INSIDER THREAT

Protect organizations against the abusers from inside who have malicious intent and losing of sensitive data are one of the biggest threats that organizations face. It may include personal/business information of the employees as well as details on businesses- actions during the years of daily works. Often, the biggest threat is not from the outside your organization, but from the inside. The 2011 Cybersecurity Watch survey that made by Software Engineering Institute at Carnegie Mellon revealed that 27% of Cybersecurity attacks against organization were caused by disgruntled, greed, or subversive insiders’ employees, or contractors with privileges to access the organization’s network systems or data.


Therefore, most difficult problems faced by organizations are spyware. It is cost more than viruses because it’s well designed to b untraceable and undetectable. Studies have shown one after the other, the naked truth in relation to the changing nature of security in the present day. The most dangerous threats in regard to the information and equipment owned by the organizations, not represented in the cyberspace criminals no malicious code in the default locations, but are the employees who are the subject of confidence.

System administrators in your organization generally have a complete privileged access to the entire organization data, as they have the responsibility to manage and protect it. In most organizations, the weakest link in the security system is the internal threats. Your organization safeguard and mitigated external threats proficiently, by using a combination of antivirus, intrusion protection and dedicated firewall appliances, but they won’t protect your organization against an IT employee gone rogue.

In recent years, there has been an increase on cases of insider incidents in many organizations. Thus, a publication from Carnegie Mellon/CERT identifies a number of best practices to address insider threats. These include:

PRACTICE 1: CONSIDER THREATS FROM INSIDERS AND BUSINESS PARTNERS IN ENTERPRISE-WIDE RISK ASSESSMENTS.

PRACTICE 2: CLEARLY DOCUMENT AND CONSISTENTLY ENFORCE POLICIES AND CONTROLS. PRACTICE 3: INSTITUTE PERIODIC SECURITY AWARENESS TRAINING FOR ALL EMPLOYEES.

PRACTICE 4: MONITOR AND RESPOND TO SUSPICIOUS OR DISRUPTIVE BEHAVIOR, BEGINNING WITH THE HIRING PROCESS.

PRACTICE 5: ANTICIPATE AND MANAGE NEGATIVE WORKPLACE ISSUES

PRACTICE 6: TRACK AND SECURE THE PHYSICAL ENVIRONMENT

PRACTICE 7: IMPLEMENT STRICT PASSWORD AND ACCOUNT MANAGEMENT POLICIES AND PRACTICES.

PRACTICE 8: ENFORCE SEPARATION OF DUTIES AND LEAST PRIVILEGE.

PRACTICE 9: CONSIDER INSIDER THREATS IN THE SOFTWARE DEVELOPMENT LIFE CYCLE

PRACTICE 10: USE EXTRA CAUTION WITH SYSTEM ADMINISTRATORS AND TECHNICAL OR PRIVILEGED USERS.

PRACTICE 11: IMPLEMENT SYSTEM CHANGE CONTROLS.

PRACTICE 12: LOG, MONITOR, AND AUDIT EMPLOYEE ONLINE ACTIONS.

PRACTICE 13: USE LAYERED DEFENSE AGAINST REMOTE ATTACKS.

PRACTICE 14: DEACTIVATE COMPUTER ACCESS FOLLOWING TERMINATION.

PRACTICE 15: IMPLEMENT SECURE BACKUP AND RECOVERY PROCESSES.

PRACTICE 16: DEVELOP AN INSIDER INCIDENT RESPONSE PLAN.

In addition, you need to set up a data-loss prevention system, so IT departments should install a system to filter and monitor outbound network traffic to prevent data from leaving the organization networks. It is recommended that all organizations check the outbound data packets, as well as inbound ones. By, controlling, understanding and monitoring outbound network traffic, you can significantly increase the chance of preventing malicious activities from affecting your organization.

Furthermore, you should educate your organization’s employees about the danger of insider threat, especially IT staffs, should get regular training about latest developments in security threats and how to detect malicious behaviors performed by a co-worker. An annual awareness courses should be accompanied with the distribution of brochures, flyers and handouts about recent security threats to all departments in the organization.

