The Insider Threat Podcast

Episode 47 - Phishing for Hire and Security Culture Feb 28, 2019

*Title - Phishing for Hire and Security Culture *

Intro

Welcome back! This is episode 47 of The Insider Threat podcast. I know we have had some crazy things going on with the website lately. Our hosting provider changed some things and we are still working that out. It shouldn’t stop you from being able to get the episodes in your favorite podcast app though. Or at least I hope.

Some really good news that I haven’t had the opportunity to share on here is that the first version of the insider threat protection framework has been released! It was a long time coming and I think it is a good starter document for helping organization in their quest to improve their insider threat programs. Check it out by going to the link in the show notes or shooting me an email and be sure to let me know what you think about it!

I understand that it has been a while since I’ve posted an episode and I’m sorry about that. For those who don’t know me personally or follow me on LinkedIn, I just started a new position and things have been crazy. I really miss my old team and the people who we got to serve. That leads us right into the main topic for this episode though, because my primary focus in my last position was improving security culture and we did exactly that. Before we get into that, though…

Infosec Trivia Question

It’s time for your Infosec Trivia Question, where Google is king and the prize is nonexistent!

The question last episode was “On December 10th 1993, id Software released a product that was used by approximately 15-20 million people and greatly influenced similar products even until today. What was the name of this product?”

The answer was “Doom”.

Do you guys remember this game? I’ll never forget it as long as I live and I couldn’t even make a guess at how many hours I sank into that game. Thinking back though and comparing it to today, I don’t think I’d feel comfortable allowing my kids to play Doom. This doesn’t have anything to do with my parents - just that times and society have changed since then.

Congratulations to:

Skye from Texas, Ben from New Town, Pete from Atlanta, and Marcus from Michigan for getting the correct answer.

Here’s your question for this episode: “This week in 1998, Apple decided to discontinue one of their operating systems and its associated product, leaving only the Macintosh computer in their product line until the iPod was released. What was the name of the operating system and name one of the devices that used it.”

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag “Apple”.

Discussion Topic for the Episode

This episode’s discussion topic is security culture, but more related to the benefits and disadvantages of running phishing campaigns against your organization.

I’ve seen several people and organizations that hear about others who have strong security cultures and they immediately look for ways to improve their own. What is one of the first things that come up when they google the topic? Phishing services.

There is a major problem with going this route off the bat, especially if you believe that simply phishing your employees will increase the security culture in your organization. You’ve got your IT Security department trying to trick them into getting into trouble and you’re probably worse off than where you were to begin with.

I’m not at all saying that phishing services and technologies don’t have a place in security culture, though. It can be one way to measure the progress of your improvement efforts. That’s the key thing though - phishing your employees is not an effective improvement effort. It’s just a method of measuring.

Good ways to improve your culture have been mentioned in other episodes, but for the most part you can see an impact if you increase communication, have public senior management support, and bring it home. What I mean by that is to play on people’s emotional connection to the people they care about. If you give them tips to keep their families safe, the message resonates much better. Personally, I’ve seen great success using this route with my last employer. We increased reporting by 1500% each month, which is another way of saying we went from 0 reports to around 15.

Speaking of reporting, that is another way to measure the effectiveness of your security culture improvement efforts. If you want more information on all this, check out the insider threat protection framework at the link at the bottom of the show notes.

And let me know what you think!

Closing Thought

Our closing thought for this episode comes from Charlie Munger, the semi-silent parter of Warren Buffet. He said, “The best thing a human being can do is to help another human being know more.”

Outro

Thank you for listening to this episode of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.

You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Go to our website, www.theinsiderthreatpodcast.com, to find the show notes for this and every other episode, as well as links to the topics we’ve covered. You can also go to the website to find a link to the Patreon page and subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

Thanks again and I’ll see you folks next time!

Contact information:

Call in number: (443) 292-2287

Email - steve@theinsiderthreatpodcast.com

Insider Threat Protection Framework - https://archive.org/download/InsiderThreatProtectionFramework2018/ITPF_2018.pdf

Blog - http://www.stephenhigdon.com

Twitter - https://twitter.com/stevehigdon

LinkedIn - https://www.linkedin.com/in/stevehigdon-infosec/

Links

Insider Threat Protection Framework

Episode 46 - The Importance of Risk Dec 17, 2018

*Title - The Importance of Risk *

In this episode we cover risk, an update on the framework, no real insider threat news, and more. Don’t touch that dial!

Intro

Welcome back! This is episode 46 of The Insider Threat podcast, for the week of December 17th, 2018.

Update on the framework
I am about at 98% for the framework and it will be going out this month. I’ve had help from several of you, as well as other industry titans who really care about helping organizations to address the problem. I’ll be forever in your debt with this.
Happy holidays to everyone around the world, no matter what holidays you recognize.

Infosec Trivia Question

It’s time for your Infosec Trivia Question, where Google is king and the prize is nonexistent!

The question last episode was “In November of 1980, Microsoft was approached by IBM to supply an operating system for the PC that IBM had in development. Microsoft was able to get it done, but they did not come up with the operating system themselves. Where did they get it and what was it called?”

The answer was “Tim Paterson and 86-DOS”.

I’m not sure if you all have seen Pirates of Silicon Valley, but essentially Microsoft made the deal with IBM claiming they had an operating system before they actually did. They depended on Paterson’s 86-DOS (which was later called IBM PC-DOS and MS-DOS) to deliver and they bought it for less than $100K.

Congratulations to:

Alvaro from Virginia, Jim from Kansas City, Charlene from Texas, and Rick from Quebec for getting the correct answer.

Here’s your question for this episode: “On December 10th, 1993, id Software released a product that was used by approximately 15-20 million people and greatly influenced similar products even until today. What was the name of this software product?”

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag “space marine”.

Discussion Topic for the Episode

This episode’s discussion topic is risk

Risk is one of the most important aspects of everything we do, especially in information security. We assess it every time we drive somewhere or cross the street and it drives everything in business.
As information security professionals, we have a very specific idea of what risk is, but I think it is useful to understand it from a more broad perspective and learn how we can use it to shape our efforts.
There are several equations used to measure risk, but the most common one is impact multiplied by probability (or likelihood). In information security, we often say threat multiplied by vulnerability. If you really look at it, those mean almost the same thing.
We often get hung up on CVSS rankings attached to vulnerabilities, but those don’t take into account our specific and unique environments.
Let’s take a patch, for example. We might know that a specific patch fixes a vulnerability that provides remote access to a system or application. That sounds pretty bad and would have a high CVSS score
Now what if mitigating that vulnerability took a long time and cost a lot of money? What if it only applied to an air-gapped system in your environment that wasn’t used for a key business function? The risk level should be significantly lower for something like that.
We often don’t account for business risk when thinking about information security risk. I’ll let you in on a secret - they’re the same thing.
Before we start running around and flapping our arms about something, we need to figure out if it will really have a negative impact on the key business functions and information of our organizations. After all, that’s what we are actually charged to protect.
I recommend starting there. Figure out what is most important for your organization’s operation. What data or capabilities are absolutely essential? How can we focus our information security efforts to protect those?
The same goes for insider threat, and in several ways these go hand-in-hand. What of those key functions, capabilities, data, and people cause the greatest concern? How can you mitigate that risk?
When dealing with people, you have to look much further than just buying some sort of product and hoping it will solve the problem. We have gone into great detail when discussing those areas in the past and it is a huge focus of the framework.

News

I don’t have any news for you this episode. Everything that came into my feed was either about the Tesla employee or marketing messages from organizations trying to sell products that claim to completely fix insider threat.

Closing Thought

Our closing thought for this episode comes from Jimmy Dean. He said, “I can’t change the direction of the wind, but I can adjust my sails to always reach my distination.”

Outro

Thank you for listening to episode 46 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.

You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Go to our website, www.theinsiderthreatpodcast.com, to find the show notes for this and every other episode, as well as links to the topics we’ve covered. You can also go to the website to find a link to the Patreon page and subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

Thanks again and I’ll see you folks next time!

Contact information:

Call in number: (443) 292-2287

Email - steve@theinsiderthreatpodcast.com

Blog - http://www.stephenhigdon.com

Twitter - https://twitter.com/stevehigdon

LinkedIn - https://www.linkedin.com/in/stevehigdon-infosec/

Episode 45 - Why are we here? Nov 12, 2018

Intro

Welcome back! This is episode 45 of The Insider Threat podcast, for the week of November 12th, 2018.

Update on the framework
Mention Re-Thinking the Human Factor Podcast and Book by Bruce Hallas

Infosec Trivia Question

It’s time for your Infosec Trivia Question, where Google is king and the prize is nonexistent!

The question last episode was “On October 10th, 1980, a company called Midway released the first true mega-hit video game in history. What was the name of this game?”

The answer was “Pacman”.

We’ve seen several video games hit it big in the last several decades, but Pacman is still one that even younger people can associate with (or at least they’ve heard of it). Some would argue though that Mrs. Pacman was the better game of the two.

Congratulations to:

Xavier from Canada, Marco from Bondville, and Brigitte from Bilingshurst for getting the correct answer.

Here’s your question for this episode: “In November of 1980, Microsoft was approached by IBM to supply an operating system for the PC that IBM had in development. Microsoft was able to get it done, but they did not come up with the operating system themselves. Where did they get it and what was it called?"”

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag “Dirty”.

Discussion Topic for the Episode

This episode’s discussion topic is just an overview of what it means to be in this industry.

I’ve been thinking about this quite a bit recently, trying to figure out why I am in this field and why I have an affinity for insider threat
Some people are into the technology, some are into compliance or auditing, some are just really good technical writers
What I’ve come up with: We like to help people and businesses improve
Probably a general statement, but when I was at BSidesDC a few weekends ago, that really is the feeling that I got from the community
Am I wrong in this? Is there something else that drives you to get up in the morning and get to work?
LET ME KNOW!

News

The US Goverment released an insider threat program maturity framework

What with this do to the framework that we are developing?
Focus of this framework vs. the insider threat protection framework
Still good information

https://www.dni.gov/files/NCSC/documents/nittf/20181024NITTFMaturityFramework_web.pdf

It looks like people are still attempting to sue the government over the OPM hack from 2014

According to the article, the judge hearing the appeals case claims that it will be difficult for the government to prove that the victims of the breach don’t have standing to sue.
Not many people are successful in suing the US Government, so it will be interesting to see where this one goes.

https://www.govexec.com/pay-benefits/2018/11/judge-says-govt-faces-uphill-battle-prove-opm-hack-victims-dont-have-standing-sue/

Closing Thought

Our closing thought for this episode comes from Bill Gates. He said, “It’s fine to celebrate success but it is more important to heed the lessons of failure.”

Outro

Thank you for listening to episode 45 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.

You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Go to our website, www.theinsiderthreatpodcast.com, to find the show notes for this and every other episode, as well as links to the topics we’ve covered. You can also go to the website to find a link to the Patreon page and subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

Thanks again and I’ll see you folks next time!

Contact information:

Call in number: (443) 292-2287

Email - steve@theinsiderthreatpodcast.com

Blog - http://www.stephenhigdon.com

Twitter - https://twitter.com/stevehigdon

LinkedIn - https://www.linkedin.com/in/stevehigdon-infosec/

Episode 44 - Cybersecurity Awareness Month! (and Facebook) Oct 22, 2018

Intro

Welcome back! This is episode 44 of The Insider Threat podcast, for the week of October 22nd, 2018.

Everything has been busy!
The weather is finally cooling down
It is close to the end of the month. What have you done for Cybersecurity Awareness Month?
Update on the framework

Infosec Trivia Question

It’s time for your Infosec Trivia Question, where Google is king and the prize is nonexistent!

The question last episode was “In 1998, US Congress approved the release of a famous report on the internet. This caused several websites to crash, due to extremely high traffic volume. What was this report?”

The answer was “the investigation report of President Bill Clinton’s impeachement”.

I’ve actually read this and it really opened my eyes to the true story, or at least what was found during the investigation.

Congratulations to:

Thomas from Alachua, Neil from Ottowa, and Ruby from Indiana for getting the correct answer.

Here’s your question for this episode: “On October 10th, 1980, a company called Midway released the first true mega-hit video game in history. What was the name of this game?”

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag “fever”.

Discussion Topic for the Episode

This episode’s discussion topic is a list of ideas for cybersecurity awareness month

Here we are, a few weeks into Cybersecurity Awareness Month
You may be wondering what you can do to capitalize on this time to improve your organization
First, be intentional and communicate those intentions
Develop a list of initiatives for the month, at least one thing weekly
Articles or newsletters
Create and/or share short training videos (shorter is better)
Hold brown bag training events
Bring it home
Record 5-10 minute audio files to share
Don’t stop on November 1st (this would be just as bad as only having annual training)

News

Facebook breach

https://ctovision.com/facebook-data-breach-4-simple-steps-to-stay-safer-right-now/

Was it 50 million? 29 million? Who knows.
Bottom line is that many Facebook user accounts were compromised.
So far the biggest impact I’ve seen is that people are getting friend requests from people they are already friends with (cloned accounts)
I’ve provided a link to some things you can do to stay safe, but the main thing is to change your password.

