Page 40 - index
P. 40
security programs. They appear to have a highly narcissistic and inflated sense of themselves
that they are “above the rules” of their respective organizations, and they have a strong desire
to draw worldwide attention to themselves by carrying out a grandiose act of defiance against
their employers. In terms of risky behavioral indicators, they appear to be isolated and alienated
from their co-workers (although, due to the sensitive nature of her employment, the relations
between Kamm and her military service co-workers are not publicly known).
While Manning and Snowden surreptitiously downloaded classified documents, and engaged in
suspicious foreign contacts with extremist activist leaders (such as, in the case of Manning, with
Julian Assange, while Snowden had been in contact with Glenn Greenwald, an activist journalist
with The Guardian newspaper), Kamm was more discreet and only contacted what she believed
was a trusted and responsible Israeli newspaper reporter. These – and, surely, numerous other
– personal and behavioral risk indicators appeared to drive them to take revenge and retaliation
by leaking classified information about their government’s covert national security programs.
It should be pointed out that while some of the secret and proprietary documents that are posted
in sites such as WikiLeaks may also be generated by such insiders, many of these documents
are also generated from hacktivists belonging to groups such as LulzSec and Anonymous who
surreptitiously penetrate their targeted organizations to obtain such sensitive documents to
advance their own political agendas (as opposed to profiting financially from such exposures).
Conclusion: Preemptively Preventing Information Technology Insider Threats
To preemptively identify a susceptible individual in an organization who appears to be on a
trajectory to becoming an insider threat in information technology, it is crucial for security
professionals to develop a situational awareness of the potentially risky personal and behavioral
characteristics that such individuals exhibit in their daily work activities.
Such situational awareness also requires understanding the psychological and behavioral
profiles of such individuals who progress along such insider threat trajectories in order to
preempt them at their workplace at the earliest possible pre-incident phases.
A comprehensive series of preventative internal security measures were reportedly
implemented by the IDF following Kamm’s breach incident, such as increased use of lie-
detector tests for soldiers with access to classified information and internal warning flags raised
when any deviation from normal activity from one’s computer terminal in an IT network takes
viii
place.
It is not known, however, whether these types of preventative measures were shared at the time
with the counterintelligence departments of Israel’s allied partners, particularly the United
States, in order to prevent the types of breaches that were later on carried out by Manning and
Snowden.
While Western governments are implementing stricter access control measures to deter
susceptible employees from becoming insider threats to their organizations’ proprietary and
40 Cyber Warnings E-Magazine – November 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
