This report is the first in a new quarterly series, Spotlight On, published by the CERT insider threat team and funded by CyLab. Each report will focus on a specific area of concern and present analysis based on the hundreds of actual insider threat cases cataloged in the CERT insider threat database. For more information about CERT's insider threat work, see http://www.cert.org/insider_threat/.
In this article, we focus on persons who used programming techniques to commit malicious acts against their organizations. We begin by providing a snapshot of the cases, then detail the actions taken by the insiders in each case. A summary of issues related to the cases follows, as well as references to best practices that might have been effective in countering these incidents.