7.1.2 Case Study 18
The insider, a contractor, was employed by the victim organization, a high technology company
that developed and manufactured various computer components. The insider worked for the
organization for a few years before moving to the division where the incident occurred. The
insider worked in the supercomputer division (SCD), which was devoted to creating extremely
valuable supercomputers used for functions such as ensuring nuclear weapons safety. The
computers were password protected, and the highly sensitive data was stored in an encrypted
form. The division experienced a problem with its email systems, leading to a dispute between the
insider and a systems administrator. The insider became disgruntled when his suggested approach
to addressing the problem was not applied, and the systems administrator ultimately resolved the
email issue with a different approach. The insider decided to leave this division of the
organization because he felt that any decision he made would be superseded by the systems
administrator. The organization disabled the insider’s passwords to all but one of the
supercomputers (Computer X). Subsequently, the insider began working as a contractor for
another division within the victim organization. A year after the insider’s dispute with the systems
administrator, a colleague noticed that the insider was running a gate program, which enabled the
insider to remotely access the organization’s computers. The organization’s security policies
explicitly prohibited using gate programs because they breach firewall programs the organization
uses to prevent computer intrusions. The colleague confronted the insider, who responded that he
used the program to access his email while he was traveling but was aware that it violated the
organization’s security policy, and he agreed to modify the program. Five months later, the same
colleague noticed that the insider was using another gate program and confronted the insider
again. The insider requested that his account for that specific computer be closed, and transferred
his gate program to Computer X. The insider downloaded a password cracking program and ran it
on Computer X. The insider obtained a password for one of Computer X’s authorized users,
which he then used to log onto Computer X and copied its complete password file. The insider
uploaded this password file to another SCD computer and used it to obtain 35 user passwords for
those working in the SCD. The insider’s goal was to use the breach to demonstrate that the
security in the SCD had declined when the insider departed and to regain the respect he lost when
he left the SCD. The insider ran the crack program on another SCD computer and used it to obtain
additional information to demonstrate the inadequacy of the SCD’s security. A colleague noticed
that the insider was running the crack program and that the insider’s password for Computer X
had not been disabled. The colleague reported this to a network security specialist and the local
police department. The insider was arrested, convicted, ordered to pay $68,000 restitution, and
sentenced to five years of probation followed by 480 hours of community services. If the insider
did not fulfill these obligations, he was to serve 90 days in jail. The restitution order was reversed,
and an appellate court later expunged the conviction.
1. What security lapses happened and how did the organization suffered?
2. What are the factors that led to this event?
3. What should have been done in order to prevent this issue?
Solutions:
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Erickgoose. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for £7.49. You're not tied to anything after your purchase.
