In recent years insider threat and social engineering techniques have been ever so prevalent. It is the combination of these two techniques that make it almost impossible to detect and mitigate. One well known insider threat used social engineering within a classified data center and happens to be one of the most wanted in the latest espionage cases in The United States. There are two distinct classifications of social engineering and several social and psychological characteristics that may let you know who may be considered an insider threat at the work place.
The two major categories of social engineering are:
Some of the psychological and social characteristics of insider threat detection are:
- Showing financial troubles by complaining in the work place about bills and asking to borrow money
- Moody and angry disposition
- Continuous family drama and problems that may result from work or is constantly talked about at their place of employment
- Drug and alcohol abuse
Now that you know some of the basic characteristics and the different categories of social engineering and insider threats, let’s see if you can detect some of these in the following brief case scenario:
Joe is a manager of a big box store that recently opened and is named “Housing Warehouse Stores.” The technology in the new store was state of the art. The newly opened store was supplied with its own independent client servers, patch panels, and communication demarcation access point for the communication fiber backbone and distributed LAN and WAN network system. The system connected back to their corporate headquarters located just outside of New York City. Since the store was so new, Joe needed to check on their new system, which was enclosed in a com closet located in the back of the store.
Joe the manager was awfully tired. He really did not have any subordinates that he actually managed. It was all him and occasionally someone would volunteer to assist him. They were usually students working part-time there at the store since there was a local nearby college. He had his share of volunteers. However, there was always that danger of trust, especially with workers who would come and go. The attrition within the chain of stores for stock clerks and helpers was terrible. It was all up to Joe to maintain the specialized rack of server appliances that connected his store to corporate systems and the main third-party payment processing system. Despite his exhaustion, Joe tended to his duties of inspecting the new equipment located in the com room.
He sat his detailed notepad down on one of the near-by server racks to take a closer look at some of the below floor cooling vents. It seemed to be awfully warm in the closet. He immediately ran over to the cooling unit, called a CRAC unit and noticed that the temperature was rising rapidly. The com room had to maintain a constant room temperature of 68 degrees Fahrenheit in order to maintain and keep the multiple of server appliances running at peak condition. The temperature in the com room had already reached 78 degrees. Once the com room hits 80 degrees, servers will start shutting down.
Joe was not going to let that happen! Joe ran up to the front of the store to make an emergency maintenance call. He called the stores regularly assigned HVAC maintenance technician. The technician just so happened to be his best friend from high school. It was a small town. They went back years, all the way to elementary school. However, Joe knew his friend suffered from severe gambling and drinking problems. He was always sober or at least appeared to be sober all the time during working hours.
Jim had just arrived on the scene and they got caught up on old times. He trusted Jim and would always leave him to complete his technician work on the new HVAC system. Jim had gotten to the new store just in the nick of time. After-all he was the contractor on-site that installed the system. He had warned them about installing such a generic CRAC unit from the start. However, it was always costly, and so it went, the installation of an unreliable system. Joe had already left the com closet to tend to other areas of the store. He left Jim there by himself. Jim as he had always done started to scan over his work environment.
The room was humming from all of the new shiny equipment. Jim immediately noticed the pad that was on top of the server rack. He quickly glanced through it. It must be Joe’s he exclaimed to himself. Wow! This is awfully detailed information. It even has administrator passwords. Well, Joe would have been smart enough to change them he thought and without hesitation Jim started copying the IPs and admin passwords. I will challenge myself as a penetration tester, he thought. Jim wanted to sharpen his computer tech skills. He would hack just for the fun of it along with other members of his cyber gang that he had started while attending high school. He gently placed the notebook back on the server rack where he had found it. He finished up his service order and politely reported back to his old friend Joe. “All done!” he exclaimed. “The system is back to cooling, and the room is at a steady temperature of 68 degrees,” he stated. “Just call me if it gives you any more trouble! Don’t be a stranger. We’re friends with history,” he exclaimed again to Joe. “We are all finished here!”
Case Study I Questions:
Download Case Study
- Is this external or internal social engineering? Explain?
- Is there adequate personnel available for securing the newly installed system?
- What type of technology can the potential insider threat get access to?
- What did Joe do wrong as far as preventing access to theft of data?
- What could a potential bad actor accomplish once they retrieved the sensitive information contained in the notepad?
- What are the characteristics of the potential insider threat person of interest?