Time
1 hour 11 minutes
Difficulty
Beginner
CEU/CPE
2

Video Transcription

00:00
So when model, too.
00:02
Uh, we reviewed the dastardly things that Attackers may decide to do against an organization.
00:09
A lot of bad stuff that could be done and imagine and executed. Okay, so in model three real world attacks, we're gonna look at actual examples that have happened in the world that have resulted in devastation for an organization.
00:26
Okay, so here we are. Let's talk about real world attacks. So it is important for detective to understand methods that that criminals of used so that they can understand how to find criminals. Okay, In that way, it is also important.
00:46
But for us to understand
00:49
how re a world insider threat attacks have happened
00:53
so that we can't understand how to find them howto prevent them how to detect them and saw.
00:59
So the following are some of noted examples that we're gonna review.
01:04
Okay, uh, here he is again. Mr Edward Snowden. So, um, the 1st 1 we're gonna talk about his espionage. So Edward Snowden used his system administrator access at his knowledge
01:21
of the N s A.
01:23
The National Security Agency security infrastructure
01:26
to copy large amounts of data to a drive and ultimately still that data. Okay, so this is an example. It's debatable whether it's considered espionage, but obviously it was top secret data that was stolen from an intelligence agency, and it would ended up in
01:47
in a foreign country
01:48
who is an adversary of ours. So it's hard to say it's not. But it was debatable. He says he was a whistle blower and so on. But anyway, for the academic purposes here, and as far as the authorities are concerned, it was espionage. Um,
02:05
so that is what Mr Snowden did that shows the devastation that can happen when your motivation is to steal data. And definitely when you're as motivated as he waas, you could do a whole bunch of damage, especially when you are a privileged user like he waas.
02:27
OK, so the target store scenario, we classify that as an accident.
02:32
Um, it's kind of 1/2 and half, and I'll explain why So in this scenario, the retail store Target had its internal network compromise, and this was aided by an unwitting third party insider who was doing maintenance on the H vac system. Okay, so,
02:53
unfortunately,
02:54
he had some sort of malware or something on his laptop. He brought it in, and that ended up opening a back door to the network that he was in. Well, unfortunately, there was no segmentation between the H Back maintenance network
03:10
and the Reeds hell,
03:14
part of the network that had, you know, user accounts and had access to the you know, the point click and buy database for the for user's or I'm the credit card information and so on things. Isn't that so? That the fact that that there was no division between the network allowed
03:34
the hackers
03:35
thio into the network and allow them to do bad things and go from the H Vac system over to the the customer data side of the network
03:46
and to access the database of customer account information?
03:53
And it resulted in the exposure of millions of customers
04:00
data to these hackers,
04:02
And it probably costs the *** the company many, many minutes about to try to clean that up,
04:08
and that is an example of an accident. Now, I said it's an accident because the individual who really allowed that to happen did it on accident in theory.
04:19
And of course, the hackers did it on purpose. But So as you can see there, it's all a little debate, whether it was truly an accident. But that's a good example.
04:30
All right, so now we're talking about another accident here. And this was a scenario where
04:38
an FBI agent went to a restaurant. He had some sensitive data. A folder with him.
04:45
The president of the United States was attending this meeting.
04:47
Ah, and can cans Italy. And
04:50
hey, was staying in a hotel. So the FBI agent had the plans for the hotel so that they can organize how to do security for that hotel. So they had a detailed design of no where the X is where the entrances were. You know, wherever you know, have how the building in the room was designed. Okay, so they can
05:11
come up with this trunk, you for security. And unfortunately, the agent
05:15
I went to a dinner somewhere
05:18
and accidentally left a folder at the restaurant. The folder had those plans in inside and, you know, a random person or a Someone worked at the restaurant,
05:31
found it and ended up turning it into the news. And it was a big deal. And I'm sure that the agent probably lost his job, his or her job as a result. But that shows how you know, Um,
05:46
an accident, an accident.
05:49
This closure of sensitive information could result in very potentially, very bad things.
06:00
Okay, let's talk about the DuPonts scenario. We call this financial gain in this scenario. Ah, high ranking scientist named Yang Gang of In
06:10
downloaded and stole $400 million worth of proprietary research type data
06:18
from the company. And the goal obviously was trying to make some money. And so, in the process of trying to sell that data, he ended up finding out that he was selling that data to some sort of authorities or FBI etcetera. And then he was arrested.
06:34
Amended time. And so this is an example of financial gain being the motivator.
06:46
Intervest. Okay, so this is we classify this one I did as an emotional pep scenario, and a network engineer named Ricky Jo Mitchell found out he was going to be fired. So as a result, he sabotaged the company network and systems
07:05
to do harm and cause harm to the company. As a result, it was a preemptive, preemptive strike against the company because he had information.
07:15
Uh, that obviously called a lot of emotional Billa, you know, release if you will, because he was angry or distraught that he was gonna be fired. So he did this thing,
07:30
and so I classified. That is an emotional driven scenario. It wasn't doing it to make money he was doing wasn't doing it for espionage. She was doing it because he was angry. And so that's Ah, scenario where emotions took over and a rash,
07:45
something was done.
07:49
Okay, so, uh, let's do, um, the knowledge check.
07:56
So Edward Snowden used his system administrator access and his knowledge of the N s A security infrastructure to steal top secret information.
08:07
This is an example of what?
08:16
Answer?
08:18
Espionage.
08:20
Again, That one was debatable.
08:22
Um, an FBI agent accidentally left the folder at a restaurant. The folder contained security information and detailed plans of the hotel floors that the president of the United States was staying.
08:37
This is an example of
08:43
an accident.
08:48
A DuPont scientist named Young Gang men downloaded in, stole over $400 million worth of proprietary information
08:58
in the form of abstracts and documents and attempted to sell them.
09:05
This is an example of
09:15
answer
09:16
financial game

Up Next

Insider Threats

This insider threat training course provides review of the “insider threat”. Discussed will be subjects related to people, tools, technology, and processes employed to prevent, detect and respond to the insider attack. This course will enable a student to confidently discuss “insider threat” concepts in a professional environment

Instructed By

Instructor Profile Image
Ross Coppage
Instructor