Closing Thought

Our closing thought for this episode comes from Steve Jobs. He said, “Your work is going to fill a large part of your life, and the only way to be truly satisfied is to do what you believe is great work. And the only way to do great work is to love what you do. If you haven’t found it yet, keep looking. Don’t settle. As with all matters of the heart, you’ll know when you find it.”

Outro

Thank you for listening to episode 44 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.

You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Go to our website, www.theinsiderthreatpodcast.com, to find the show notes for this and every other episode, as well as links to the topics we’ve covered. You can also go to the website to find a link to the Patreon page and subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

Thanks again and I’ll see you folks next time!

Contact information:

Call in number: (443)292-2287

Email - steve@theinsiderthreatpodcast.com

Blog - http://www.stephenhigdon.com

Twitter - https://twitter.com/stevehigdon

LinkedIn - https://www.linkedin.com/in/stevehigdon-infosec/

Episode 43 - Learning the Hard Way Sep 17, 2018

*Title - Learning the Hard Way *

In this episode we cover some lessons we’ve learned in the course of our work, some insider threat news, and more. Don’t touch that dial!

Intro

Welcome back! This is episode 43 of The Insider Threat podcast, for the week of September 17th, 2018.

How has everyone’s summer been? We’ve had several trips to visit family members and I am working on something that I’m very excited about. Many of you share my concern about the message that is spread about insider threat in that all we hear about from news media and vendors are the malicious insiders. We hear about breaches caused by insider threat all the time (mainly phishing), but they almost never tell the story about how it happened to begin with.

To help you all, I am developing an Insider Threat Protection Framework. What I am doing is concentrating on the four pillars that we have spoken about several times and I’m identifying specific controls that we can implement to help strengthen those key areas - policy, technology, training, and culture. That said, I’m not doing this alone. I am bouncing ideas for the controls off people in my network for sanity checks and they are offering great ideas as far as additional controls that I should include.

When will this be done? I have no idea. I’ve just now finished drafting the policy controls, so I still have a way to go. That said, if you would like me to send you an early copy of the framework as soon as it is finished, please shoot an email to steve@theinsiderthreatpodcast.com and I’ll not only send you the final version, but I’ll keep you up to date on the progress as it’s made. By the way, I have absolutely no plans on selling the framework or anything like that. This is just another passion project for me, just like this podcast.

Again, I am very excited to see where this goes.

Infosec Trivia Question

It’s time for your Infosec Trivia Question, where Google is king and the prize is nonexistent!

The question last episode was “In August of 2006, Dell recalled approximately 1.4 million computer batteries, which was the biggest computer-related recall in history. What was the cause of the recall?”

The answer was “that the batteries overheated and some actually caught fire or exploded”.

When you think of the fact that these were laptops, overheating or even exploding batteries are a serious issue. How would you like to be sitting there trying to get work done and all of the sudden your lap is on fire?

Congratulations to Brayden from Lounton, Frank from New Hampshire, Arthur from Toronto, and Missy from Chicago for getting the correct answer.

Here’s your question for this episode: “In 1998, US Congress approved the release of a famous report on the internet. This caused several websites to crash, due to extremely high traffic volume. What was this report?”

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag “truelove”.

Discussion Topic for the Episode

This episode’s discussion topic is lessons learned from being in information security.

A few years ago, I was a consultant for a company where someone accidentally reverted an SQL server back to a previous snapshot, which caused several weeks of data to be lost. The type of data we’re talking about here is tracking information for all the employees in the organization and their IT equipment. They also lost information for record processing that the company was legally obligated to maintain. What about backups? Well, they did do backups of the database and even tested those backups, but they were stored on the same server. When that server was rolled back to an earlier snapshot, the backups were gone as well. It took weeks to rebuild the data - what could be rebuilt, anyway. In the end, managers from several departments were calling for my head as the resident expert, as well as several other people who were involved. I kept my job, which was great, but the greatest things of the entire situation were the lessons that we all learned.
First, everyone makes mistakes. Some make bigger mistakes more often than others, but none of us are blameless. The important thing, and I feel like I’m talking to my kids here, is that we learn from those mistakes. We changed our backup processes so that backups were stored on different servers in multiple locations and we tightened both our backup and patching procedures. We also increased training in those areas to reduce the likelihood of similar mistakes happening in the future.
For another story, I received a call from an employee three years ago stating that something very strange was happenening on ther computer and she was really worried about it. This employee fell prey to a phishing campaign with her previous employer, which led to stolen data for that organization. She wasn’t going to let it happen again. While she may have learned the hard way about reporting things to the information security department, the point here is that the lesson was learned. She, and all of our employees, are teachable.
Both of these true examples are cases where non-malicious insider threats were involved in incidents that caused great negative impact to their organizations. It is important to remember that we can’t completely reduce the risks associated with insider threat, even if we apply all the things that we talk about on this podcast. Mistakes will continue to happen. The important thing is that we learn from the actions or inactions of ourselves and others to continuously improve our own methods for building and maintaining the security posture of our organizations and all those we come in contact with.
Between 1956 and 1971, Tom Watson Jr. was the CEO of IBM. At one point, a young executive made some bad decisions that ended up costing the company millions of dollars. This executive went to Tom and said something to the tune of “I suppose after that set of mistakes you will want to fire me.” To this, Watson said, “Not at all, young man, we have just spent a couple of million dollars educating you.”
Continue to think about the lessons that can be learned about anything you experience and use those to improve yourself and your organization.

News

Imperva did a survey and found that at least half of information security respondants claimed that they could carry out an insider attack if they wanted to.

https://www.imperva.com/blog/2018/08/report-nearly-half-of-security-professionals-think-they-could-execute-a-successful-insider-attack-on-their-organization/

This one has been floated around quite a bit lately, but I refuse to get as excited about it as others. It is similar to saying that a building inspector could cause a building to fall down. Of course they can. We are talking about folks that likely have administrative rights to the system, know the protection mechanisms, and know when and how alerts are generated. For me, this just seemed like it was blowing a bunch of hot air for no reason at all, and certainly not actionable statistics (if you ever consider these surveys to be able to generate actionable statistics).

Fired worker hacked into former employer’s emails and changed password

https://www.gazettelive.co.uk/news/teesside-news/fired-worker-hacked-former-employers-15125259

Anthony Leung was convicted for hacking into the network of his previous company, changing the email passwords for multiple executives, and then accessing their email. During the court case, the accused stated that he didn’t have the technical skills necessary to commit the offense. The only evidence for this case were the logs of the email server showing that someone external had accessed the accounts and fragments of company emails on Mr. Leung’s computer. Police first suspected him when they found a copy of his resume in a strange folder in one executive’s inbox.
What do I think happened? He probably just called the helpdesk and got the passwords changed to something temporary - which is common practice for organizations. I wouldn’t be surprised in this case if he still had access to company networks, either. We really need to make sure that we are disabling accounts for people who are leaving the organization.

Listener Feeback

I received some feedback recently, but it was about the website. Someone asked why I hadn’t installed SSL certificates and they were absolutely correct. I’ve been trying to work with my podcast hosting provider for over a year to implement this capability, but I was finally forced to make all traffic redirect to another solution, which allowed me to encrypt the traffic. That said, nobody is really inputing or storing data on the website except maybe your email address, but in any case if you go to theinsiderthreatpodcast.com it should redirrect to https now.

Closing Thought

Our closing thought for this episode comes from John Wooden, because I am reading one of his books on leadership right now called “Essential Wooden”. He said, “Success is peace of mind which is a direct result of self-satisfaction in knowing you did your best to become the best that you are capable of becoming.”

Outro

Thank you for listening to episode 43 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.

You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Go to our website, www.theinsiderthreatpodcast.com, to find the show notes for this and every other episode, as well as links to the topics we’ve covered. You can also go to the website to find a link to the Patreon page and subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

Thanks again and I’ll see you folks next time!

Contact information:

Call in number: (443) 292-2287

Email - steve@theinsiderthreatpodcast.com

Blog - http://www.stephenhigdon.com

Twitter - https://twitter.com/stevehigdon

LinkedIn - https://www.linkedin.com/in/stevehigdon-infosec/

Episode 42 - Different Types of Insider Threat Aug 20, 2018

Intro

Welcome back! This is episode 42 of The Insider Threat podcast, for the week of August 20th, 2018.

Not going to hacker summer camp this year. Hope to catch up with you all later in the year at conferences in the DC area.

Infosec Trivia Question

It’s time for your Infosec Trivia Question, where Google is king and the prize is nonexistent!

The question last episode was “In July of 1995 IBM bought spreadsheet and word processing software in order to challenge Microsoft’s Office suite. What were the names of these products?”

The answer was “Ami Pro and 1-2-3”.

I don’t really have any commentary about this one, but it is interesting to go back and research the evolution of commonplace office applications. If you get some time, look up Dan Bricklin, who was essentially the father of the modern day spreadsheet. He was always humble about his creation, saying that it’s something that anyone could have done.

Congratulations to Spenser from Boyle, Sophie from Denton, Liam from San Antonio, and Ralph from Atlanta for getting the correct answer.

Here’s your question for this episode: “In August of 2006, Dell recalled approximately 1.4 million computer batteries, which was the biggest computer-related recall in history. What was the cause of the recall?”

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag “caliente”.

Discussion Topic for the Episode

This episode’s discussion topic is the difference between different types of insider threat programs

The primary types of insider threat programs I want to highlight are DoD/Federal, corporate, and personal
Due to the Snowden and Manning affairs, the federal government is more concerned with traditional data loss prevention concerns
Almost completely focused on malicious users and data exfiltration
Outside of the government, we are concerned about negligent and accidental insiders as well
What strategy works best for your organization?
It depends on the controls you have in place for non-malicious insiders
Government strips or disables links in emails, tags messages from external sources

News

UnityPoint phishing caused loss of medial information for 1.4 million patients

https://www.desmoinesregister.com/story/news/health/2018/07/30/unitypoint-data-breach-million-patients-email-hack-hacked-phishing-e-mail-health-care-iowa/866760002/

One of Iowa’s main hospital and clinic systems has notified about 1.4 million patients that their personal information might have been breached.

UnityPoint Health officials said hackers used “phishing” techniques to break into the company’s email system. The company, based in West Des Moines, said the hackers could have obtained medical information, such as diagnoses and types of care, that was included in emails.

https://www.fbi.gov/contact-us/field-offices/portland/news/press-releases/fbi-tech-tuesday-building-a-digital-defense-against-facebook-messenger-frauds

FBI warns of more scams and phishing attempts coming from messaging features on social media
Fraudsters or attackers will “hack” social media accounts and send phishing emails to everyone on their friends list
These are especially tricky, as they will be coming from “legitimate” sources

https://abc11-com.cdn.ampproject.org/c/s/abc11.com/amp/cree-employee-charged-with-stealing-company-secrets-worth-more-than-$100m/3900002/

An employee of a worldwide company based in Research Triangle Park is accused of stealing thousands of documents full of sensitive information and intellectual property worth more than $100 million
Coy Bell, 47, is charged with larceny by employee, and allegedly stole those secrets from his employer, Cree, Inc. The company is publicly traded on NASDAQ and is known for being a market-leading innovator in LED lighting.
Further investigation found surveillance video showing Bell “holding a small object” like an SD card and inserting it into his computer.
A Durham County search warrant states Bell could have given the files to “a competitor or foreign entity.”
Deputies seized his phone and sought access to at least one dozen other related items.
Bell was arrested on June 18. He was released after posting a $150,000 secured bond.
Interesting is how they found out: another employee saw the SD card on the sidewalk outside the building and the IT team was able to determine that it came from Coy’s company computer
Bad luck for Coy, but really good luck for Cree

Closing Thought

Our closing thought for this episode comes from the Queen of Soul and recently departed music legend, Aretha Franklin. She said, “Be your own artist, and always be confident in what you’re doing. If you’re not going to be confident, you might as well not be doing it.”

Outro

Thank you for listening to episode 42 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.

You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Go to our website, www.theinsiderthreatpodcast.com, to find the show notes for this and every other episode, as well as links to the topics we’ve covered. You can also go to the website to find a link to the Patreon page and subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

Thanks again and I’ll see you folks next time!

Contact information:

Call in number: (443) 292-2287

Email - steve@theinsiderthreatpodcast.com

Blog - http://www.stephenhigdon.com

Twitter - https://twitter.com/stevehigdon

LinkedIn - https://www.linkedin.com/in/stevehigdon-infosec/

Episode 41 - Emerging Technologies in Insider Threat Jul 23, 2018

Intro

Welcome back! This is episode 41 of The Insider Threat podcast.

