according to the FBI affidavit, about 3 1/2 hours before surrendering his laptop and badge, the worker "intentionally and without authorization caused and attempted to cause damage to Fannie Mae’s computer network by entering malicious code."
News Story #2: The Wall Street Journal on Thursday ran an extremely long piece about how cyber-scams are on the "uptick" during this economic downturn. The article explained that experts and law-enforcement officials who track Internet crime say scams have intensified over the past six months, as fraudsters take advantage of economic confusion and anxiety to target both consumers and businesses. Thieves are sending out phony emails and putting up fake Web sites pretending to be banks, mortgage-service providers or even government agencies like the Federal Bureau of Investigation or the Federal Deposit Insurance Corp. Cellphones and Internet-based phone services have also been used to seek out victims. The object: to drain customer accounts of money or to gain information for identity theft. Senior Executives from across the country have been the primary target of one particular scam: they received personally addressed emails last April, saying they were being subpoenaed to testify before a grand jury by the U.S. District Court in San Diego, according to a federal courts spokesman in Washington, D.C. When users clicked on a link containing the attachment, their computers were infected with malicious software.
News Story #3: In an extremely strange case, the Seattle Post-Intelligencer reported on Thursday, that Microsoft is suing the CEO of Ancora for spying. Miki Mullor was hired by Microsoft back in November, 2005, and on his employment application, Mr. Mullor stated that he was a former employee of Ancora Technologies, a Sammamish, WA, software company that allegedly had gone out of business. While at Microsoft, Mr. Mullor downloaded confidential documents to his company-issued laptop that were related to a patent complaint Ancora filed against Dell Computers, Toshiba, Hewlett-Packard, and now Microsoft. Mullor was summarily fired from Microsoft in September, 2008, and Microsoft is suing to bar Mr. Mullor from any involvement in the patent claim.
These three stories highlight the vigilance businesses must accept when it comes to corporate cyber-security. Human behaviors should be a component contained within any corporate cyber-security policy, and thus that includes involving such departments like Human Resources, Operations, and Legal. Collaboration in protecting corporate data should be a multi-disciplinary approach where all departments have a stake in the protection of mission-critical data.
To view The Associated Press article, please click here: Feds Allege Plot to Destroy Fannie Mae Data
To view The Wall Street Journal article, please click here: Cyber-Scams on the Uptick in Downturn
To view the Seattle Post-Intelligencer article, please click here: Microsoft Sues CEO of Ancora for Spying and Ex-Microsoft Employee Responds to Spying Charges