The insider threat is a constant and tricky problem for cybersecurity. Hard to detect, and often disguising their actions to bypass security controls, it requires the most stringent security measures to catch malicious insiders in the act, which can potentially involve crossing the line on monitoring employees.
There is always a concern that employees may be disgruntled or seek alternative ways to earn money. In a recent case, Amazon investigated reports that employees were taking bribes to leak confidential sales information and internal data to independent merchants selling their products on the site. Employees were reportedly contacted via secure messaging apps, leading to further concerns about how insiders are communicated with.
With this fresh example of how a rogue outsider can get to your employees and impact your data privacy, we bring you the top 10 notorious examples of when the insider threat hit big.
1 - Edward Snowden
A former contactor for Booz Allen Hamilton working at the NSA, Snowden disclosed almost two million files in 2013.
Source: Bloomberg
2 - ‘Kim’
In South Korea, a 24-year-old man was among those charged with leaking 27 million data files from various online gaming website registrations, including names and passwords. He sold them to make $390,919.
Source: CSO
3 - Chelsea Manning
The former US army soldier turned over approximately 500,000 documents and sets of information to WikiLeaks in 2010, including diplomatic cables and details on air strikes.
Source: Wired
4 - Jason Needham
Needham stole blueprints from the FTP server of his former employer Allen & Hoshall, taking schematics, staff emails and budget and marketing documents.
Source: The Register
5 - Jiaqiang Xu
A former IBM software engineer stole proprietary source code to make software to sell to customers, before voluntarily resigning in May 2014. He was sentenced to five years in prison in January 2018.
Source: Reuters
6 - Christopher Grupe
After being suspended and ultimately resigning from the Canadian Pacific Railway, Grupe logged back into the network to delete files and change passwords, leaving admins unable to log into switches.
Source: The Register
7 - Walter Liew
Liew was convicted of economic espionage and theft of trade secrets, selling DuPont technology to China for the production of a valuable white pigment.
Source: SFGate
8 - Ricky Mitchell
The former network engineer reset servers to original factory settings after finding out he was due to be fired, disrupting business operations at EnerVest for a month.
Source: Computer World
9 - Anthony Lewandowski
Before founding Otto, Lewandowski was alleged to have stolen 14,000 confidential files from Waymo when it was a part of Google, his former employer.
Source: The Guardian
10 - Nghia Hoang Pho
The 68-year-old man worked at the NSA for 12 years, and between 2010-2015 he stole classified material, such as documents and hacking tools. He was sentenced to five and a half years in 2018.
Source: ZDNet