One of the biggest computer threats facing many companies comes not from the outside but from disgruntled insiders capable of doing immense harm, according to a study being presented Monday in Amherst by the U.S. Secret Service.
The Secret Service's Buffalo Field Office, in conjunction with University at Buffalo and the U.S. Attorney's Office, will present its Insider Threat Study at a seminar at UB's Center for the Arts on the North Campus. The program, which is free, runs from 8 a.m. to noon.
The study analyzed the behavior and technical aspects of computer intrusions committed by insiders at companies or organizations in critical sectors of the nation's infrastructure. Those sectors include banking, information technology and telecommunications, all of which are strong in Buffalo. Insiders are defined as current, former or contract employees.
The study looked at several dozen cases from 1996 to 2002 in which insiders used a computer or computer network to harm their organizations by stealing intellectual property, sabotaging the company or committing fraud. At least two of the cases were from Erie County.
The goal of the study is to better understand what insiders do, help industry, government, education and law enforcement to detect insider intrusions, and find better ways to prevent them in the future.
"Buffalo is a micro-banking and telecommunications city. Main Street is dotted with banking institutions and it's important for these institutions to attend," said Michael C. Bryant, special agent-in-charge of the Buffalo Field Office. "This is a great opportunity regionally for everyone to see this."
Best known for protecting the president and other top government leaders, the Secret Service was originally established to fight counterfeiting of U.S. currency. Its duties have since expanded to include protection, check fraud, other financial crimes, and electronic crimes.
The ongoing Insider Threat Study is being conducted jointly by the Secret Service's National Threat Assessment Center, which was created in 2000, and Carnegie Mellon University's Computer Emergency Response Team (CERT).
So far, researchers have looked at 23 cases in the banking and finance sectors, carried out by 26 insiders, and 49 cases across various sectors of the nation's infrastructure. Three reports have been produced and published, and researchers are now looking at insider incidents within the government.
According to the findings, most incidents in banking and finance were not technically sophisticated, with 87 percent of cases involving simple computer commands. Insiders were authorized users with active computer accounts in 78 percent of the cases. About 83 percent of the incidents took place during normal business hours and were physically done while inside the organization.
Four of five insiders sought to profit from their actions, with nearly all organizations suffering losses -- 30 percent of them over $500,000. Incidents were detected both internally and externally, by customers.
Among the incidents across sectors, the majority of insiders committing attacks were former employees seeking revenge, and who were granted "system administrator" or "privileged access" when first hired. In all, 81 percent of actions caused financial losses, three quarters hurt operations, and 28 percent harmed organizations' reputations.
About 57 percent took advantage of vulnerabilities in systems, 60 percent broke into computer accounts, created "backdoor" accounts or used shared accounts in the attacks, and 39 percent used sophisticated tools. Most incidents were carried out remotely, with 43 percent of insiders having authorized access at the time.
About 81 percent of the banking cases and 62 percent of the incidents across sectors were planned, and four of five insiders showed unusual behavior before the attacks.
The reports recommended a series of steps, including disabling access for individuals who have left, paying attention to problems in the workplace or odd behavior, and changes to computer security, including more passwords.
Bryant conceded that some of the conclusions may be obvious, but many companies and organizations have still not taken those steps. "It's an opportunity for a company to learn from another company's mistake," he said. "You would be surprised how many computers at a business are not password-protected or share passwords."
Bryant said officials expect to draw attendance from Canada, as well as from northern Pennsylvania, Albany, Syracuse, Rochester, Binghamton and Watertown.
Already, more than 150 people have registered. Registration for the program is free, but only available online. To register, go to www.ubevents.org/event.its.
This is the ninth presentation of the study nationwide by the Secret Service and its Electronic Crimes Task Forces or Working Groups with other agencies. The program and training sessions, which began in November, are being offered through September. The Buffalo office is also holding seminars in Rochester, Syracuse and Albany.