New Idea Probably won’t work for everyone Weekly podcast for my organization Will cover both IT topic of the day and infosec Noticed employees love information and are always on the road
Books Phoenix Project, The Goal, Atlas Shrugged
Next Not sure. Catching up on podcasts.

Infosec Trivia Question

It’s time for your Infosec Trivia Question, where Google is king and the prize is nonexistent!

The question last episode was “In July of 1953, the first mass-produced computer was announced by IBM. This computer ended up becoming the dominant computer of the decade. What was the model of this computer?”

The answer was “IBM 650”.

The hashtag from last week, “10-digit-memory”, was actually a big clue. It is amazing to think of where we are now as far as computers go, since the memory of the IBM 650 was so small.

Congratulations to: Dirk from Kannapolis, Simone from Kentucky, John from Kentmere, and Daniel from Washington for getting the correct answer.

Here’s your question for this episode: “Speaking of IBM, In July of 1995 IBM bought spreadsheet and word processing software in order to challenge Microsoft’s Office suite. What were the names of these products?”

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag “jotting down some numbers”.

Discussion Topic for the Episode

This episode’s discussion topic is emerging technologies in insider threat

Up and coming technology

Votiro - document protection

Menlo* - isolation technology (Greg Maudsley)

ObserveIt* - UEBA

Ninjio* - training

Viewfinity - Privilege management

Canary Tokens* - Detecting the breach

News

Theft of Apple Self-Driving Car Data

https://securityboulevard.com/2018/07/monday-july-16-dtex-insider-threat-news-privileged-user-dents-apple-self-driving-car-program-doj-says-russia-hacked-clinton-campaign-issues-indictments-against-spies/

Last week, Apple found out it had an insider threat active in its ranks. It was the type of insider that Dtex and the industry commonly refers to as a “leaver.” In this case, the leaver also happened to be a privileged user. A leaver is someone who conducts malicious activities prior to resigning. A privileged user is someone who has special access to specific systems and data. The combination, as Apple discovered, can be a recipe for disaster.

After the leaver, a former employee by the name of Xiaolang Zhang, informed Apple that he was planning to depart the company to take a job with China-based electric vehicle startup XMotors, Apple started looking into his past digital and physical behaviors. After growing suspicious due to activities it observed, Apple notified the FBI. The FBI investigated and then charged Zhang with the crime of stealing trade secrets about Apple’s self-driving car program from the company.

There are a few top takeaways that anyone with a stake in protecting data and IP should be paying attention to. This situation shows: 1) Understanding behaviors is key to knowing whether or not someone is planning to leave a company; 2) It is important to have forensics tools that can piece together what’s happened after the fact; 3) It is equally important to have the ability to receive alerts in real time when bad behaviors are in play.

I hate that we are always talking about malicious insiders, but those are the only ones that make the news.

Closing Thought

Our closing thought for this episode comes from Ayn Rand, author of many books, to include Atlas Shrugged, which I just finished reading. She said, “What greater wealth is there than to own your life and to spend it on growing? Every living thing must grow. It can’t stand still. It must grow or perish.”

Outro

Thank you for listening to episode 41 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.

You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Go to our website, www.theinsiderthreatpodcast.com, to find the show notes for this and every other episode, as well as links to the topics we’ve covered. You can also go to the website to find a link to the Patreon page and subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

Thanks again and I’ll see you folks next time!

Contact information:

Call in number: (443) 292-2287

Email - steve@theinsiderthreatpodcast.com

Blog - http://www.stephenhigdon.com

Twitter - https://twitter.com/stevehigdon

LinkedIn - https://www.linkedin.com/in/stevehigdon-infosec/

Episode 40 - Overcoming Resistance to Insider Threat Changes Jul 02, 2018

Title - Overcoming Resistance for Insider Threat Change

Intro

Welcome back! This is episode 40 of The Insider Threat podcast, for the week of July 2nd, 2018.

July 4th and Canada Day

World Cup - I picked Germany. My 9 year old will probably win.

Infosec Trivia Question

It’s time for your Infosec Trivia Question, where Google is king and the prize is nonexistent!

The question last episode was “In 1996, the term ‘phishing’ was introduced in a Usenet group that was focused on America Online. What was the name of this group?”

The answer was “AOHell”.

There is speculation that the reason phishing starts with “ph” instead of “f” is due to the earlier spelling of phone phreaking, which uses the same spelling substitution. America Online at the time was one-stop-shop for early social engineering exploits.

Congratulations to:

Swen from Lac Au Saumon, Patrick from Virginia, Lola from Santa Fe Springs, and Brodie from Quebec for getting the correct answer.

Here’s your question for this episode: “In July of 1953, the first mass-produced computer was announced by IBM. This computer ended up becoming the dominant computer of the decade. What was the model of this computer?”

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag “10-digit-memory”.

Discussion Topic for the Episode

This episode’s discussion topic is resistance to insider threat program changes and how to overcome them

Trying to be a hero, but you are running into roadblocks by either management or employees
Management – Funding – Process change
Employees – Perceived prod impacts – Feeling of no trust
Solution – Include senior management at the beginning. You can’t ask them to change production processes suddenly and without warning. – Have open dialog with employees. Explain to them why things are important. That is a very important part of your program, anyway.

News

Tesla

Link - https://www.infosecurity-magazine.com/news/teslas-tough-lesson-on-malicious/

According to a supposed email from Elon Musk to Tesla employees, someone committed sabotage against the company that included the use of false usernames to make changes to the code used in the Tesla Manufacturing Operation System, as well as “exporting large amounts of highly sensitive Tesla data to unknown third parties.”
This all supposedly happened because an employee didn’t get the promotion he was going for.
While this will certainly be used by vendors to sell User and Entity Behavior Analytics, Identity and Access Management, and similar products, we have to remind ourselves that malicious insider threat only really accounts for less than 10% of insider threat incidents.
I agree though, that those types of tools would go a long way in twarting these types of attacks.

Exactis

Link - http://www.dailymail.co.uk/sciencetech/article-5900071/Marketing-firm-Exactis-leaks-340-million-files-containing-private-data.html

Whether it is 230 million or 340 million people whose data was left unprotected (sometimes I think they just spit ball these numbers), it is still a very big deal.
This is bigger than Equifax, and includes home addresses, phone numbers, email addresses and other sensitive information for named individuals. They also record their hobbies, interests and habits, as well as the number, age, and gender of any children they have.
The data is now secured and the FBI is investigating.
There is currently no way to see if your data was included or if anyone downloaded a copy.

Links to both of these stories are in the show notes.

Closing Thought

Our closing thought for this episode comes from Elon Musk. He said, “When something is important enough, you do it even if the odds are not in your favor.”

Outro

Thank you for listening to this episode of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.

You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Go to our website, www.theinsiderthreatpodcast.com, to find the show notes for this and every other episode, as well as links to the topics we’ve covered. You can also go to the website to find a link to the Patreon page and subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

Thanks again and I’ll see you folks next time!

Contact information:

Call in number: (443) 292-2287

Email - steve@theinsiderthreatpodcast.com

Blog - http://www.stephenhigdon.com

Twitter - https://twitter.com/stevehigdon

LinkedIn - https://www.linkedin.com/in/stevehigdon-infosec/

Notes

*Title - Overcoming Resistance for Insider Threat Change *

In this episode we cover some common issues with implementing insider threat programs and how to deal with them, Tesla and Exactis (should you be worried?) and more. Don’t touch that dial!

Intro

Welcome back! This is episode 40 of The Insider Threat podcast, for the week of July 2nd, 2018.

July 4th and Canada Day

World Cup - I picked Germany. My 9 year old will probably win.

Infosec Trivia Question

It’s time for your Infosec Trivia Question, where Google is king and the prize is nonexistent!

The question last episode was “In 1996, the term ‘phishing’ was introduced in a Usenet group that was focused on America Online. What was the name of this group?”

The answer was “AOHell”.

There is speculation that the reason phishing starts with “ph” instead of “f” is due to the earlier spelling of phone phreaking, which uses the same spelling substitution. America Online at the time was one-stop-shop for early social engineering exploits.

Congratulations to:

Swen from Lac Au Saumon, Patrick from Virginia, Lola from Santa Fe Springs, and Brodie from Quebec for getting the correct answer.

Here’s your question for this episode: “In July of 1953, the first mass-produced computer was announced by IBM. This computer ended up becoming the dominant computer of the decade. What was the model of this computer?”

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag “10-digit-memory”.

Discussion Topic for the Episode

This episode’s discussion topic is resistance to insider threat program changes and how to overcome them

Trying to be a hero, but you are running into roadblocks by either management or employees
Management – Funding – Process change
Employees – Perceived prod impacts – Feeling of no trust
Solution – Include senior management at the beginning. You can’t ask them to change production processes suddenly and without warning. – Have open dialog with employees. Explain to them why things are important. That is a very important part of your program, anyway.

News

Tesla

Link - https://www.infosecurity-magazine.com/news/teslas-tough-lesson-on-malicious/

According to a supposed email from Elon Musk to Tesla employees, someone committed sabotage against the company that included the use of false usernames to make changes to the code used in the Tesla Manufacturing Operation System, as well as “exporting large amounts of highly sensitive Tesla data to unknown third parties.”
This all supposedly happened because an employee didn’t get the promotion he was going for.
While this will certainly be used by vendors to sell User and Entity Behavior Analytics, Identity and Access Management, and similar products, we have to remind ourselves that malicious insider threat only really accounts for less than 10% of insider threat incidents.
I agree though, that those types of tools would go a long way in twarting these types of attacks.

Exactis

Link - http://www.dailymail.co.uk/sciencetech/article-5900071/Marketing-firm-Exactis-leaks-340-million-files-containing-private-data.html

Whether it is 230 million or 340 million people whose data was left unprotected (sometimes I think they just spit ball these numbers), it is still a very big deal.
This is bigger than Equifax, and includes home addresses, phone numbers, email addresses and other sensitive information for named individuals. They also record their hobbies, interests and habits, as well as the number, age, and gender of any children they have.
The data is now secured and the FBI is investigating.
There is currently no way to see if your data was included or if anyone downloaded a copy.

Links to both of these stories are in the show notes.

Closing Thought

Our closing thought for this episode comes from Elon Musk. He said, “When something is important enough, you do it even if the odds are not in your favor.”

Outro

Thank you for listening to this episode of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.

You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Go to our website, www.theinsiderthreatpodcast.com, to find the show notes for this and every other episode, as well as links to the topics we’ve covered. You can also go to the website to find a link to the Patreon page and subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

Thanks again and I’ll see you folks next time!

Contact information:

Call in number: (443) 292-2287

Email - steve@theinsiderthreatpodcast.com

Blog - http://www.stephenhigdon.com

Twitter - https://twitter.com/stevehigdon

LinkedIn - https://www.linkedin.com/in/stevehigdon-infosec/

Episode 39 - Victimization of Phishing Jun 11, 2018

Introduction

In this episode we cover the victimization of phishing, some insider threat news, and more. Don’t touch that dial!

Welcome back! This is episode 39 of The Insider Threat podcast, for the week of June 4th, 2018.

Infosec Trivia Question

It’s time for your Infosec Trivia Question, where Google is king and the prize is nonexistent!

The question last episode was “In 2013, someone hacked into the Twitter account of the Associated Press and tweeted about explosions. This caused the DOW to drop 143 points, even though AP employees immediately corrected the disinformation. In this fake news post, where did the explosions take place?”

The answer was “The White House”.

This is just one way that nefarious peole can have a negative impact on industry and society. If you really want to see some interesting things, watch Black Mirror.

Congratulations to: Elizabeth from Nisswa, David from Beaumont, Lily from Victoria, Kelvin from Aimster, and Mollie from Garden City for getting the correct answer.

Here’s your question for this episode: “In 1996, the term ‘phishing’ was introduced in a Usenet group that was focused on America Online. What was the name of this group?"”

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag “Hades”.

Discussion Topic

The discussion topic for this week is the victimization of phishing.

Both real phishing attacks and internal phishing
Safe to say that if everyone in the organization gets a phishing email, a percentage of employees WILL click on it
Focus training not just on prevention, but response
Encourage reporting, even if they accidentally fall victim
Last thing you want is for people to be afraid to report because they clicked on the link or open the attachment - they are the most important
(I tell my users) I’d rather have 100 false reports every day that I have to weed through than miss that one real one that causes a major breach
Does your organization conduct internal phishing assessments?
Do you hire a vendor to do this, or do you do it yourself?
How can we encourage our people to file reports even after they fall vicitim?
One way that I do this is to personally thank them for their reports, no matter how benign
You can also send out security newsletters to your employees highlighting typical attack vectors and known current techniques
Bottom line - the better your security culture is, the more likely they are to report suspicious activities

News

https://louisianarecord.com/stories/511444395-partco-alleges-fired-employee-hacked-website-email

A complaint filed May 24 in U.S. District Court for the Middle District of Louisiana alleges a recently terminated employee hacked into the company’s website and email system, essentially rendering both unusable; and took client files when she left.