Finally, to understand the insider threats and dangers on your organization the Chief of Information Officer (CIO) and others within the circle of information technology they should continued check and access the organization’s status report, to stand on the state of enterprise environment, and what are the policies that work and those don’t, to adjust those policies according to that. Hence, automated auditing and surveillance, will give IT security staff sufficient flexibility to allow some specific services and applications, while maintaining arrangements to monitor the activity of workers. For example, if allowed some of the accounts staff to access a specific applications especially in financial matters, they must also know whether the user tries to access to all these applications, either to be malicious intent behind it, or a legitimate need.

Cloud Computing; is it the near future Technology?

Cloud Computing simply define as variety of services that delivered over the internet. Most often benefit’s users of this technology are large companies, organizations, educational institutes and very limited number of ordinary internet users.


The National Institute of Standards and Technology (NIST) define the Cloud computing as a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

There is no doubt this new technology- revolution in near future will change the course of dealing with Devices (e.g., laptops, Cellophanes, Desktops, PDAs and etc). Those devices will be just a transit station for accessing to the cloud computing server that contains your storage space, documents, and applications to deal with your data over the internet.

The Cloud Computing infrastructure depends on providing large storage space, data centers, and networks, its role to offering programs and applications as services for the users, and relies heavily on technology of Web 2.0.

1. Pros & Cons of Cloud Computing



Like anything else cloud computing has advantages and disadvantages which also has its limits. Below I will cover some of these points.



a. Pros



• Cost Saving: it reducing the purchase of equipment.



• Limitless computing and storage: There is no limit to the storage and processing on the cloud theoretically, but there are some obstacles in practice.



• Focus on core business instead of IT: Business owners need to focus on their core mission rather than trying to process and manage information technology.



• The provision of resources and a more dynamic: Users can provide the computing resources they need at any time and in a dynamic way.



• More effective: It does not matter whereabouts of your “machine” the most important is to operate it well and that service is available constantly.



• IT-friendly environment: the cloud computing and virtual environment in general will play very important role to be effective in the development of the "Green IT". These new techniques of the cloud computing will reduce the amount of energy emitted from the physical servers by hosting the applications on the virtual machine to perform the same tasks on physical server. In addition, it will reduce the amount of the energy that you need to cool or operate the data center content on those servers.



b. Cons



• Security: is very annoying word for cloud computing business .leaking out confidential information and data through the cloud computing system might cause huge loss and risks to the corporation. Therefore, security issues is one of major demerit of cloud computing.



• Requires continuous Internet access: if you lose your internet connection that means your OFF period is out of work.



• Lack of control: when the cloud goes down the IT managers will be helpless because there isn’t visible infrastructure.





2. Challenges impeding the cloud computing



Cloud computing puts many obstacles in the way of those who want to use;





• Can be trusted storage?



• If terrorists initiate cyber-attacks on some number of clouds computing what will happen to your business?



• Privacy still not clear term in cloud.



• Ownership of the data?



• How to guarantee that level of service is meeting the real business needs?



• Is it provides this service always? What about service level agreements?



• Network Connectivity?



• What about the Internet and connect to the network access servers and the various services on the cloud?



• Joint action and integration of services between the clouds.



• Is there a possibility to move from a vendor service to another without the need to change the text and the environment in which I work? Cannot prove or compliance review afterword.







3. Skills required for the change to the cloud



Cannot operate without a cloud computing technology; humans will need IT professionals to work more to provide basic business functions. Most companies will run into some technical elements of the cloud and others outside, which requires the cooperation and fruitful creative services for the management of difference between internal and external work. For example, some institutions will need to put some regulations on the Internet and combine some of the services and network engineers will also need to solve some problems, direction and management and to address various challenges. All of these elements work of IT will blend within the environment of the cloud.



Therefore, will be need for well-trained IT professionals in order to accommodate this kind of changes, also by learning new techniques of controlling infrastructure, observing the virtual machines, development platforms and the way in which application is published and made available to any provider of cloud.

