Shostack + Friends Blog Archive

 

About those insiders

Over at TaoSecurity, Richard writes about a new report from CERT/CC and the Secret Service, studying “23 incidents carried out by 26 insiders in the banking and finance sector between 1996 and 2002.”
I’m very glad that they’re doing this. I think that actually studying how bad guys carry out attacks is critical for defending against them. The open questions about how many attacks happen, how they’re carried out, and what defenses really work are staggering. We exist in a dense fog of prejudice that these reports can dispell.
(Incidentally, I agree with Richard’s other point. Ted Kennedy being caught by the no-fly list is much like an IDS: Its a good idea with great marketing that turns out to have a lot of operational problems, and really just ends up wasting a lot of time and energy that could be better spent on other efforts towards security. Watch lists at airports, as far as we know, have caught exactly zero terrorists, two members of Congress, and all the David Nelsons of the world.)