Partco is apparently a machine shop that provides services to the energy sector.

This complaint states that the employee hacked into these systems but from what I’m reading, she was basically in human resources and served as the office manager when it came to safety and compliance. In the world we live in now, where everyone is flapping their arms and claiming that there is such a shortage of skilled tallent in information security, I find it hard to believe that this individual (Ms. Mary Langlois-Templet), actually hacked into anything. I’m not saying she didn’t do it, but the company was in the middle of being acquired and this smells like they just didn’t revoke her access when she left.

I don’t think I need to go into too much detail with the moral of this story, as it is one we have heard before.

Take care of your employees, even when they are being terminated.
For the love of all things holy, disable accounts AS someone separates from the organization.
Reread numbers 1 and 2.

Quote

Our closing thought for this episode comes from American educator, businessman, author, and speaker, Dr. Stephen Covey. He said, “The key is not to prioritize what’s on your schedule, but to schedule your priorities.”

Outro

Thank you for listening to episode 39 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.

You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Go to our website, www.theinsiderthreatpodcast.com, to find the show notes for this and every other episode, as well as links to the topics we’ve covered. You can also go to the website to find a link to the Patreon page and subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

Thanks again and I’ll see you folks next time!

Contact information:

Call in number: (443) 292-2287

Email - steve@theinsiderthreatpodcast.com

Blog - http://www.stephenhigdon.com

Twitter - https://twitter.com/stevehigdon

LinkedIn - https://www.linkedin.com/in/stevehigdon-infosec/

Episode 38 - Traveling Protected May 07, 2018

Intro

Welcome back! This is episode 38 of The Insider Threat podcast, for the week of May 7th, 2018.

It looks like we are finally done with winter! I heard a few accounts of the RSA conference (comprised mostly of salespeople)

Infosec Trivia Question

It’s time for your Infosec Trivia Question, where Google is king and the prize is nonexistent!

The question last episode was “The term “hacker” originated at MIT where very skilled people programmed in older languages like FORTRAN. When did this take place?”

The answer was “the 1960s”.

I accepted any date within the decade, but most of you simply said 1960s.

Congratulations to: Nick from Tostock, Lucas from Tallahassee, Leo from Kentucky, Lloyd from Buffalo Grove, and Nadine from St. Louis for getting the correct answer.

Here’s your question for this episode: “In 2013, someone hacked into the Twitter account of the Associated Press and tweeted about explosions. This caused the DOW to drop 143 points, even though AP employees immediately corrected the disinformation. In this fake news post, where did the explosions take place?”

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag “oblong circle”.

Discussion Topic for the Episode

This episode’s discussion topic is some safe tips for traveling

We are getting close to the traveling season, especially as the weather gets warmer
Flying
Consider your destination (both the end point and customs/security)
Pack minimally
Don’t check your devices (especially work laptops)
Review organization’s security policy
Shred your used boarding passes and luggage tags (and don’t take pictures of them)
https://globalnews.ca/news/3927795/airline-boarding-pass-barcodes-can-pose-security-risk-to-passengers-expert/
Use an aircard, if possible
Look out for shoulder surfers
Don’t pick up stray media
Hotels
Take your devices with your or store in the safe
Secure your valuables in your room
Use an aircard or VPN
Keep track of your key card
Hackers have the ability to clone keys or create master keys
https://www.techworm.net/2018/04/finnish-hackers-master-key.html
While you’re away
Consider who will be looking after your house/pets/kids
Secure devices in locked room or safe (physical access trumps all)
Change your passwords
Tell a third party
DON’T POST ON SOCIAL MEDIA!!!
http://money.cnn.com/2017/03/21/technology/laptop-ban-safety/index.html

News

Man hacked into government system in attempt to get his friend released early

https://www.zdnet.com/article/man-who-hacked-jail-systems-to-free-his-friend-joins-him-inside/

“Man hacks into jail and stays for 7 years”
Just proves how pwoerful social engineering can be
Created a fake website that looked and felt like the real thing used by prison employees (failed)
Tweeted the fake website in hopes that employees would click the link (failed)
Called employees, claiming to need help with court records and lure them to the site (failed)
Called employees, claiming to be tech support and lure them to fake websites for “updates” (great success!)
Even got remote login credentials from one employee
Fortunately, the system noticed when he altered prison records and it corrected itself
Also flagged personnel and the FBI was contacted

Closing Thought

Our closing thought for this episode comes from American clergyman Robert H. Schuller. He said, “Never cut a tree down in the wintertime. Never make a negative decision in the low time. Never make your most important decisions when you are in your worst moods. Wait. Be patient. The storm will pass. The spring will come.”

Outro

Thank you for listening to episode 38 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.

You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Go to our website, www.theinsiderthreatpodcast.com, to find the show notes for this and every other episode, as well as links to the topics we’ve covered. You can also go to the website to find a link to the Patreon page and subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

Thanks again and I’ll see you folks next time!

Contact information:

Call in number: (443) 292-2287

Email - steve@theinsiderthreatpodcast.com

Blog - http://www.stephenhigdon.com

Twitter - https://twitter.com/stevehigdon

LinkedIn - https://www.linkedin.com/in/stevehigdon-infosec/

Episode 37 -Social Media Apr 16, 2018

Intro

Welcome back! This is episode 37 of The Insider Threat podcast, for the week of April 16th, 2018.

Spring is in the air
Weather isn’t getting much better
RSA is going on right now and many companies are ramping up for their big announcements
No I won’t be there

Infosec Trivia Question

It’s time for your Infosec Trivia Question, where Google is king and the prize is nonexistent!

The question last episode was “Steve Wozniak, a co-founder of Apple, went back to school at UC Berkely and graduated with his engineering degree in 1986, barely anyone recognized him. That’s because his diploma had a different name listed. What was the name he used when he finished his studies?”

The answer was “Rocky Clark”.

“I never dropped out of college,” he said. “I simply took a year off to earn money for my fourth year of school. And then my career kept going up.”

http://articles.latimes.com/1986-05-14/news/vw-53891steve-wozniak

Congratulations to Philipp from Glenbranter, Gabrielle from Delisle, Alex from Laurel, and Aaron rom Perth for getting the correct answer.

Here’s your question for this episode: “The term “hacker” originated at MIT where very skilled people programmed in older languages like FORTRAN. When did this take place?"”

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag “Centenial”.

Discussion Topic for the Episode

This episode’s discussion topic is Social Media

In light of recent events with Facebook
Overview of the issue
Facebook made user data available to Cambridge Analytica
Cambridge Analytica uses this information for political analysis
NOT a breach - it was designed that way
Aleksandr Kogan made an app that used the Facebook API (link between information)
Loophole in API made it so Kogan could collect data on users of the app and all their friends
I especially liked watching Zuckerberg’s testimony before congress
Many people don’t see a problem
“I don’t care if they get my information”
Amount of information gathered
Could even be used to help sway voters and win an election
Best practices
Limit the amount of data you put in social media - if you wouldn’t shout it as loud as you can in the mall, you shouldn’t post it (this includes private messages)
Make your profile private (very important)
When you decide to stop using a particular social media profile, make sure it is deleted (sometimes takes a special request)
Check to see what information is being stored (available on both Twitter and Facebook)
Crafting messages to entice you to buy something, vote for someone, or think a certain way is a form of social engineering
Always remember - If the product is free, you are the product

News

Former airline employee hacks flight reservation system

https://www.bleepingcomputer.com/news/security/retired-airline-manager-who-hacked-former-employer-caught-thanks-to-vpn-logs/

Thanks to some VPN logs, Suzette Kugler was caught by federal authorities
Claims that Suzette “wreaked havoc” on the flight reservation system for 2 days
“Station information is the airport specific portal for PenAir employees to access Sabre,” documents reveal. “This deletion prevented employees in any of those eight airports from being able to book, ticket, modify, or board any flight until the stations were rebuilt in the system.”
No flight delays were experienced because staff figured out what was going on and worked all night to recreate the data
We’ve seen big penalties for this type of thing, but Suzette was only sentenced to 250 hours of community service and five years probation
The interesting thing here is she wasn’t fired - she retired
Make sure you do a full review of system access after someone in IT leaves the company, especially if it was on bad terms

Closing Thought

Our closing thought for this episode comes from Henry Ford. He said, “Anyone who stops learning is old, whether at twenty or eighty. Anyone who keeps learning stays young. The greatest thing in life is to keep your mind young.”

Outro

Thank you for listening to episode 37 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.

You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Go to our website, www.theinsiderthreatpodcast.com, to find the show notes for this and every other episode, as well as links to the topics we’ve covered. You can also go to the website to find a link to the Patreon page and subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

Thanks again and I’ll see you folks next time!

Contact information:

Call in number: (443) 292-2287

Email - steve@theinsiderthreatpodcast.com

Blog - http://www.stephenhigdon.com

Twitter - https://twitter.com/stevehigdon

LinkedIn - https://www.linkedin.com/in/stevehigdon-infosec/

Episode 36 - Obscure Tips for Personal Internet Safety Apr 02, 2018

Intro

Welcome back! This is episode 36 of The Insider Threat podcast, for the week of April 2nd, 2018.

Happy Easter for those who observe it

Very happy to be back from our family vacation that kept me from doing an episode last week

Infosec Trivia Question

It’s time for your Infosec Trivia Question, where Google is king and the prize is nonexistent!

The question last episode was “Roman Seleznev became famous not only for his exploits, but also for getting the longest prison sentence ever in the United States for hacking. How many years did this Russian face in prison?”

The answer was “27”.

Roman got jailed for stealing, selling, and setting up online shops for credit card numbers between 2003 and 2012. Fun fact - he also survived a terrorist attack while on vacation in Morroco in 2011.

Congratulations to Edward from British Columbia, Mario from Toronto, and Hunter from Sait Paul for getting the correct answer.

Here’s your question for this episode: “Steve Wozniak, a co-founder of Apple, went back to school at UC Berkely and graduated with his engineering degree in 1986, barely anyone recognized him. That’s because his diploma had a different name listed. What was the name he used when he finished his studies?”

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag “Italian Superman”.

Discussion Topic for the Episode

This episode’s discussion topic is Odd Tips for Personal Internet Safety

Email aliases (throwaway accounts)
If you own your own domain, you can usually set up something like 100 email aliases
Create “burner” or throwaway accounts for sites you don’t yet trust
Segment your different online accounts so compromise of one doesn’t mean all are vulnerable
If one gets popped, just delete it and create another
Keeps your real email address as private as possible
Check HaveIBeenPwned.com and set up alerts
Check all your email accounts
Some entries will have passwords in plain text
Use WHOIS records
Whenever you get an email that you aren’t sure that you should trust, you can look up the email’s domain record to see who it is registered to
Send scam emails to rescam.org
Very interesting service that will actually communicate with the scammers and waste their time (revenge)
Rename administrator accounts and don’t use them for normal use
Common practice for enterprises, but this should also be done at home.
Canary Tokens (canarytokens.org)
Create little canaries (like in coal mines) out of word documents, pdfs, windows folders, and more
Use password managers
There are a ton out out there. I recommend LastPass
Helps you to create multiple strong passwords or passphrases and not have to remember them

News

Atlanta ransomware attack
New Georgia law mandates 1 year jail time for any “unauthorized computer access” http://www.legis.ga.gov/Legislation/en-US/display/20172018/SB/315
Initial versions of the bill were very vague and could even be applied for users in organizations that went against authorized use policy, much less security researchers and penetration testers
My Fitness Pal (owned by Under Armor) breached, 150m accounts
Usernames, email addresses, and hashed passwords

Closing Thought

Our closing thought for this episode comes from American comedian Elayne Boosler. She said, “I am thankful the most important key in history was invented. It’s not the key to your house, your car, your boat, your safety deposit box, your bike lock or your private community. It’s the key to order, sanity, and peace of mind. The key is ‘Delete.’”

Outro

Thank you for listening to episode 36 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.

You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Go to our website, www.theinsiderthreatpodcast.com, to find the show notes for this and every other episode, as well as links to the topics we’ve covered. You can also go to the website to find a link to the Patreon page and subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

Thanks again and I’ll see you folks next time!

Contact information:

Call in number: (443) 292-2287

Email - steve@theinsiderthreatpodcast.com

Blog - http://www.stephenhigdon.com

Twitter - https://twitter.com/stevehigdon

LinkedIn - https://www.linkedin.com/in/stevehig

Episode 35 - Unlikely Insiders Mar 12, 2018

Intro

Welcome back! This is episode 35 of The Insider Threat podcast, for the week of March 12th, 2018.

