[cryptography] Compromised Sys Admin Hunters and Tor

Nico Williams nico at cryptonector.com
Mon Mar 24 22:52:58 EDT 2014


On Sat, Mar 22, 2014 at 12:59 AM, Stephan Neuhaus
<stephan.neuhaus at tik.ee.ethz.ch> wrote:
> On 2014-03-22, 04:28, Nico Williams wrote:
>> Insiders are always your biggest threat.
>
> I'm always interested in empirical evidence for the things that we
> believe to be true. Do you have any?

[The context was sysadmins, who generally wield a lot of power.]

Anecdotal, yes.  I'm not sure if I'm at liberty to discuss any of the
events of which I have close knowledge, though one of them was in the
news at the time (that is, I'm not sure if I'm at liberty to discuss
the details).  In the largest incident I've close knowledge of a
laid-off sysadmin left a time bomb in thousands of servers that caused
significant downtime for the business' customers.

And then there's Mr. Snowden...

...and the long line of insiders who spied against their nations,
versus the number of outsiders who made it through whatever
technological barriers were in their way.

Even if you limit yourself to the Internet era, the most famously
damaging attacks I can think of were all insider attacks.  Many were
not "attacks" in the sense of "security attacks" like buffer
overflows, say, but rather in the sense of actions that went beyond
legitimate access and badly damaged a business (Nick Leeson, anyone?).

It stands to reason that insiders who have vast and/or intimate
knowledge, and legitimate access to a business' resources, have a lot
of power to cause damage.  By definition they have more capacity to
cause immediate damage than outsiders.  Whether insiders are the
biggest threat in the sense of probability is, of course, not easy to
predict and largely irrelevant: they are the first threat to protect
against.

I'm not sure that empiricism has any place in this very particular
matter; without the insiders on your side, you stand no chance against
outsiders.  So I'm not sure what you're asking for...  Even if there
was little data as to actual attacks by insiders, that would not mean
that insiders are not a danger, and even if individual insider risk
were empirically far lower than outsider risk, that would not mean
that the total damage an insider could cause is far less than that
which outsiders can cause.

Which isn't to say that outsiders must not be protected against.  Of
course security in depth is critical -- and the right approach.

Nico
--


More information about the cryptography mailing list