Spotlight On: Programmers as Malicious Insiders -- Updated and Revised

Abstract : This White Paper updates the 2008 article Spotlight On: Programming Techniques Used as an Insider Attack Tool. The white paper begins with a discussion of the who, what, when, where, and how of insider attacks, and covers case examples of malicious insiders who attacked using programming techniques. The paper highlights technical malicious insiders who use their skills to create scripts or programs that harm their organizations. The insiders in these attacks were able to modify source code, set logic bombs to destroy data, and write programs to capture user credentials. Insiders who use programming techniques to attack most often commit sabotage and fraud. Their motives are most commonly revenge and financial gain. The insiders in these cases most commonly use their own information technology (IT) account and have authorized access to the source code or systems that they attack. The insiders described in this paper span all age ranges, work in all industry sectors, and attack both while on-site and from remote locations. Though these insiders were highly technical, all of the attacks in this paper could have been detected earlier or prevented by following the recommendations in the CERT (registered trademark) Insider Threat Center's Common Sense Guide to Mitigating Insider Threats, 4th Edition.