This has been a pretty tough couple of weeks. My graphics card went out on my main desktop that I use for the podcast, so I have to get that fixed. That won’t stop us though.. the show must go on! That said, this episode will be just a little bit shorter than usual but we are talking about something that I’ve been wanting to delve into for a while.

I don’t really have any more announcements for this episode so…

Infosec Trivia Question

It’s time for your Infosec Trivia Question, where Google is king and the prize is nonexistent!

The question last episode was “Kristoffer von Hassel became famous in 2014 be becoming the youngest ever officially recognized hacker and security researcher. How old was he and what did he hack?”

The answer was “that he was 5 years old and he found a way to hack into his XBox Live account”.

Kristoffer wanted to get around the parental controls that his father set on his gaming console, so he tried different combinations of inputs until he was able to get around the lock. He discovered that he was able to put in an incorrect password, then enter five spaces on the next screen to get inside.

Congratulations to Tahlia from Staten Island, Alisha from Wichita, Wade from Indianapolis, John from Kentmere, Gary from Prescott, and Christian from Newtown for getting the correct answer.

Here’s your question for this episode: “Roman Seleznev became famous not only for his exploits, but also for getting the longest prison sentence ever in the United States for hacking. How many years did this Russian face in prison?”

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag “Marlboro Blend”.

Discussion Topic for the Episode

This episode’s discussion topic is unlikely insiders

People
Janitorial Staff: how much access do we give them in our organizations, sometimes none, but they handle our garbage, clean our office spaces, and witness everything we do
Security guards: like the cleaning crew, often a third party contract
Technology
Smart TVs (mos common IoT device in organizations, public exploits for turning them into surveillance devices) [https://www.technobuffalo.com/2017/03/07/wikileaks-cia-can-turn-your-smart-tv-into-a-surveillance-device/]
Home automation (echo, google home, apple) always listening
Personal activity or health trackers (strava’s fitness tracker) [https://www.theverge.com/2018/1/28/16942626/strava-fitness-tracker-heat-map-military-base-internet-of-things-geolocation]

News

23,000 HTTPS certificates axed after CEO emails private keys

https://arstechnica.com/information-technology/2018/03/23000-https-certificates-axed-after-ceo-e-mails-private-keys/

Trustico, a digital certificate reseller asked Digicert, one of their certificate providers to revoke over 20 thousand certificates, claiming that they were compromised
Digicert responded, saying they required proof that the certificates were compromised before they would revoke them
Trustico CEO emailed private keys for 23 thousand certs to Digicert, so they had no choice but to revoke the certificates
Interesting move by Trustico, unsure what the motive was
Trustico shouldn’t have even been storing the private keys, since they were just a reseller

Listener Feeback

Review from KenEggs

This is not a platform for some vendor to sell you the solution to Insider Threart (InT). Just as Steve has mentioned, he is not selling anything. This podcast supports the community of InT with great information pulled from a number of good sources. Steve thanks for taking the time to pull together InT related information. Keep Up the good work. I like hearing your podcasts, and consider tech-guests in the InT domain’s or CISO’s or CEO’s to communicate relevent to the community.

Closing Thought

Our closing thought for this episode comes from Sam Ewing. He said, “Hard work spotlights the character of people: some turn up their sleeves, some turn up their noses, and some don’t turn up at all.”

Outro

Thank you for listening to episode 35 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.

You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Go to our website, www.theinsiderthreatpodcast.com, to find the show notes for this and every other episode, as well as links to the topics we’ve covered. You can also go to the website to find a link to the Patreon page and subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

Thanks again and I’ll see you folks next time!

Contact information:

Call in number: (443) 292-2287

Email - steve@theinsiderthreatpodcast.com

Blog - http://www.stephenhigdon.com

Twitter - https://twitter.com/stevehigdon

LinkedIn - https://www.linkedin.com/in/stevehigdon-infosec/

Episode 34 - Teaching Children Security Awareness Feb 26, 2018

Intro

Welcome back! This is episode 34 of The Insider Threat podcast, for the week of February 26th, 2018.

It was great catching up with everyone at BSides NoVA this weekend. The event was fantastic and it’s fun to watch as it grows each year. The speakers were all very knowledable approachable. I don’t think I ran into anyone who wasn’t willing to answer one-on-one questions.

Speaking of questions and answers…

Infosec Trivia Question

It’s time for your Infosec Trivia Question, where Google is king and the prize is nonexistent!

The question last episode was “In 1925, Victor Lustig traveled to Europe and landed one of the most most memorable sales in recorded history. What did he sell?”

The answer was “the eifel tower”.

Seriously. Now you’ve got to remember back then that the Eifel Tower wasn’t necessarily the monument that it is today. When ol’ Victor went to Paris, he forged some documents saying that he was a government official and that he was tasked with finding a company who would pay for the Eifel Tower for scrapping rights.

After it was scrapped, they would be able to use the land for other things. Several companies fell for this and he was actually able to sell the Eifel Tower to multiple people.

Lustig also swindled Al Capone and made counterfeight money before getting caught. If you have a chance to read up on Victor Lustig’s story, you won’t be disappointed.

Congratulations to Julia from Wallington, Tristan from Ladyfield, and Danny from Windermere for getting the correct answer.

Here’s your question for this episode: “Kristoffer von Hassel became famous in 2014 be becoming the youngest ever officially recognized hacker and security researcher. How old was he and what did he hack?”

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag “Live”.

Discussion Topic for the Episode

This episode’s discussion topic is teaching kids security awareness

Good for parents and teachers
Start with ethics
Be nice to others
Be respectful of others
Be respectful of other people’s property
Find a way to relate to the kids and what they are doing on computers
Minecraft and other games
Playing on the playground
The internet and computers are tools
The internet is a magical universe that you share with your family and friends. Make sure you tell people what you’ve discovered.
Remember that family information is secret, like your name, where you live, how old you are
Be careful with videos and links
Make good passwords and don’t share them
Tell your parents or a teacher if you see anything you think is unsafe, people are being mean, or something seems broken
For parents and teachers:
There are plenty of tools out there to keep kids safe on computers and online
Make separate computer accounts for the kids to use that don’t have admin rights and if you use Windows, you can have Microsoft send you reports of user activity
Google chrome can also send internet usage reports
Disney also has ”Circle with Disney”, which filters internet traffic, sends reports to parents, and does lots of the work for you
Most important: talk to the children about this stuff ALL THE TIME. Make it a weekly dinner discussion topic.

http://www.infosecawareness.in/children/

News

Apple Employee Leaked Source Code

http://resourcemagonline.com/2018/02/secret-iphone-source-code-published-online/86345/

In 2016, an Apple employee leaked source code for the iOS 9 security program, iBoot, when he shared it with his friends in the jailbreaking community.
First, I didn’t even know that jailbreaking was still a thing. There were certainly security issues with jailbreaking iOS devices and installing unapproved applications.
In other words, you turned your iPhone into an Android device (joke).
While we are up to iOS 11 now, there is a very high liklihood that the same iBoot code is used today as well
Apple is known for being very strict with their products, code, and security, but perhaps this time they should have been a little more stingy about who had access to their code
I haven’t heard about any exploits in the wild taking advantage of vulnerabilities found in this leak, but its probably only a matter of time

Closing Thought

Our closing thought for this episode comes from novelist and social critic James Baldwin. He said, “Children have never been very good at listening to their elders, but they have never failed to imitate them.”

Outro

Thank you for listening to episode 34 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.

You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Go to our website, www.theinsiderthreatpodcast.com, to find the show notes for this and every other episode, as well as links to the topics we’ve covered. You can also go to the website to find a link to the Patreon page and subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

Thanks again and I’ll see you folks next time!

Contact information:

Call in number: (443) 292-2287

Email - steve@theinsiderthreatpodcast.com

Blog - http://www.stephenhigdon.com

Twitter - https://twitter.com/stevehigdon

LinkedIn - https://www.linkedin.com/in/stevehigdon-infosec/

Episode 33 - Whistleblowers Feb 12, 2018

Intro

Welcome back! This is episode 33 of The Insider Threat podcast, for the week of February 12th, 2018.

It’s just a few days until Valentine’s Day and luckily I’ve got all my stuff sorted out.

As a follow up from last week, have you done your taxes yet? If so, awesome! If not, what are you waiting on?

BSidesNoVA is 23-24 February

http://www.bsidesnova.org/about-bsidesnova/

That’s it for announcements so….

Infosec Trivia Question

It’s time for your Infosec Trivia Question, where Google is king and the prize is nonexistent!

The question last episode was “In the 1960s, someone was ablde to get away with creating fake checks, pretending to be a lawyer, a doctor, an airline pilot, a security guard, and an agent from the US Bureau of Prisons before finally getting caught at the age of 21. Who was this person?”

The answer was “Frank Abagnale Jr”.

I don’t know if any of you saw “Catch me if you can”, but it was a pretty good movie based on Frank Abagnale’s exploits.

The crazy thing was how young he was

Congratulations to David from Massachussets, Marcel from Glenroy, Kyle from Toronto, and Leon from Holtville for getting the correct answer.

Here’s your question for this episode: “In 1925, Victor Lustig traveled to Europe and landed one of the most most memorable sales in recorded history. What did he sell?”

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag “bonjour”.

Discussion Topic for the Episode

This episode’s discussion topic is whistleblowers

What is the difference between a whistleblower and an insider threat? (Depends on whose side you are on)
Insider threat is a person with inside knowledge or access that could have a negative impact on the organization
Whistleblower is a person who informs on a person or organization engaged in an illicit activity
A whistleblower can be and probably is an insider threat to an organization, but are they always bad?
Solution: Culture of communication. Whistleblowing theoretically only happens when employees see something wrong and they feel they can’t report it.
Whistleblowers are important, as they can highlight terrible things going on in organizations
At the same time, whistleblowers should be avoided at all costs in order to keep them from becoming insider threats - you do that through positive culture changes that make people feel comfortable with reporting behavior, processes, or practices that they think are illegal or immoral

News

http://www.onlineathens.com/news/20180209/uga-student-accused-of-hacking-account-to-change-grades

Univerisity of Georgia student arrested for hacking into professor’s account to change his grades

Discovered when assistant professor noticed that he couldn’t log into his email account and was told that his password was changed
Michael Williams was booked for nine counts of computer trespass and 71 counts of computer forgery

Closing Thought

Our closing thought for this episode comes from Jay Leno. He said, “Today is Valentine’s Day - or, as men like to call it, Extortion Day!”

Outro

Thank you for listening to episode 33 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.

You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Go to our website, www.theinsiderthreatpodcast.com, to find the show notes for this and every other episode, as well as links to the topics we’ve covered. You can also go to the website to find a link to the Patreon page and subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

Thanks again and I’ll see you folks next time!

Contact information:

Call in number: (443) 292-2287

Email - steve@theinsiderthreatpodcast.com

Blog - http://www.stephenhigdon.com

Twitter - https://twitter.com/stevehigdon

LinkedIn - https://www.linkedin.com/in/stevehigdon-infosec/

Links

Episode 32 - Tax Season Tips for Staying Safe Jan 29, 2018

Intro

Welcome back! This is episode 32 of The Insider Threat podcast, for January 29th, 2018.

How are you all? Not a whole lot for news here.. just working through compliance stuff, training some new hires, and working on some new ice breakers for awareness training at work. The joke I tried in my last one was absolutely terrible, so obviously that one won’t work.

We’re getting ramped up for the second BSidesNoVA conference and so far it looks like it will be another great success. If you plan on coming out, let me know so we can meet up.

That’s all I’ve got for announcements, so..

Infosec Trivia Question

It’s time for your Infosec Trivia Question, where Google is king and the prize is nonexistent!

The question last episode was “In the book titled “Little Brother”, the main character is able to bypass government surveillance techniques and pass secure messages. What kind of device did he hack in order to accomplish this task?”

The answer was “an XBox”.

In the setting for this story, the caming consoles were given away practically for free in hopes that profits would come from overpriced games. The main character was able to find a way to secure the devices and send encrypted messages to other citizens of San Francisco who wanted to evade government survaillance. If you haven’t read this book, it’s pretty good. A little bit on the rebelious teen side, but the message and setting are believable.

Congratulations to Annabelle from Marnoch, Marcus from Toronto, Daniel from Madison, and Paul from Michigan for getting the correct answer.

Here’s your question for this episode: “In the 1960s, someone was ablde to get away with creating fake checks, pretending to be a lawyer, a doctor, an airline pilot, a security guard, and an agent from the US Bureau of Prisons before finally getting caught at the age of 21. Who was this person?”

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag “PotsAndPans”.

