Case Study 2: Social Engineering Attacks and Counterintelligence

Case Study 2: Social Engineering Attacks and Counterintelligence

John Doe

CIS 502 - Theories of Security Management

October 26, 2013

Dr. Smith

Case Study 2: Social Engineering Attacks and Counterintelligence

Describe what social engineering and counterintelligence are and their potential implications to our national security in regard to the leaked Afghan War Diary and the Iraq War Logs

The United States Computer Emergency Readiness Team (US-CERT) defines a social engineering attack as “an attacker that uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity” (Avoiding Social Engineering and Phishing Attacks, 2008). There are several different categories individuals and organizations use to perform social engineering; Hackers, Penetration Testers, Spies or Espionage, Identity Thieves, Disgruntled Employees, Information Brokers, Scam Artists, Executive, Recruiters, Sales People, Governments and Everyday People. One of the most prevalent forms is via the disgruntled employee. The disgruntled inside employee with even minimum access is a principal source of computer crime. In most cases, the organization will heavily defend against outside intrusion, but are either restricted from monitoring insider actions, or are unable to determine if an action is a threat or the normal part of a person’s tasking. “Insiders may not need a great deal of knowledge about computer intrusions because their knowledge of a target system often allows them to gain unrestricted access to cause damage to the system or to steal system data” (2008).

Even though the disgruntled employee is a major target for social engineering, the employee that is believes they are security conscience is often the ultimate threat to the organization. The...