Understanding Insider Attacks - Part 2
March 23, 2020

Chetan Conikee
ShiftLeft

In the previous blog I touched on formal definition and risks associated with Insider Threats. In this post I will examine the top X insider threats that were reported over the last decade (in no particular order):

Siemens Contractor Sentenced for Writing "Logic Bombs"

The now-former banker at JP Morgan Chase, Peter Persaud sold personal identifying information (PII) and other account information, including the personal identification numbers (PIN) of bank customers

Former JP Morgan Chase investment advisor, Michael Oppenheim, was accused in a civil complaint of stealing more than $20M from the bank’s clients between 2011 and 2015

IT plonker stuffed "destructive" logic bomb into US Army servers in contract revenge attack

Wells Fargo reported insider fraud by employees who created almost 2M accounts for their clients without their knowledge or consent

Punjab National Bank in India parted with almost $43M after Gokulnath Shetty, a bank employee, used unauthorized access to a susceptible password in the SWIFT interbank transaction system

Amazon investigates claims staff are leaking data for bribes

Compromised data coming from website registrations for various games and online gambling promotions, ringtone storefronts, and movie ticketing where a rogue insider Kim is said to have earned $390,919 USD by selling off and using the compromised records

Engineer gets 18 months in the clink for looting ex-bosses' FTP server

In February 2018, Suntrust Bank became aware of an attempted data breach by a now-former employee who downloaded client information

Transmitting malicious code with intent to cause damage to a U.S. Army computer used in the furtherance of national security

Ex-IBM employee from China gets five years prison for stealing code

Rogue IT admin goes off the rails, shuts down Canadian train switches

Bank of America lost at least $10M as a result of an insider threat that sold “about 300” customer data to cyber-criminals

Espionage convictions for selling DuPont technology to China for the production of a valuable white pigment

IT pro gets 4 years in prison for sabotaging ex-employer’s system

Ex-NSA employee gets 5.5 years in prison for taking home classified info

Chetan Conikee is Founder and CTO of ShiftLeft
Share this

Industry News

March 26, 2020

Redgate’s new SQL Monitor now ensures that DevOps teams can monitor and track deployments at all times.

March 26, 2020

Split Software announced a two-way data integration with Google Analytics that can instantly detect performance issues caused by new features.

March 26, 2020

Cloudreach earned the Kubernetes on Microsoft Azure advanced specialization.

March 25, 2020

Informatica updated its Intelligent Data Platform, powered by Informatica's AI-powered CLAIRE engine, with advanced intelligence and automation capabilities, enabling enterprises to accelerate cloud analytics modernization, drive better customer experiences, and properly govern and manage all their data.

March 25, 2020

Datical released Targeted Rollback capabilities for Liquibase, the rapidly growing open-source tool that helps application developers track, version and deploy database schema changes quickly and safely.

March 25, 2020

HashiCorp raised $175 million in Series E funding, at a company valuation of $5.1 billion.

March 24, 2020

Sysdig launched PromCat.io.

March 24, 2020

Sonatype announced expanded language coverage within Nexus Lifecycle to include Conan (C/C++), Composer (PHP), and RubyGems (Ruby), including the ability to create and contextually enforce policies.

March 24, 2020

Swimlane joined the Chronicle Index Partner program as part of a broader industry effort to help customers improve visibility of and response to cyber threats.

March 23, 2020

Portshift introduced Kubei Open Source container scanning software.

March 23, 2020

Perspecta achieved Amazon Web Services (AWS) DevOps Competency status.

March 23, 2020

Talend announced the availability of Talend Cloud in Microsoft Azure Marketplace, an online store providing applications and services for use on Azure.

March 19, 2020

DevOps Institute, a global member-based association for advancing the human elements of DevOps, announced eight Virtual SKILup Day micro-conferences starting April 30, 2020.

March 19, 2020

Oteemo, an enterprise DevSecOps and Cloud Native Transformation consultancy, launched an enterprise kubernetes and cloud native learning program.

March 19, 2020

Spectro Cloud, an enterprise cloud-native infrastructure company, emerged from stealth and unveiled its first product: Spectro Cloud.