Discussion Topic for the Episode

This episode’s discussion topic is staying safe during tax season

If at all possible, try to avoid having hard copies of W-2s sent to your house
Never click links in emails (go directly to the website you use for online filing)
Send fraudulent emails to phishing@irs.gov
The IRS will never call you or ask for personal information through email
If someone tries to impersonate the IRS, they will make it seem urgent that you pay through obscure methods (gift cards, paypal, wire transfer, prepaid credit cards)
If someone has already filed on your behalf, go to www.identitytheft.gov for step-by-step instructions to report the fraud and get it taken care of
File your taxes as early as possible (if you file first, they can’t file fraudulently)

News

Email phishing scam caused leak of approx. 340 people’s full names, social security numbers, home addresses, and salary

http://www.wsoctv.com/news/local/charlotte-housing-authority-hacked-current-former-employees-impacted/689911291

Employee at Charlotte Housing Authority received email claiming to be from the CEO asking for employee information for W2s
Without hesitation, employee provided the information
Fairly easy and inexpensive way to combat these types of incidents is to have email flagged if it comes from an external source
Of course, training can help as well

Listener Feeback

Someone called the google voice number but didn’t leave a voicemail. I’f I’m not able to answer right away, please either leave a voicemail or text message. I’m hesitant to return calls from strange numbers without knowing who they are.

Closing Thought

Our closing thought for this episode comes from Colin Powell, retired four star general and former secretary of state. He said, “A dream doesn’t become reality through magic; it takes sweat, determination and hard work.”

Outro

Thank you for listening to episode 32 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.

You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Go to our website, www.theinsiderthreatpodcast.com, to find the show notes for this and every other episode, as well as links to the topics we’ve covered. You can also go to the website to find a link to the Patreon page and subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

Thanks again and I’ll see you folks next time!

Contact information:

Call in number: (443)292-2287

Email - steve@theinsiderthreatpodcast.com

Blog - http://www.stephenhigdon.com

Twitter - https://twitter.com/stevehigdon

LinkedIn - https://www.linkedin.com/in/stevehigdon-infosec/

Episode 31 - Giving In-Person User Awareness Training Jan 15, 2018

Intro

Welcome back! This is episode 31 of The Insider Threat podcast, for the week of January 15th, 2018.

This has been an interesting couple of weeks. I’ve passed along leadership on one organization that I am a member of, while trying to become a better leader in my day job. I’ve also joined a team of very competent virtual CISOs, where we’ll serve in that capacity for small or medium sized businesses who can’t afford to have a CISO hired on full time.

I’ve had a little bit of time for intraspection and maybe it is the new year getting to me, but I’ve been focused on ways to improve myself this year in many areas.

Enough about me though…

Infosec Trivia Question

It’s time for your Infosec Trivia Question, where Google is king and the prize is nonexistent!

The question last episode was “Quite a long time ago in a distant place, the biggest weapon ever developed was completely destroyed by exploiting a vulnerability intentionally left by an insider threat. What was the name of this weapon and who was the insider threat?”

The answer was “Galen Erso”.

For 39 years there was a bug in the deathstar’s design that allowed the Rebel Alliance to take it out relatively easily. It was put there intentionally by our insider threat during its design phase. In our world, you could call this a back door and a vulnerability that was readily exploitable.

https://www.observeit.com/blog/insider-threat-took-death-star/

Congratulations to Sean from Providence, Sara from Germany, Noah from Calgary, and Joe from Decatur for getting the correct answer.

Here’s your question for this episode: “In the book titled “Little Brother”, the main character is able to bypass government surveillance techniques and pass secure messages. What kind of device did he hack in order to accomplish this task?”

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag “BART”.

Discussion Topic for the Episode

This episode’s discussion topic is tips and tricks for giving in-person user awareness training

First, this isn’t the only type of user awareness training, but some organizations only go this route
Just like any other public speaking or training
Use the organizational policies as the base
Include realistic stories, scenarios, and/or case studies
Start with a joke or question to get attendees interested and engaged
Incorporate role playing to keep them engaged and stimulate group-think
Very important: go over reporting procedures and include it in role play
Make them the superheroes - they are a very important part of the program
Lightly imply the types of technology used to monitor employee behavior and systems
End with an open door policy

News

Meltdown and Spectre

https://www.csoonline.com/article/3245770/security/spectre-and-meltdown-what-you-need-to-know-going-forward.html

Closing Thought

Our closing thought comes from Allan Bloom, an American philosopher. He said, “Education is the movement from darkness to light.”

Outro

Thank you for listening to episode 31 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.

You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Go to our website, www.theinsiderthreatpodcast.com, to find the show notes for this and every other episode, as well as links to the topics we’ve covered. You can also go to the website to find a link to the Patreon page and subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

Thanks again and I’ll see you folks next time!

Contact information:

Call in number: (443) 292-2287

Email - steve@theinsiderthreatpodcast.com

Blog - http://www.stephenhigdon.com

Twitter - https://twitter.com/stevehigdon

LinkedIn - https://www.linkedin.com/in/stevehigdon-infosec/

Links

Episode 30 - Welcome to 2018! Jan 01, 2018

Intro

Welcome back! This is episode 30 of The Insider Threat podcast, for the first week of 2018.

Here we are in a new year.

Well, not really. I’m prepping and recording this episode in the last week of 2017, but you’re listening to it in the new year

Move went well - my wife is awesome

How have your holidays gone so far?

Important: Many people don’t feel as well during the holidays, especially in our industry. I completely understand, as I’ve gone through some of that myself in the past. Hang in there and if you need anyone to talk to, please contact me in any of the ways listed at the end of the show. I mean that and I won’t go blabbing about it anywhere. You’re very important to many people, whether you know them or not.

That’s it for the annoucements so…

Infosec Question of the Week

It’s time for your Infosec Question of the Week, where Google is king and the prize is nonexistent!

The question last week was “A key method for stealing information in databases that are accessible from the web is to input a string of characters in certain fields in order to trick the database into doing something unintended. What is the name of this technique?”

The answer was “SQL Injection”.

SQL Inection is a technique that has been around for a long time - maybe since 1998 when Jeff Forristal wrote about issues with SQL servers for the Phrack magazine
Remember when we used to call them “zines”?
Essentially you use this technique to inject commands or confusing information into the SQL server, which causes it to do many things, like let you into a website as administrator, dump data, or even discover information about the underlying system
Still probably the leading method for stealing data from a website, even after all this time

There were a ton of people who got this one correct, so I’m just going to list first names

Congratulations to Erin, Ron, Alicia, Carol, Tim, Joel, Naji, Julian, Kedar, Steffen, Terry, Sophie, and Josh for getting the correct answer.

Here’s your question for this week: “Quite a long time ago in a distant place, the biggest weapon ever developed was completely destroyed by exploiting a vulnerability intentionally left by an insider threat. What was the name of this weapon and who was the insider threat?”

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag “seeingthenewonethisweekendandsuperexcited”. That’s all one word, if you were wondering.

Discussion Topics for the Week

This week’s discussion topics are expectations for the coming year and insider threat resolutions

“Expectations”

Don’t want to call it predictions
Twitter predictions: there will be more ransomware, more breaches, and marketers taking advantage of it all
Cryptocurrency is going to play a bigger role
More vendors coming out with tools and services for awareness

Resolutions

Personally: I’m in the position to educate more and I need to take it
Implement some sort of continuous education
Take time to teach my kids more about technology and how to be safe with it
Do more writing
Do more reading
Have more guests on the show

News

ATMs can be “hacked” using old Windows XP “feature”

https://mspoweruser.com/atms-running-windows-xp-can-hacked-using-sticky-keys/

This is done through sticky keys
Hit shift button 5 times
I hated this feature, and as I’m testing right now it looks like it still exists on Windows 10
Who ever used sticky keys? Am I alone in this? (Let me know)
Used this “feature” to bypass the normal ATM screen and manipulate the back end XP operating system (change boot scripts, install malware, etc.)
Wonder if you could also use this to access the internal banking system

Thought of the Week Segment

Our thought of the week comes from a British author named Neil Gaiman, . He said, “I hope that in this year to come, you make mistakes. Because if you are making mistakes, then you are making new things, trying new things, learning, living, pushing yourself, changing yourself, changing your world. You’re doing things you’ve never done before, and more importantly, you’re doing something.”

Outro

Thank you for listening to episode 30 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.

You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Go to our website, www.theinsiderthreatpodcast.com, to find the show notes for this and every other episode, as well as links to the topics we’ve covered. You can also go to the website to find a link to the Patreon page and subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

Happy New Year, everyone! I hope 2018 is everything you want it to be, no matter what that looks like.

Thanks again and I’ll see you folks next time!

Contact information:

Call in number: (443) 292-2287

Email - steve@theinsiderthreatpodcast.com

Blog - http://www.stephenhigdon.com

Twitter - https://twitter.com/stevehigdon

LinkedIn - https://www.linkedin.com/in/stevehigdon-infosec/

Links

ATMs Running Windows XP Can Be Hacked Using Sticky Keys

Episode 29 - Holiday Gift Ideas for Insider Threat Dec 18, 2017

Welcome back! This is episode 29 of The Insider Threat podcast, for the week of December 18th, 2017.

- I’m moving (almost didn’t have an episode)

- This is the last episode before the new year.

- T-shirt designs are still on. Send them to steve@theinsiderthreatpodcast.com or tweet them to @stevehigdon. Winning design gets the very first t-shirt made absolutely free (and a heartfelt thanks from me)

- SANS Holiday Hack Challenge has started. Go to https://holidayhackchallenge.com for more information. This is something I’ve always wanted to do, but never had the time during the holiday season. Hopefully that will change this year. Ed Skoudis puts quite a bit of time and effort into these and I’ve heard great things about the experience.

Infosec Question of the Week

It’s time for your Infosec Question of the Week, where Google is king and the prize is nonexistent!

The question last week was “In the movie “Hackers”, one of the characters posed as a maintenance worker and crawled under a desk in order to install a telephone bug. What was the handle of this character?”

The answer was “Cereal Killer”.

The “real name” of the character in the movie was Emanuel Goldstein. This was a nod to the person who was a resource for the movie, a founder of the hacker magazine 2600, and a key organizer of the “Free Kevin” movement.

Congratulations to: Joshua from Chicago, Koby from Orlando, Emily from Louisiana, and Toby from British Columbia for getting the correct answer.

Here’s your question for this week: “A key method for stealing information in databases that are accessible from the web is to input a string of characters in certain fields in order to trick the database into doing something unintended. What is the name of this technique?”

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag “X”.

Discussion Topic for the Week

This week’s discussion topic is giving the gift of understanding

- Understanding really is a gift

- Could be the only thing that protects your organization and the people you care about

- When you frame it as a gift, that tells the listener that it is important

- Understanding for yourself

- If you are here, you get it

- Stay up to date on phishing techniques

- Stay up to date on vulnerabilities

- Continuously learn

- Understanding for your management

- Find ways to translate information security risk to business risk

- Talk numbers (that’s what managers understand)

- Use competitor breaches and information in the headlines to gain traction

- Monetize the breaches, as well as the costs for improvement (technology, training, etc.)

- If all else fails, talk about headlines and CEOs having to testify before congress

- Understanding for your organization

- Refresh them on organizational policy

- Talk about key indicators of insider threats and breaches

- Make sure that reporting procedures are understood AND available

- Get personal (take it home)

- Understanding for your family

- Tell the about the devices they might get and how to secure them

- Mention the ways to stay safe for the holidays, mentioned in last episode

- Be the CISO, security technician, and consultant for your family

- If you are in this industry, you probably hate being everyone’s helpdesk

- If you care about your family, do it anyway. You are very likely the only person who can help them.

- Don’t make your family members go to Geek Squad for support

News

Contributor and Title

https://www.infosecurity-magazine.com/news/barclays-bank-insider-sentenced/

- A former Barclays Bank employee has been sentenced to six years and four months behind bars for helping cyber-criminals launder millions of pounds of stolen funds.

- Jinal Pethad set up 105 fake bank accounts using false identity documents in a bid to trick the bank’s security processes

- Pavel Gincota and Ion Turcan, two people he was working with on this scam, were jailed in October

- According to the NCA’s National Cybercrime Unit, Jinal abused his position of trust at the bank to knowingly set up sham accounts for Gincota and Turcan, providing a vital service which enabled them to launder millions

- Of course Barclays Bank said they have a zero tolerance policy against unlawful activity. Well duh.

Thought of the Week Segment

Our thought of the week comes from Oren Arnold, an editor and freelance writer. He said, “Christmas gift suggestions: To your enemy, forgiveness. To an opponent, tolerance. To a friend, your heart. To a customer, service. To all, charity. To every child, a good example. To yourself, respect.

Outro

Thank you for listening to episode 29 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.

