Security News > 2001 > February > FBI spy case highlights insider threat to corporate data
http://www.computerworld.com/cwi/stories/0,1199,NAV47-68-84-88_STO57889,00.html By DAN VERTON February 21, 2001 A career FBI agent with significant experience and access to FBI IT systems was charged yesterday with spying for Russia since 1985, in what FBI Director Louis Freeh has called the worst case of insider espionage in FBI history. The agent, Robert Phillip Hanssen, is accused of giving Russian intelligence agents highly classified documents and divulging details about American intelligence sources and electronic surveillance operations. In exchange, he allegedly received an estimated $1.4 million in cash and diamonds. According to a 100-page affidavit filed in the U.S. District Court in Alexandria, Va., Hanssen used his access to the FBI's Electronic Case File system, which contains classified information about ongoing FBI investigations, to check if the FBI had been alerted to his activities. Although Hanssen and his Russian handlers relied heavily on traditional spying methods, such as dead drops for exchanging packages anonymously, the case is being touted by the FBI and IT security experts as a harsh lesson in a growing threat to corporate data by insiders. "In short, the trusted insider betrayed his trust without detection," said Freeh, during a press conference yesterday. "He constantly checked FBI records for signs that he and the drop sites he was using were being investigated." Freeh has since ordered that a special panel be formed to review all FBI processes and systems and to study the issue of insider abuse. "The most important lesson to be learned from this incident is that most security breaches are the work of insiders, not outsiders," said Richard Hunter, a security analyst at Stamford, Conn.-based Gartner Group Inc. "This incident is not about cybercrime or hacking per se, but historically, the vast majority of cybercrimes are committed by insiders," said Hunter, who is also a former analyst at the National Security Agency. "Security is not mainly about software or biometrics. First and foremost, it's about people and policies." According to a recent survey of 359 companies by the FBI and the Computer Security Institute (CSI), companies lost more than $50 million in 2000 as a result of unauthorized insider access and insider abuse of IT systems. And while 38% of companies in the FBI/CSI survey reported between one and five incidents of insider abuse, 37% of companies said they didn't know how many security breaches related to insiders had taken place. Hanssen, an expert in counterintelligence methods at the FBI, was detailed to the New York Field Office's intelligence division in 1979 to help establish the FBI's automated counterintelligence database in that office. Investigators characterized Hanssen as having a "high degree of computer technology expertise." Although Hanssen was arrested while dropping off classified hard-copy documents at a predetermined location for his Russian handlers, he made extensive use of computer media, such as encrypted floppy disks, removable storage devices and a Palm II handheld computer, to communicate with Russian intelligence officers, according to the affidavit. In fact, he provided as many as 26 encrypted floppy disks during the course of his espionage activities, it said. The lesson for corporate America "is that companies tend to gain a false sense of security from strong perimeter security," such as firewalls and intrusion detection systems, said Eric Friedberg, a former computer and telecommunications crime coordinator at the U.S. Attorney's Office in New York. "What goes on behind the firewall can be even more damaging because of the degree of access insiders have." Friedberg is now a computer crime consultant at Stroz and Associates, a New York firm founded by Ed Stroz, the former head of the FBI's New York Computer Crimes Squad. During the past six months, Stroz and Associates has worked with half a dozen companies that have been victimized by insiders, said Friedberg. Those cases involved everything from deleted files to trade secrets that were mailed to unauthorized parties and cases where individuals set up competing businesses on the company's own server without the company's knowledge, he said. One way companies can protect themselves from insider abuse is to focus on what their networks can tell them about what is going on inside the company, said Friedberg. He recommended that companies look into artificial intelligence-enabled security software that can tip administrators off to "anomalous activity" on the network. "At the end of the day, all of our systems probably need to be looked at and maybe improved," said FBI Director Freeh. "But at the end of the day, what we rely upon is honest people." ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
News URL
http://www.computerworld.com/cwi/stories/0,1199,NAV47-68-84-88_STO57889,00.html