Spotlight On: Programmers as Malicious Insiders–Updated and Revised
December 2013 • White Paper
Matthew L. Collins, Dawn Cappelli, Thomas C. Caron (John Heinz III College, School of Information Systems Management, Carnegie Mellon University), Randall F. Trzeciak, Andrew P. Moore
In this paper, the authors describe the who, what, when, where, and how of attacks by insiders using programming techniques and includes case examples.
Abstract
This white paper updates the 2008 article "Spotlight On: Programming Techniques Used as an Insider Attack Tool." The white paper begins with a discussion of the who, what, when, where, and how of insider attacks and covers case examples of malicious insiders who attacked using programming techniques. This paper highlights technical malicious insiders who use their skills to create scripts or programs that harm their organizations. The insiders in these attacks were able to modify source code, set logic bombs to destroy data, and write programs to capture user credentials.