You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Go to our website, www.theinsiderthreatpodcast.com, to find the show notes for this and every other episode, as well as links to the topics we’ve covered. You can also go to the website to find a link to the Patreon page and subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question. Have a good holiday season and remainder of the year, everyone!

Thanks again and I’ll see you folks next time!

Contact information:

Call in number: (443) 292-2287

Email - steve@theinsiderthreatpodcast.com

Blog - http://www.stephenhigdon.com

Twitter -

LinkedIn -

Links

Episode 28 - Staying Safe for the Holidays Dec 04, 2017

Welcome back! This is episode 28 of The Insider Threat podcast, for the week of December 4th, 2017.

I want to thank Dr. Helen Ofosu once again for coming onto the last episode and giving us some insight on ways that psychology can be used to reduce insider threat risk

My Thanksgiving was great, aside from half the family getting sick that weekend, but we got to catch up on lots of movies

Haven’t received many t-shirt designs, so there’s still a chance if you want to get in on it (chosen design gets first shirt)

Infosec Question of the Week

It’s time for your Infosec Question of the Week, where Google is king and the prize is nonexistent!

The question last week was “In the early 1980s, William Gibson coined the term ‘cyberspace’ when he wrote this.”

The answer was “Neuromancer”.

According to Wikipedia, Neuromancer is a 1984 science fiction novel and is one of the best-known works in the cyberpunk genre.

Congratulations to Ryan from Caparra, Alex from Binghamton, Rory from Syracuse, and Rich from Virginia for getting the correct answer.

Here’s your question for this week: “In the movie “Hackers”, one of the characters posed as a maintenance worker and crawled under a desk in order to install a telephone bug. What was the handle of this character?”

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag “Crack”.

Discussion Topic for the Week

This week’s discussion topic is not becoming a victim over the holidays

- We just had black friday and cyber monday

- You’re using credit cards, email addresses, and online stores more

- You are willing to shop at online stores you wouldn’t typcially shop at to get a good bargain

- Stores have temporary employees that might not have as much of an issue leaking or stealing information

- Dont use your company email to purchase personal items

- Hackers will pretend to be the store you bought things from, the shipping company, and tech support

- Just like with everything else, try to avoid clicking on any links in emails

- Always check to make sure your connection is secure before paying online (https)

- Stick with familiar, established retailers

- Try not to use public wifi

- Not a bad idea to change your passwords immediately after the holiday season

- The holidays are a great time for credit card or account information thieves, as they can sit on a network for a shorter period of time when employees are too busy to notice anything and gather more data, faster

- Treat yourself to a password manager (they are cheap or free) and make sure you keep it up to date. I use lastpass.

- Expect phishing emails. You’ll more than likely get a few.

- Monitor your credit card statements

- Watch out for sites like craigslist, where people might be more willing to scam or phish you

- There couldn’t be a better time to educate your family members and coworkers on the importance of information security at home

- Common targets are senior citizens

- Ignore popups on websites that may be caused from malvertizing or compromized sites

News

Apple Mac OSX High Sierra flaw allowed users to log in as root without a password

Followed this as it was happening on Twitter

Patch is out but some people are saying the patch didnt fix the issue. Make sure you check your own installation

https://www.wired.com/story/macos-update-undoes-apple-root-bug-patch/

Insider threat — Chemours employee steals trade secrets

https://www.csoonline.com/article/3239076/security/insider-threat-chemours-employee-steals-trade-secrets.html

Jerry Jindong Xu, a Chinese citizen, had over the course of several years, stolen the intellectual property and trade secrets of his employer, Chemours. Xu had worked for Dupont China from 2004-2011 and transferred to the U.S. in 2011.

Proprietary data was taken - ways that chemical compounds are produced and processed, blueprints for a new factory, potentially valued in the hundreds of millions

Tried to shop around with competitors to see if he and someone else he used to work with could profit from the data

Chemours noticed that the data was taken, asked for it back, and filed charges when he claimed that he didn’t have anything

Thought of the Week Segment

Our thought of the week comes from Hamilton Wright Mabie, a late 19th century American essayist, editor, critic, and lecturer. He said, “Blessed is the season which engages the whole world in a conspiracy of love. "

Outro

Thank you for listening to episode 28 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.

You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Join our Reddit community and discussions at the subreddit named insiderthreat. The subreddit is also where you’ll also find the show notes for this and any other episode, as well as links to the topics we’ve covered. If you go to our website, you can also find a link to the Patreon page and you can subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

Thanks again and I’ll see you folks next time!

Special Holiday Edition and Terrible History Lesson Nov 23, 2017

Happy Thanksgiving to all listeners in the United States (and anyone else who wants to celebrate with us)!

Only releasing episodes every other week through the holiday season

Don’t forget about the t-shirt design contest! Reach out to me via email, twitter, reddit, phone, or any other way for more details.

Thank you for being awesome! Without you, I’d just be talking to myself (more often than usual).

Thanks again and I’ll see you folks next time!

**Episode 27 - Dr. Helen Ofosu on Using Psychology to Tackle Insider Threat** Nov 20, 2017
Guest

Dr. Helen Ofosu

Career Coach | #HR Consultant | Builder of #Resilient Careers using #IOpsych | Speaker | Founder, I/O Advisory Services. VP, @ZontaCanada.

Dr. Helen Ofosu (@drheleno_ca) on Twitter

Career Counselling & HR Consulting | I/O Advisory Services

**Intro**

Welcome back! This is episode 27 of The Insider Threat podcast, for the week of November 20th, 2017.

One quick announcement here, I’m thinking about making t-shirts available to you listeners that I might be able to give out as prizes or at security conferences. There’s just one problem - I am terrible at design. So with that, I’d like to have a t-shirt design contest and whoever creates the winning design will get the very first one for free. You can contact me for more details by using any of the methods I mention at the end of the episode.

**Infosec Question of the Week**

It’s time for your Infosec Question of the Week, where Google is king and the prize is nonexistent!

The question last week was “In 1984, David Ruderman and Eric Corley launched a periodical named after a specific tone that could get early phone phreakers into operator mode on telephone systems. What is the name of this periodical?”

The answer was “2600”.

Congratulations to Kyle from Ontario, Caleb from Seattle, Georgia from Texas, and Vicky from Feather Sound for getting the correct answer.

Here’s your question for this week: “In the early 1980s, William Gibson coined the term ‘cyberspace’ when he wrote this.”

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag “Armitage”.

**Discussion Topic for the Week**

**This week’s discussion topic is using psychology to decrease insider threat risk**

- Dr. Helen Ofosu joins us for a fantastic interview, where we talk about some of the ways she has been able to use physiological principles to help organizations improve their security culture and identify people or environments that could serve as a catalyst for malicious behavior.

**Contact Info:**

Website:

LinkedIn:

Twitter:

**Articles**

Sources of insider threats: they’re not always what you think (my blog, Nov. 18, 2017)

Brave new world, old-school problems - Corporate Security Hinges on its People (magazine article Oct. 2017)

Is Cyber Security Ever Enough (magazine article 2016)

**Thought of the Week Segment**

Our thought of the week comes from Tony Morgan. He said, “You get to decide where your time goes. You can either spend it moving forward, or you can spend it putting out fires. You decide. And if you don’t decide, others will decide for you.”

**Outro**

Thank you for listening to episode 27 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.

You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Join our Reddit community and discussions at the subreddit named insiderthreat. The subreddit is also where you’ll also find the show notes for this and any other episode, as well as links to the topics we’ve covered. If you go to our website, you can also find a link to the Patreon page and you can subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question. Don’t forget about those t-shirt designs!

Thanks again and I’ll see you folks next time!

Episode 26 - User Awareness Training Nov 13, 2017

Intro

Welcome back! This is episode 26 of The Insider Threat podcast, for the week of November 13th, 2017.

If you’re listening to this on Monday, I want to say Happy Veterans Day to all our veterans out there. I’ve made it a point not to be political at all on this show, so I won’t go down that route. No matter where you stand, I hope you can find it in your heart to be thankful for a person who has sacrificed a portion or the entirety of their life in service to their nation and everyone in it.

I don’t have any specific announcements for this week, so..

Infosec Question of the Week

It’s time for your Infosec Question of the Week, where Google is king and the prize is nonexistent!

The question last week was “In 1964, John G. Kemeny and Thomas E. Kurtz designed the original BASIC programming language. Where were they when they did this?”

The answer was “Dartmouth College”.

I don’t remember what BASIC was like, but I remember QBASIC, which was invented by Bill Gates to be a simplified version of BASIC.

Congratulations to: Eusebio from Pasadena, Lynette from Salinas, Walt from Indiana, and Alan from Aldergrove for getting the correct answer.

Here’s your question for this week: “In 1984, David Ruderman and Eric Corley launched a periodical named after a specific tone that could get early phone phreakers into operator mode on telephone systems. What is the name of this periodical?”

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag “HOPE”.

Discussion Topic for the Week

This week’s discussion topic is User Awareness Training

- What is user awareness training?

- Awareness is…

- Training is…

- What does awareness training look like?

- Types of training (in person, virtual)

- In person (slides and presentation, roleplaying)

- Virtual (distributed learning environment, video, test or quiz)

- How often should training happen?

- Compliance vs. security

- Several companies offering training solutions now, including NINJIO, Wombat, KnowBe4

- Shout out to habitu8, NINJIO, Curriculum for being awesome on LinkedIn

- Just like every other type of training, it doesn’t have to be expensive to be effective

- Tell story of daily infosec question at login

- How do we measure effectiveness of training? (open your ears, look for reports)

- What type of training do you do at your organization?

- If you were king for a day, and some of you are, what would you change?

News

A Minnesota man paid people to DDoS his former employer for over a year

- John Gammell charged with paying for sustained DDoS attack against former employer for over a year

- Cost the company, Washburn Computer Group (company that repairs point of sale systems), approximately $15,000

- Paid between $19.99 and $199.99 per month

- Also paid for DDoS against Hennepin County, Minnesota Judicial Branch, and some banks.

- Mr. Gammell was caught because he sent some taunting emails to his former employer using accounts that were created from his house and accessed by his phone

- Important point: DDoS and other similar services are cheap now

- How we treat other people could have a big impact on how they treat us

Thought of the Week Segment

Our thought of the week comes from my pick for best lightsaber dualist in the Star Wars universe, Master Yoda. He said, “Do or do not. There is no ‘try’.”

Outro

Thank you for listening to episode 26 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.

You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Join our Reddit community and discussions at the subreddit named insiderthreat. The subreddit is also where you’ll also find the show notes for this and any other episode, as well as links to the topics we’ve covered. If you go to our website, you can also find a link to the Patreon page and you can subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

Thanks again and I’ll see you folks next time!

Episode 25 - Paying the Ransom Nov 06, 2017

Title - Paying the Ransom

In this episode we cover paying ransoms, an insider threat at apple, Guy Fawkes, and more. Don’t touch that dial!

Intro

Welcome back! This is episode 25 of The Insider Threat podcast, for the week of November 6th, 2017.

If you followed me on twitter, you know that I was eagerly awaiting my new phone this week. It came in and I’m really excited about it thus far.

Guy Fawkes Day “Remember, remember the 5th of November”

- On November 5th, 1605, Guy Fawkes was arrested guarding explosives that were set to blow up the House of Lords in London.

- What started as a celebration that the terrorist plot was disrupted later became a holiday for expressing social injustices around Great Britain

- Guy Fawkes masks are worn by members of Anonymous to symbolize “fighting against the man”

Infosec Question of the Week

It’s time for your Infosec Question of the Week, where Google is king and the prize is nonexistent!

The question last week was “In 1984, a computer hacker and DIY media organization called Cult of the Dead Cow was formed in Lubbock, Texas. They gained quite a bit of notoriety when they wrote a remote system administration tool. What was the name of this tool?”

The answer was “Back Orifice”.

So Back Orifice was a little before my time, but I remember very vividly when Cult of the Dead Cow released Back Orifice 2000. It was the first piece of malware that I ever downloaded (intentionally, anyway), and I remember putting it on a disk and having absolutely no clue what to do with it after that.

Congratulations to:

Lukas from Ottawa, Sandra from Washington, Taylor from New Jersey, and Jens from Munchen for getting the correct answer.

Here’s your question for this week: “In 1964, John G. Kemeny and Thomas E. Kurtz designed the original BASIC programming language. Where were they when they did this?”

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag “Big Green”.

Discussion Topic for the Week

This week’s discussion topic is paying ransoms

- What do we mean here?

- Ransomware has become commonplace

- Most ransomware, by definition, requires a ransom of some sort

- Usually bitcoin or some other cryptocurrency

- Why bitcoin? Fairly anonymous, fast, trackable (blockchain)

- Pros of paying ransom

- Sometimes cheaper than recovery (especially if your org doesn’t have skills necessary or backups)

- Usually fast recovery

- Cons of paying ransom

- Not guaranteed

- What stops them from exploiting the same vulnerability and encrypting again?

