Microsoft MVP (Enterprise Security) Founder: Cybercrime Security Forum! Microsoft International Event Speaker MCT (18 Years) Winner: Microsoft Speaker.

The Inside Man:Surviving the Ultimate Cyber Threat!Andy Malone MVP, MCTQuality Training (UK) Senior Instructor / ConsultantAndrew.malone@quality-training.co.ukwww.divedeeperevents.com

ATC-B314

Microsoft MVP (Enterprise Security)Founder: Cybercrime Security Forum!Microsoft International Event SpeakerMCT (18 Years)Winner: Microsoft Speaker Idol 2006

Andy Malone

Follow me on Twitter @AndyMalone

The Inside Man Threat? Understanding the

Psychological & Sociological impact of Espionage

Understanding Espionage Tactics, Threats & Techniques

Counter Espionage Techniques & Technologies

The Art of Social Engineering & Corporate Deception

Q&A Session Review

Agenda

“Economic Espionage, Losses to the American Economy now Total more that $13 Billion Per Year…”

Assistant DirectorCounter Intelligence, FBI

It could be Worse than you Think!

Malicious insider threat to an organization is a current or former employee, contractor, or other business partner who has or had authorized access to an organization's network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization's information or information systems.

Firstly, What exactly is the Threat?

Common Espionage / Computer Crimes include.!

• Intellectual Property Theft• Damage of Company Computer

Network• Embezzlement• Copyright Piracy• Planting of Viruses, Worms on

Company Computers• Use of Stealth Listening Devices

/ Recording Equipment• Information Trafficking• Illegal Email Information Theft

• All Employees are Trustworthy right?

• Often difficult to Identify Specific Employee

• Actions are Unpredictable…

• Difficult to Trace / Track• By the time discovery is

made the damage has already been done!

• Plausible Deniability• Poor security measures,

procedures & policies

The Inside Man: The Invisible Threat!

Understanding the Psychological & Sociological impact of Espionage

Why do they do it?• Evidence shows that principle

espionage threats do not come from clever and devious foreigners. It comes from "insiders“

• Of the 98 US Citizens arrested for espionage over the past 20 years, most were trustworthy and loyal at the time they were investigated and first approved for clearance

• Most surprising is that a majority of those who became spies volunteered their services to a foreign government

• They were not enticed, persuaded, manipulated, or coerced into betraying their Source: United States Central Intelligence Agency

Psychological & Sociological impact • Selling secrets is seldom a

sudden, uncontrolled impulse • It is usually the last act of a

long-simmering emotional crisis

• Treatable before the damage was done

• Spies are not "crazy," but they usually are emotionally disturbed or suffer from one or more personality disorders

• Of the personality disorders found in spies, the two most common are antisocial personality disorder and narcissism

Types of Malicious Incidents• "IT sabotage” Typically committed

by system administrators, programmers, technically sophisticated users, privileged users who become very disgruntled

• “Theft of intellectual property” or industrial espionage involving trade secrets like scientific information and source code is typically committed by scientists, engineers and programmers

• When insiders steal intellectual property, they usually act within a 30-day window, because of audit processes.

“And to think I Trusted You!”

I’ve Had Enough…

I Have Dark Thoughts…

I Want Revenge…

I Want More Money…

I Want to Believe…

I Just Can’t Say No…

I do it for the Excitement Factor…

I’m So Gullible…

I’m So Unbelievable…

Information Gathering!

Demo

How they do it?

How do they do it?• Use stealth recording

devices (Audio, video, software based bugs to record private conversations, meetings

• Plant Keyloggers, malicious Software onto company computers

• Illicitly obtain private files / information with intention to illegally share / sell.

Amazing Spy Gear!Buy Yours Today

• The UZI Tactical Defender Pen

• Allows users to break glass

• Can obtain DNA samples from attackers

• Get out of handcuffs ...

• And of course to write

• Only $24.99

Amazing Spy Gear!Buy Yours Today

• 1080p HD infrared spy camera fits your keychain • Rechargeable battery• USB interface for

transferring videos and battery recharging

• Takes regular and IR videos and pictures, as desired

• Motion-detecting record activation

• video recorded as AVI• Records audio

Why? The Threat Landscape has Changed!

Getting the Tools!

Demo

Spot the Warning Signs

Spot the Warning Signs!• Takes unauthorised material home via

documents, thumb drives, computer disks, or e-mail

• Obtains proprietary or classified information on subjects not related to their work duties

• Interest in matters outside scope of duties, particularly those of interest to foreign entities or business competitors

• Unnecessarily copies material, especially if it is proprietary or classified

• Remotely accesses the computer network while on vacation, sick leave, or at other odd times

Spot the Warning Signs!• Disregards company policies

on installing personal software • Access restricted websites• Conduct unauthorized

searches, or downloads confidential information

• Works odd hours without authorization; weekend work

• Has unreported foreign contacts

• Unexplained affluence; buys things that they cannot afford on their household income.

Spot the Warning Signs!• Engages in suspicious

contacts• Shows unusual interest in the

personal lives of co-workers• Concern that they are being

investigated, searches for listening devices or cameras.