Anonymous Group “Hacktivism”

During the revolution of Information Technology in early1990s and tremendous growth of its services and quality in the 2000s, many virtual communities materialized on Cyberspace. “Anonymous group” one of them and it has attracted huge attention recently by the quantity of operations made by the group.


The questions rose: Who are they? Why they do that? And what kind of operations they adapt?

Anonymous or "Hacktivist" is a collective hacker group, with no formal leader. According to Wikipedia, Anonymous emerged in 2003, but it became popular in 2008, when the group organized controversial actions as attacks on the Church of Scientology (the so-called "Operation Chanology") and hacked a forum run by the Epilepsy Foundation of America to display flashing animations with the intention of triggering headaches and seizures in epileptics.

First thing to consider is that Anonymous is not one organized group. There are many people claiming to be part of Anonymous but don't know each other. Individuals would suggest a campaign and the others help or don't according to their inclination. Recently, Anonymous group became more organized virtually. When they declare an attack operation, it would attract attention, and that requires many preparations to avoid this cyber attack.

Anonymous Group announce their operations on the Social Media - YouTube, Twitter, Facebook, and forums - and it finds large echo that spreads quickly among these groups. Anonymous share the announced operation from everywhere in the world, they speak different languages and different thinking but they have the same objective. This Group has flag conveying symbolism associated with Anonymous.

The picture of the "suit without a head" represents a leaderless organization and anonymity. Anonymous use this motto as their signature "We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us".

Anonymous did many operations that completely annoyed the international society, especially after supporting Wikileaks and started their operations to show the world they can change fuzzy facts into what they feel is true regardless if it is an ethical way or not. Based on research by VeriSign and open sources, you will find below some of Anonymous operations done recently. The examples below not praising or marketing the group, it is just show where they are up to in Cyberspace,

Mar. 29, 2011 - Operation Britain: Anonymous released a manifesto against the British government and the British media (ie the BBC, who had the site offline a few days after the group disclosed its manifesto), claiming the media, and in particular the BBC, has been distorting the news, exaggerating the role of a violent few, and failing to adequately address the underlying reasons for the recent march and protest in London.

Mar. 2011 - # OpNewZealand (aka # OpNZBlackOut): Anonymous protests against New Zealand bill about anti-piracy and copyright protection, which includes a three-strikes rule where local Internet Service Providers (ISP) must disconnect and fine online users who received three complaints about sharing copyright protected material.

Mar. 2011 - # OpPalestine Anonymous members launched a cyber attack against The American Israel Public Affairs Committee (AIPAC). The attack is aimed at the website, aipac.org, and conducted via a modified LOIC (Low Orbit Ion Cannon) used to execute DDoS attacks.

Mar. 22, 2011 - # OpAustralia: Protests apparently against Australian government and Prime Minister Julia Gillard.

April 06, 2011 - # OpACTA (Mexico): Series of online and real life protests in the streets of Mexico city to protest about Mexican congress discussing the Anti-Counterfeiting Trade Agreement (ACTA) pact .

April 07, 2011 - # OpSpain and Operación V de Votaciones (Spain): To protest against political parties who support Sinde Law, a Spanish bill to regulate online copyright and fight online piracy. It includes street protests and DDoS attacks scheduled to May 20th.



June 15, 2011 - Operation Malaysia (# opMalaysia): DDoS attack against Malaysian government website to protest against the Malaysian government's Communication and Multimedia Commission ban on 10 file-sharing sites and censoring WikiLeaks.

August 13, 2011, Kuwait: Anonymous hacktivists who identify themselves as AnonKuwait defaced the Fast Telecommunications (FastTelco) website, a major Internet service provider in Kuwait, who Anonymous claim has been dishonest about pricing, Internet speed, and has been following a draconian government download policy.

Jan. 2011 - # OpVenezuela: Operation against Venezuelan government, after the parliament in Venezuela had approved a law which will tighten the rules regulating Internet content.

