FBI says rogue employees tap cloud resources to hack their employers

News by Steve Gold

The FBI is now offering a guide on how to tackle the IT-savvy rogue employee problem.

The FBI has issued a warning that employees - and ex-employees - with a grudge are now using cloud resources and other leading edge technologies to hack into the IT systems of their employers and ex-employers.

It says that it has noticed staffers using advanced IT resources to get their own back on employers with who they are unhappy with.

Interestingly, the methodologies used can appear quite benign, says the FBI and its sister agency, the US Department of Homeland Security. For example, a former member of staff could use Dropbox to exfiltrate data out of a company, and then use this as a commercial advantage when they join another business.    
"The exploitation of business networks and servers by disgruntled and/or former employees has resulted in several significant FBI investigations in which individuals used their access to destroy data, steal proprietary software, obtain customer information, purchase unauthorised goods and services using customer accounts, and gain a competitive edge at a new company," says the FBI analysis of the problem.

"Additionally, multiple incidents were reported in which disgruntled or former employees attempted to extort their employer for financial gain by modifying and restricting access to company Web sites, disabling content management system functions, and conducting distributed denial of service attacks," says the US agency.


To counter the problem, the FBI has produced a list of safeguards that include the conducting of a regular review of employee access and termination of any account that individuals do not need to perform their daily job responsibilities.

Employers should also consider ensuring third party service companies providing email or customer support know that an employee has been terminated, as well as restricting Internet access on corporate computers to cloud storage websites.

The FBI has helped to publish an advisory guide entitled `Combating the Insider Threat.'

Peter Wood, CEO of pen-testing specialist First Base Technologies, said the problem of rogue employees is an issue which most companies he deals with are potentially vulnerable.

"It's a massive challenge to beat this problem," he said, adding that one solution would be to use a two-stage protection system for defending critical company data, and for only one of those protections needing to be revoked to effectively block access to the data.

"If you have proper PKI security enabled, then it's a relatively easy task to revoke access when someone leaves. This provides you with what is clearly an extra later of security," he explained.

Wood went on to say that he advises clients - where appropriate - to use a belt and braces approach to security, so that, if one step fails - for whatever reason - the second layer of security mans that all is not lost.

"These sort of security systems can be tricky to set up, but once they are, everything can automated, with HR handling the required settings," he explained.

Very real threats

Mark James, a security expert with ESET, said that these types of threats are very real indeed. Far too often, he explained, internal admin user accounts are rarely changed even after IT staff leave and with all that knowledge it's all too easy to cause actual harm to Web services, servers or even subscribed services that the company uses. 

"Former employees," he said, may also use relationships with colleagues to gain access to systems, by continuing to communicate with friends or colleagues that still work at the company, either by sending infected emails or supplying them free software for internal use.

So what can you do to protect yourself against this type of attack?

Firstly, says the FBI, make sure you review the access your staff have, from top to bottom. Secondly, have a good policy in place for using personal outsourced cloud service storage. Thirdly, have a good process in place to change passwords periodically; make sure that not only internal staff are aware once someone leaves, but also your external companies that supply services.

Tony Marques, a cyber security consultant with the Encode Group, said that there is no silver bullet, but - in addition to IT controls such as data loss prevention and log monitoring - tried and tested measures such as having a (people) security policy enforced with a joining and leaving process that can include an audit of user access is a fundamental.

Kurt Mueffelmann, CEO of Cryptzone, took a different view. He said there has to be a degree of trust placed on an employee while contracted to an organisation.

"As part of this, access to commercially sensitive material is a given for particular roles. In an ideal world employees wouldn't steal, but sadly this is not the world we actually live in. In fact, according to a Ponemon Institute survey, around 50 percent of employees admit to taking employee data when they leave a job. Organisations should take steps to prevent data from being removed in the first instance," he said.

"At the very least, the ability to identify when theft has occurred, so steps can be taken to minimise the damage", he added.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews