Just before midnight last Sunday evening (June 17, 2018), Elon Musk sent an email to all staff. He was dismayed, he said, to learn about a Tesla employee "making direct code changes to the Tesla Manufacturing Operating System under false usernames and exporting large amounts of highly sensitive Tesla data to unknown third parties." However, in information security terms, an insider stole sensitive documents from Tesla. The motive is not as important as the act. It seems that Tesla does not operate adequate least-privilege measures, and does not have an internal traffic monitoring system capable of detecting and blocking the unsanctioned exfiltration of gigabytes of data. This failure has left Tesla with a PR nightmare that it must now manage and the incident has also had an impact on the company's share price which dropped more than 6% in trading at the time of writing this.
And with this in mind, enjoy our roundup of stories for this week…
Tesla Breach: Malicious Insider Revenge or Whistleblowing?
Just before midnight last Sunday evening (June 17, 2018), Elon Musk sent an email to all staff. He was dismayed, he said, to learn about a Tesla employee "making direct code changes to the Tesla Manufacturing Operating System under false usernames and exporting large amounts of highly sensitive Tesla data to unknown third parties."
Malicious Insider Revenge or Whistleblowing? | Kevin Townsend
When Bug Bounty Disclosure goes bad
There are vulnerabilities everywhere, you are a cybersecurity researcher, you then follow the bug bounty program process and share it responsibly with the vendor, then that vendor fixes the issue - but instead of sending the chopper over to you with a care package, they pretend like you didn't exist. Now what to do?.
Vendors, Disclosure, and a bit of WebUSB Madness | Markus Vervier
How Edward Snowden made us think about and forget the Insider Threat
Five years ago, the news media went into a frenzy after The Guardian revealed details about National Security Agency (NSA) surveillance activities. The news was based on classified documents that former NSA IT contractor Edward Snowden stole while he had privileged access to NSA systems and data. It provided clarity on exactly how powerful the NSA’s information collecting machine was. It also gave new life to the “insider threat.”
Snowden illuminated how nefarious employees and contractors operate. He also cast a shadow over an additional class of insider threat made up of privileged users that includes employees, contractors, partners and executives that operate with their organizations’ best interests in mind. Since Snowden, this “trusted insider” segment has gone under appreciated with respect to risk it is driving and resources it deserves.
Five Years Later: Never forget the insider threat | Dtex Systems