May 29, 2011 - # OpGreece: Hackers group "Anonymous" declared Operation Greece, an online attack against the International Monetary Fund (IMF) 's website over the strict conditions imposed by its bailout for Greece. The group created a website criticizing the austerity plans imposed on Athens by the 110 billion euro joint European Union-IMF rescue.

June 03, 2011 – Operation Syria: Series of attacks targeting Syrian embassies after Syrian government had shut down the Internet within Syria to censor local protesters (Reference: news story).

From ethical prospective what Anonymous group did is not accepted at all .because, the severe damage that happened from this attack it causing much negative reflection on the government and business. When Anonymous group attacked SONY Play Station they stop their portal for 2 months to clean it and that cost 170 Million dollar. If we take this as damages measurements you see how much their action were exaggerated. This kind of cyber-attack cause damage in human life and might and loses jobs.

Apart from their reason to start their Operations, anonymous group might exploit to be a reason for criminals attack from terrorist group and they use same technique to drag some sympathetic from the public .

In my point of a view, Anonymous should be consider misdemeanor group even they did some attack to stop Child-porn-Site. That should a Cyber-law control the illegality policies.

Anonymous has become a reality and they feel they have their own "law" regardless of international rules. Therefore, they are a fact and will be in front of you always. We in the Technology community should compromise this issue and find solution, because they will not ever stop.

Use of Internet to counter the appeal of Terrorism

In recent years the world has experienced a tremendous advancement in the technological field. Internet is one of the hi-tech tools which is being used to bring communities together, ensure access to information and empower populations. Unfortunately, at the same time, the wrong doers use this boon as a means to advance their criminal goals, and organize terrorist acts. Spreading an audio or video containing terrorist element is not the only type of terrorism that benefits from the internet. There are other elements for which criminals take resort to the internet for attaining their goals. These include: cyber attacks, fund raising, recruitment, training, secret communication, data mining, propaganda, radicalization etc.



In the face of the phenomenon of terrorism, the Organization of the Islamic Conference has always upheld clear principled stand based on the teachings of the noble Islamic faith which is anchored in peace and tolerance and which considers terrorism, in all forms and manifestation, as one of the most serious crimes and perversions, a crime for which it has set most severe sanctions. Indeed it sets for this abominable crime exceptionally rigorous retributions, so as to preserve the inviolability of human life, and protect the citizens against aggression or terror. Islam also endeavours to combat terrorism at its roots whatever its possible underpinnings, whether political, economic, social or technological.



These stands were evidenced over the past decades through the Organization’s endeavours to mobilise energies and efforts to fight against terrorism. Also the Organization issued in 1994 a Code of Conduct in the fight against terrorist acts, a code to which all Islamic States are committed. The OIC’s efforts in this connection were crowned in July 1999 with the establishment of the Convention on Combating Terrorism which is the only Convention having a definition of terrorism.



Terrorism is a very wide term, so its application is, as there is no internationally agreed definition of ‘terrorism’. Effecting counter terrorism measures and the promotion of human rights should be complementary and mutually reinforcing. It is essential that in the definition of any terrorist offense, criminal liability is limited to clear and precise provisions based upon the principle of legality. Secondly, concerns have been raised as to the legitimacy of broad offences relating to incitement or provocation to terrorist violence, or training for terrorism on the Internet. A third area of concern relates to measures taken by governments to monitor the Internet, as these may necessarily entail the unwarranted capture and retention of private communications data from ordinary citizens, as well as suspected criminals.



The internet is not an unmitigated blessing for the terrorists. This very powerful tool can be used to counter the appeal of terrorism. Since terrorism is a global phenomenon, stand alone approach would not effective to fight the new foe. The issue needs both political and technological approach at the international and regional level. At the global level, the UN Counter Terrorism Implementation Taskforce (CTITF) under the UN Action to Counter Terrorism can play a leading role. In the following areas the United Nations may contribute to counter the appeal of terrorism through internet:



a) Facilitating Member States sharing of best practices.

b) Building a database of research into use of the Internet for terrorist purposes.

c) Through more concerted efforts and work on countering extremist ideologies.

d) Creation of international legal measures aimed at limiting the dissemination of terrorist content on the Internet.



