The insider threat is a constant and tricky problem for cybersecurity. Hard to detect, and often disguising their actions to bypass security controls, it requires the most stringent security measures to catch malicious insiders in the act, which can potentially involve crossing the line on monitoring employees.
There is always a concern that employees may be disgruntled or seek alternative ways to earn money. In a recent case, Amazon investigated reports that employees were taking bribes to leak confidential sales information and internal data to independent merchants selling their products on the site. Employees were reportedly contacted via secure messaging apps, leading to further concerns about how insiders are communicated with.
With this fresh example of how a rogue outsider can get to your employees and impact your data privacy, we bring you the top 10 notorious examples of when the insider threat hit big.
Top Ten Insider Threat Cases
Edward Snowden
A former contactor for Booz Allen Hamilton working at the NSA, Snowden disclosed almost two million files in 2013.
Source: Bloomberg
‘Kim’
In South Korea, a 24-year-old man was among those charged with leaking 27 million data files from various online gaming website registrations, including names and passwords. He sold them to make $390,919.
Source: CSO
Chelsea Manning
The former US army soldier turned over approximately 500,000 documents and sets of information to WikiLeaks in 2010, including diplomatic cables and details on air strikes.
Source: Wired
Jason Needham
Needham stole blueprints from the FTP server of his former employer Allen & Hoshall, taking schematics, staff emails and budget and marketing documents.
Source: The Register
Jiaqiang Xu
A former IBM software engineer stole proprietary source code to make software to sell to customers, before voluntarily resigning in May 2014. He was sentenced to five years in prison in January 2018.
Source: Reuters
Christopher Grupe
After being suspended and ultimately resigning from the Canadian Pacific Railway, Grupe logged back into the network to delete files and change passwords, leaving admins unable to log into switches.
Source: The Register
Walter Liew
Liew was convicted of economic espionage and theft of trade secrets, selling DuPont technology to China for the production of a valuable white pigment.
Source: SFGate
Ricky Mitchell
The former network engineer reset servers to original factory settings after finding out he was due to be fired, disrupting business operations at EnerVest for a month.
Source: Computer World
Anthony Lewandowski
Before founding Otto, Lewandowski was alleged to have stolen 14,000 confidential files from Waymo when it was a part of Google, his former employer.
Source: The Guardian
Nghia Hoang Pho
The 68-year-old man worked at the NSA for 12 years, and between 2010-2015 he stole classified material, such as documents and hacking tools. He was sentenced to five and a half years in 2018.
Source: ZDNet