An Analysis of Technical Observations in Insider Theft of Intellectual Property Cases

Abstract

Since 2001, the Insider Threat team at the Software Engineering Institute's CERT(Registered Trademark) program has built an extensive library and comprehensive database containing more than 550 cases of insider crimes. More than 80 of those crimes involved the theft of an organization's intellectual property (IP) by a malicious insider. These crimes can be particularly damaging to an organization because it is often difficult or impossible to recover from a loss of confidentiality. This report provides an overview of techniques employed by malicious insiders to steal intellectual property, including the types of assets targeted and the methods used to remove the information from a victim organization's control. Specifically, this study seeks to use the new CERT Insider Threat Lab to better understand the threat of malicious insiders. Part of this ongoing effort involves detailed study of the types of crimes cataloged by CERT, as well as extending previous work in behavioral modeling efforts to better explain how insiders behave and carry out their attacks on organizations. This initial study analyzes the current trends of how insiders actually steal IP. We analyze 50 incidents involving insiders who stole IP to better understand the trends and methods insiders use to exfiltrate sensitive data from an organization. Results show that the methods used by malicious insiders to steal IP ranged widely. In the 50 cases studied, the top three methods that insiders used to steal sensitive data were email from work: 30 percent; removable media: 30 percent; and remote network access: 28 percent. Insider use of both personal and work email remains a primary method for using networked resources to quickly exfiltrate information from an organization. The report closes with a brief discussion of mitigating factors and strategic items that an organization should consider when defending against insider attacks on intellectual property.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Feb 01, 2011
Accession Number
ADA549391

Entities

People

  • Joji Montelibano
  • Matt Houy
  • Michael Hanley
  • Randall F. Trzeciak
  • Tyler Dean
  • Will Schroeder

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Application Protocols
  • Commerce
  • Communication Channels
  • Computer Programs
  • Computers
  • Data Exfiltration
  • Department Of Defense
  • Engineering
  • Governments
  • Insider Threats
  • Intellectual Property
  • Law
  • National Security
  • Observation
  • Security
  • Software Development
  • Trade Secrets

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Systems Analysis and Design