• Many people experience or exhibit some or all of the above to varying degrees

Results of a Breach!• Company Defamation• Damaged Reputation• Loss of Customer

Confidence• Potential Financial Losses• Legal Liabilities• Loss of Assets• Breach of Trust• Potential Closure of

Business!

Selling your Secrets!

Demo

Discovery & Recovery

Mitigate the Risk

• Must Place Trust Aside!

• Always Monitor Employee Actions

• Implement a Rigorous Termination Process

• Maintain Backup and Recovery

• Invest in Forensic Procedures

Mitigation: Managing Risk!• Deliver a Pro Active Security

Policy by Management• Communicate Insider Threats

Through Security Awareness Programs

• Conduct Pre-Employment Screening (Facebook, Linked in, Twitter etc)

• Pay Attention to Performance Issue Handling

• Enforce Separation of Duties and Need-to-Know Access

• Monitoring of Insider Email• Monitoring of Insider Keystrokes• Examination of Insider

Computer Files• Limit the Use of 3rd Party Apps

ob Phones / Computers• Monitoring Insider Internet

Traffic• Pay Increased Attention to

Privileged Accounts• Implement Strict Password and

Account Policies

Mitigation: Tech Ways to Mitigate the Risk!

Mitigation: Counter Espionage!• Enforce a Safeguarding

proprietary information Programme (SPI)

• Hire an external CIO or information protection consultant

• Initiate Internal & External compliance auditing

• cover conference room walls with lead sheets to stop bugging by radio transmitters

• Consider Disabling Camera Phones

Mitigation: Defence Against Social Engineering Attacks!

• Pretexting (The Impersonation Game)

• Phishing Attack (Click me please)• Diversion Theft (Look at that!)• Phone Phishing (Hi I’m Calling

from…)• Baiting (The USB Stick Attack)• Quid pro quo (Bogus Phone Calls)• Tailgating

Mitigation: Use Employee Monitoring

Mitigation: No Camera’s, Phones!

Mitigation: Deploy Crypto Solutions

Mitigation: Implement Network Segmentation

Mitigation: Avoid Future Mistakes…

Mitigation: Deploy CCTV

Defensive Implications• The networks of critical

organizations will need to be run as a military defense at all times.• Constant alertness• Well staffed• Regular defensive drills• Standing arrangements for

reinforcement under attack• Extensive technological fortification• Excellent personnel and information

security

Hygiene

• Patches, AV, external firewalls etc• Failsafe design of critical machinery:• Not just idiot-proof but enemy-proof • All critical, but…• There will still be a way in• There will still be vulnerabilities• Current paradigm will be inadequate

Picking up the Pieces!

• Software damage • Integrity checkers• Backup/rollback systems

• Hardware damage• Supply of spares and spare parts• Distributed appropriately• Military logistics approach

Prevent Further Data Leakage• Foster a security-aware culture

in which protecting data is a normal and natural part of every employee's job

• Provide tools and education that employees need to keep data secure, starting with new-hire training and continuing with verbal updates instead of email that might be ignored or lost.

• Evaluate employee behaviour and the associated risks based on factors such as the locale and the threat landscape

Prevent Further Data Leakage• Continuously analyse the risks

of interaction between users and networks, endpoints, applications, data, and of course, other users, to maintain an awareness of the threat environment.

• Provide clear leadership through executive commitment and visibility, so employees understand that executives are engaged and accountable.

• Proactively set security expectations.

Do you have a leak!

Demo

Conclusions…

What do you think?

Q&A

The Inside Man Threat? Understanding the Psychological

& Sociological impact of Espionage

Understanding Espionage Tactics, Threats & Techniques

The Art of Social Engineering & Corporate Deception

Counter Espionage Techniques & Technologies

Q&A Session Review

Review

Related contentATC-B306 - Cybercrime: The 2013 Ultimate Survival GuideATC-B312 – Security Panel DiscussionATC-B202 – A Journey to the Dark Side of Social Networking!ATC-B314 - The Inside Man: Surviving the Ultimate Cyber Threat ATC-B201 - 1984: 21st Century Security Surveillance vs. the Erosion of Freedom!ATC-B213 - The Cloud: Making the Move to a Hybrid World

Find Me Later At...Trustworthy Computing / Cloud Security Table at the Ask the Experts Session.

Trustworthy Computing ResourcesTrustworthy Computing (TwC) is a long-term, collaborative effort to deliver more secure, private, and reliable computing experiences for everyone. Learn more at:http://microsoft.com/twc

Cloud Security Readiness ToolPass the Hash GuidanceData, Insights and Guidance (Security Intelligence Report, volume 14)

and more…

msdn

Resources for Developers

http://microsoft.com/msdn

Learning

Microsoft Certification & Training Resources

www.microsoft.com/learning

TechNet

Resources

Sessions on Demand

http://channel9.msdn.com/Events/TechEd

Resources for IT Professionals

http://microsoft.com/technet

Complete an evaluation on CommNet and enter to win!

Evaluate this session

Scan this QR code to evaluate this session and be automatically entered in a drawing to win a prize

© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.