The role of the relevant of actors outside the traditional political sphere in countering terrorism on the Internet can not be ignored. The industry clearly has an important role to play, not just in maintaining the stability of the Internet and providing the means to protect data from would-be attacks, but also to safeguard standards of acceptable content. To this end, the technological experts can come forward with their recommendations so that the use of internet is more secured for peaceful means, not a tool for the terrorists.



There is an enormous role for civil society-both in the form of formal organizations and, as ordinary Internet end-users.



In addition to the leading role of the UN, the regional organizations can share their experience and expertise in combating the cyber crimes through sharing information and expertise.



We in the Organization of the Islamic Conference strongly denounce terrorism in all its forms and manifestations and support the international campaign to combat terrorism and the many committees monitoring all dimensions of terrorism.

Stop Online Piracy Act (SOPA)

There are currently major controversies on the draft of resolution that provided by one of the U.S. Congress Representatives Mr. Lamar Smith on October 26th 2011, so-called SOPA (Stop Online Piracy Act). Not clear yet what will happen, but Internet will remain free in the United States until end of next January, as the members of the U.S. Congress postponed the deadline until this particular discussion of the bill Stop Online Piracy Act (SOPA), which the opinion of its authors intended to help in the fight against the “electronic piracy”. But many CEO’s of large companies and Internet users believe that law will restrict the freedom of Internet use in the United States and the censorship might result technical damage to the internet.

SOPA act is expected to replace the current Act of Digital Millennium Copyright Act (DMCA). In the United States today if SOPA is approved, there will no longer be a need to review the official bodies as it would be possible to ask the owners of the site that publishes pirated materials, or go to court to appeal against that, directly the warning will be from SOPA and it give 5 days to move your materials or it will be censorship. This act is welcomed and supported by Microsoft, Adobe, Apple, Dell and Intel. On contrary it faces huge rejection from Google and Yahoo, Facebook, Twitter, Mozilla and eBay, Linkedln, AOL, and Zynga.

GoDaddy, one of the biggest domains providers company in the world, supported the SOPA act consequently within 24 hours it faced a huge storm of account cancelations and domain transfers to competitor companies. Later, GoDaddy withdrew from supporting this act and said it “will stand by society’s decision”. But this doesn’t change much and GoDaddy will continue to suffer from the reaction. It is not a coincidence, to find supporters of SOPA from producing companies that suffer from electronic piracy, as well as to find protestors by companies that operate on the Internet like YouTube and others because they are aware of the amount of problems behind this new act. .



According Russian Voice News, Mr.Evegny Yushuk, who is a member of the Society of Competitive Intelligence Professionals, explains the core of the discussion. "This may lead to a serious abuse, because at present courts are considering data provided by both sides. Their verdict is based on the correct interpretation of the law. And the new bill allows one-sided acting. It opens the way for various provocations. It gives the opportunity to provoke the situation. Then it is possible to cite it and demand whatever they want." He said.

Moreover, to be clearer for what main objective of this act .I will quote from Mr. Lamar Smith e-mail responses to the public and his justifications for crucial points and reason for SOPA .

“These foreign websites are called “rogue sites” because they are out of reach of U.S. laws. Movies and music are not the only stolen products that are offered by rogue sites. Counterfeit medicine, automotive parts and even baby food are a big part of the counterfeiting business, and pose a serious threat to the health of American consumers”

While some critics of online piracy and counterfeiting legislation acknowledge that intellectual property should be protected, they oppose every proposal to effectively reduce the theft of intellectual property and the counterfeiting of American products.

In the coming days, SOPA will irritate many people, leaving the consequence to each individual’s interpretation, many question marks will arise. The SOPA act, if passed by congress, will cause many arguments and disputes among the government, big companies, and users. From my point of view, even if SOPA passes in congress it will not proceed as mentioned in the draft, but rather will be exposed to drastic changes and amendments to satisfy all parties.