- They know you’ll pay

- You’re supporting their efforts (both monetarily and conceptually)

- Summary

- Ransomware operators are getting better at pricing

- In the security industry we hate it when you pay

- But it might be the best option for some people

- Have to stay on top of the news for the malware

- Make regular backups and patch!

News

Apple engineer fired after daughter’s youtube video went

http://www.telegraph.co.uk/technology/2017/10/30/apple-fires-employee-daughters-video-new-iphone-x-goes-viral/

- In about 25 seconds of footage in the now removed five minute video blog, Peterson navigates the homescreen, demonstrates the phone’s camera technology, uses Apple Pay, and shows off the new Animoji feature.

- Right after the video went live, it was pulled down and the daughter claimed that her father had been fired

- Brooke Amelia Peterson says she isn’t upset about her father getting sacked and that he takes full responsibiity

- This would be considered a negligent insider threat

- Product details are sensitive information to outsiders

- I feel bad, but this could have been any inside information and we can’t let the specifics take away from what it was - an insider threat incident

Thought of the Week Segment

Our thought of the week comes from a Lebanese writer, poet, and visual artist named Kahlil Gibran. He said, “If you reveal your secrets to the wind, you should not blame the wind for revealing them to the trees.”

Outro

Thank you for listening to episode 25 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.

You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Join our Reddit community and discussions at the subreddit named insiderthreat. The subreddit is also where you’ll also find the show notes for this and any other episode, as well as links to the topics we’ve covered. If you go to our website, you can also find a link to the Patreon page and you can subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

Thanks again and I’ll see you folks next time!

Episode 24 - Motivations of Malicious Insiders Oct 30, 2017

Intro

Welcome back! This is episode 24 of The Insider Threat podcast, for the week of October 30th, 2017.

For the announcements this week, I had a wonderful conversation with someone who might be coming onto the show to talk about human behavior from a psychological standpoint and what that means for HR and insider threat risk. I’m really looking forward to that. On the personal side, I got a promotion this last week and I’ll be able to have more influence on security in my organization, which is awesome. And that’s about everything I have for announcements, so…

Infosec Question of the Week

It’s time for your Infosec Question of the Week, where Google is king and the prize is nonexistent!

The question last week was “In 2003, David Heinemeier Hansson created and has since maintained a key capability that has programmer happiness as one of its key principles. What did he create?”

The answer was “Ruby on Rails”.

Commentary

Congratulations to:

Maggie from Richfield, Rylie from Blackduck, Minnesota, Abe from Maryland, and Francis from Eastbourne for getting the correct answer.

Here’s your question for this week: “In 1984, a computer hacker and DIY media organization called Cult of the Dead Cow was formed in Lubbock, Texas. They gained quite a bit of notoriety when they wrote a remote system administration tool. What was the name of this tool?”

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag “door”.

Info - https://en.wikipedia.org/wiki/Back_Orifice

Discussion Topic for the Week

This week’s discussion topic is the motivations of malicious insiders

- What are malicious insiders?

- Insiders who intentionally present risk to the organization

- Are NOT negligent insiders

- Are not the most common type of insiders (only 6%)

- ARE the most widely marketed

- What are the common motivators for malicious insiders?

- Personal use

- Getting ahead at work

- Getting ahead with your next employer

- Blackmailing coworkers

- Financial Gain

- Selling information directly to competitors or foreign governments

- Trying to sell it on the dark web

- Sabotage

- Doing something to get back at either the organization as a whole or someone in particular

- Could be for missed promotion, wrongful firing, unethical practices

- What are key characteristics of malicious insiders?

- Working during off hours

- Trying to get access to information outside their job role

- Displaying signs of extreme debt

- Displaying signs of unexplainable wealth

- Generally talking negatively about the organization or leadership

- How can we fix it?

- Technology like User and Entity Behavior Analytics, monitoring solutions, access controls

- Non-technical solutions like proper termination procedures, background checks, and training for recognizing signs of malicious insiders and reporting

News

- Insider threat news was pretty dry this week

- A ransomware attack took place primarily against Russian and Ukrainian companies, but the command and control infrastructure seems to be offline

- I don’t know about you, but I’m definitely starting to get ransomware fatigue

- The Indian government advises against using public WiFi, go figure

- The Reaper botnet has over a million infected devices and researchers have warned that it could take down the internet

- Anonymous launched FreeCalalonia campaign, targeting Spanish government sites

Thought of the Week Segment

Our thought of the week comes from American music artist, poet, and philosopher Tom Waits. He said, “The large print giveth and the small print taketh away.”

Outro

Thank you for listening to episode 24 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions. Hey, do me a favor this week and tell a friend about the show. The more we get this information out there, the better.

You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Join our Reddit community and discussions at the subreddit named insiderthreat. The subreddit is also where you’ll also find the show notes for this and any other episode, as well as links to the topics we’ve covered. If you go to our website, you can also find a link to the Patreon page and you can subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

Thanks again and I’ll see you folks next time!

Episode 23 - Art of the Phish Oct 23, 2017

Visit https://reddit.com/r/insiderthreat for show notes and discussion! This is a podcast where we explore the issues today with the insider threat, or human factor, of our organizations. We also talk about ways to tackle those issues through training, culture, and technology in order to help information security and business professionals reduce risks in their environments.

Episode 22 - Is Marketing Actually Hurting Insider Threat Protection? Oct 16, 2017

Visit https://reddit.com/r/insiderthreat for show notes and discussion! This is a podcast where we explore the issues today with the insider threat, or human factor, of our organizations. We also talk about ways to tackle those issues through training, culture, and technology in order to help information security and business professionals reduce risks in their environments.

Episode 21 - Data Management and Music Degrees Oct 09, 2017

Visit https://reddit.com/r/insiderthreat for show notes and discussion! This is a podcast where we explore the issues today with the insider threat, or human factor, of our organizations. We also talk about ways to tackle those issues through training, culture, and technology in order to help information security and business professionals reduce risks in their environments.

Episode 20 - Interview with Kayne McGladrey on Multi-Factor Authentication Oct 02, 2017

Visit https://reddit.com/r/insiderthreat for show notes and discussion! This is a podcast where we explore the issues today with the insider threat, or human factor, of our organizations. We also talk about ways to tackle those issues through training, culture, and technology in order to help information security and business professionals reduce risks in their environments.

Episode 19 - Fourth Pillar of Insider Threat Protection: Culture Sep 25, 2017

Visit https://reddit.com/r/insiderthreat for show notes and discussion! This is a podcast where we explore the issues today with the insider threat, or human factor, of our organizations. We also talk about ways to tackle those issues through training, culture, and technology in order to help information security and business professionals reduce risks in their environments.

Episode 18 - Third Pillar of Insider Threat Protection: Training Sep 18, 2017

Visit https://reddit.com/r/insiderthreat for show notes and discussion! This is a podcast where we explore the issues today with the insider threat, or human factor, of our organizations. We also talk about ways to tackle those issues through training, culture, and technology in order to help information security and business professionals reduce risks in their environments.

Episode 17 - Second Pillar of Insider Threat Protection: Policy Sep 11, 2017

Visit https://reddit.com/r/insiderthreat for show notes and discussion! This is a podcast where we explore the issues today with the insider threat, or human factor, of our organizations. We also talk about ways to tackle those issues through training, culture, and technology in order to help information security and business professionals reduce risks in their environments.

Episode 16 - First Pillar of Insider Threat Protection: Technology Sep 04, 2017

Visit https://reddit.com/r/insiderthreat for show notes and discussion! This is a podcast where we explore the issues today with the insider threat, or human factor, of our organizations. We also talk about ways to tackle those issues through training, culture, and technology in order to help information security and business professionals reduce risks in their environments.

Episode 15 - Game of Pwns, Bots, and Government Aug 28, 2017

Visit https://reddit.com/r/insiderthreat for show notes and discussion! This is a podcast where we explore the issues today with the insider threat, or human factor, of our organizations. We also talk about ways to tackle those issues through training, culture, and technology in order to help information security and business professionals reduce risks in their environments.

Episode 14 - Trojan Horses and Trouble in Tennessee Aug 14, 2017

Visit https://reddit.com/r/insiderthreat for show notes and discussion! This is a podcast where we explore the issues today with the insider threat, or human factor, of our organizations. We also talk about ways to tackle those issues through training, culture, and technology in order to help information security and business professionals reduce risks in their environments.

Episode 13 - Copy-phish, Keyloggers, and MalwareTech Aug 07, 2017

Visit https://reddit.com/r/insiderthreat for show notes and discussion! This is a podcast where we explore the issues today with the insider threat, or human factor, of our organizations. We also talk about ways to tackle those issues through training, culture, and technology in order to help information security and business professionals reduce risks in their environments.

Episode 12 - Social Engineering and Security Culture Jul 31, 2017

Visit https://reddit.com/r/insiderthreat for show notes and discussion! This is a podcast where we explore the issues today with the insider threat, or human factor, of our organizations. We also talk about ways to tackle those issues through training, culture, and technology in order to help information security and business professionals reduce risks in their environments.

Episode 11 - Interview with Greg Maudsley from Menlo Security Jul 24, 2017

Visit https://reddit.com/r/insiderthreat for show notes and discussion! This is a podcast where we explore the issues today with the insider threat, or human factor, of our organizations. We also talk about ways to tackle those issues through training, culture, and technology in order to help information security and business professionals reduce risks in their environments.

Episode 10 - Florida Man! Jul 17, 2017

Visit https://reddit.com/r/insiderthreat for show notes and discussion! This is a podcast where we explore the issues today with the insider threat, or human factor, of our organizations. We also talk about ways to tackle those issues through training, culture, and technology in order to help information security and business professionals reduce risks in their environments.

Episode 9 - InfoSec Wisdom from Benjamin Franklin Jul 10, 2017

Visit https://reddit.com/r/insiderthreat for show notes and discussion! This is a podcast where we explore the issues today with the insider threat, or human factor, of our organizations. We also talk about ways to tackle those issues through training, culture, and technology in order to help information security and business professionals reduce risks in their environments.

Episode 8 - NotPetya, Case Studies, and Security Roundtables Jul 03, 2017

Visit https://reddit.com/r/insiderthreat for show notes and discussion! This is a podcast where we explore the issues today with the insider threat, or human factor, of our organizations. We also talk about ways to tackle those issues through training, culture, and technology in order to help information security and business professionals reduce risks in their environments.

Episode 7 - UEBA Patent, Cloud Blindness, and Entirely Too Much Cyber Jun 26, 2017

Visit https://reddit.com/r/insiderthreat for show notes and discussion! This is a podcast where we explore the issues today with the insider threat, or human factor, of our organizations. We also talk about ways to tackle those issues through training, culture, and technology in order to help information security and business professionals reduce risks in their environments.

Episode 6 - Threat Intelligence, IoT, and Friendly Fire Jun 19, 2017

Visit https://reddit.com/r/insiderthreat for show notes and discussion! This is a podcast where we explore the issues today with the insider threat, or human factor, of our organizations. We also talk about ways to tackle those issues through training, culture, and technology in order to help information security and business professionals reduce risks in their environments.

Episode 5 - Save the Data! Jun 12, 2017

Visit https://reddit.com/r/insiderthreat for show notes and discussion! This is a podcast where we explore the issues today with the insider threat, or human factor, of our organizations. We also talk about ways to tackle those issues through training, culture, and technology in order to help information security and business professionals reduce risks in their environments.

Episode 4 - Creating an Effective Awareness Program Jun 05, 2017

Visit https://reddit.com/r/insiderthreat for show notes and discussion! This is a podcast where we explore the issues today with the insider threat, or human factor, of our organizations. We also talk about ways to tackle those issues through training, culture, and technology in order to help information security and business professionals reduce risks in their environments.

Episode 3 - Policy, People, and Ninja Warriors! May 28, 2017

Visit https://reddit.com/r/insiderthreat for show notes and discussion! * *This is a podcast where we explore the issues today with the insider threat, or human factor, of our organizations. We also talk about ways to tackle those issues through training, culture, and technology in order to help information security and business professionals reduce risks in their environments.

The Insider Threat Episode 2 - Wanna Bring Down the Globe? May 21, 2017

Visit https://reddit.com/r/insiderthreat for show notes and discussion! * *This is a podcast where we explore the issues today with the insider threat, or human factor, of our organizations. We also talk about ways to tackle those issues through training, culture, and technology in order to help information security and business professionals reduce risks in their environments.

The Insider Threat Episode 1 - Hello World and WannaCrypt0r May 14, 2017

Visit https://reddit.com/r/insiderthreat for show notes and discussion! * *This is a podcast where we explore the issues today with the insider threat, or human factor, of our organizations. We also talk about ways to tackle those issues through training, culture, and technology in order to help information security and business professionals reduce risks in their environments.