Spotlight On: Programmers as Malicious Insiders

Spotlight On: Programmers as Malicious Insiders–Updated and Revised

December 2, 2013 • White Paper

By

Matthew L. Collins, Dawn Cappelli, Thomas C. Caron (John Heinz III College, School of Information Systems Management, Carnegie Mellon University), Randall F. Trzeciak, and Andrew P. Moore

In this paper, the authors describe the who, what, when, where, and how of attacks by insiders using programming techniques and includes case examples.

Publisher

Software Engineering Institute

Topic or Tag

Insider Threat

Abstract

This white paper updates the 2008 article "Spotlight On: Programming Techniques Used as an Insider Attack Tool." The white paper begins with a discussion of the who, what, when, where, and how of insider attacks and covers case examples of malicious insiders who attacked using programming techniques. This paper highlights technical malicious insiders who use their skills to create scripts or programs that harm their organizations. The insiders in these attacks were able to modify source code, set logic bombs to destroy data, and write programs to capture user credentials.

Software Engineering Institute