Radicalization and insider threats - Contego€¦ · Exposed the increased insider threats in...
Transcript of Radicalization and insider threats - Contego€¦ · Exposed the increased insider threats in...
Sushil Pradhan COO MitKat Advisory Services 4th May 2017
Radicalization and insider threats
MitKat Advisory Services - an India based Risk Management consultancy
We are into Consulting, Services, Technology
We operate from Mumbai, Delhi/Gurgaon, Bangalore, Singapore
We are South Asia specialists
Concord
APAC ASSISTANCE
Pyong Yang
Hong Kong
Manila
Jakarta
Yangon
Delhi
Mumbai
Bangkok
Singapore
China
India
Myanmar
Thailand
Indonesia
Papua New Guinea
East Timor
Philippines
MitKat
Regional Partnerships
Service Lines
Mumbai | Gurgaon | Bangalore | Singapore
Information Services
Risk Management
Cyber Security & Resilience
Managed Services
Integrity Risk Management
Workforce Development
Security Consultancy & Design
Religious Radicalization
Case Study – US Army Major inspired by radical ideology
Name: Nidal Malik Hasan
Location: Virginia, USA
Date: November 5, 2009
Organisation: US Army
Who was he? Hasan was the son of Palestinian immigrants, a devout Muslim & a decorated US Army Medical Corps psychiatrist
Activities: Shooting at Fort Hood Mass, a Texas Army Base which saw 13 killed & 30 injured; was in communication with Islamic militants & al-Qaeda
Case Study – Security firm employee with ISIS allegiance
Name: Omar Mateen
Location: Orlando, US
Date: 12 June, 2016
Organisation: Security Guard for a large Florida security Firm (G4S)
Who was he? Omar Mateen, twice married with a kid; held a graduate degree in Criminal-Justice Technology & was a Security Guard at G4S, a security Firm . He was radicalized through the internet
Activities: Carried out a shooting at a nightclub in Orlando that left 50 killed, 53 injured. He was killed in the police shootout. Mateen had pledged allegiance to Islamic State (ISIL) Incident exposed the failure of successful background checks by security firms
Case Study – Engineer
Name: Youssef Abdulazeez
Location: Tennessee, USA
Date: July 16, 2015
Organisation: Worked at FirstEnergy nuclear power plant, Ohio & Superior Essex Inc Wire and Cable Firm, Tennessee
Who was he? Abdulazeez moved to US from Kuwait & had worked as an engineer in a nuclear power plant and a wire & cable manufacturing firm
Activities: Attacked two military installations including a U.S Navy Reserve Centre in Chattanooga, Tennessee. Four Marines died on the spot and he was killed by police in a gunfight
Fallout? The lone wolf attack was allegedly inspired by Islamic terrorist organizations. Exposed the increased insider threats in critical infrastructure industries like nuclear power plants
Case Study – Bangladeshi student
Name: Nibras Islam
Location: Dhaka, Bangladesh
Date: 1 July, 2016
Organization/Ideology: Islamic extremist group Jamaat-ul-Mujahideen
Who was he? Nibras was studying at the prestigious Monash University in Malaysia. His father was a wealthy businessman. His uncle was a Deputy Secretary to the Bangladesh Government
Activities: Nibras along with four other militants took hostages & opened fire at the Holey Artisan Bakery killing around 24 people.
Changed the perception that individuals from elite institutions and socially well off families are insulated from extremist radicalization
Case Study – Medical student
Name: Dzhokhar Tsarnaev
Location: Boston, USA
Date: 15 April 2013
Ideological Affiliation: Inspired by Islamic militants & Chechen groups
Who was he? He gained American citizenship in 2012; was a second-year medical student who had aspirations of becoming a brain surgeon & all-star wrestler
Activities: Planted bombs at the Boston Marathon with elder brother, Tamerlan, which left 3 killed & over 260 injured
Case Study – Teenager in Australia
Name: Numan Haider
Location: Australia
Date: 23rd of September 2014
Ideological Affiliation: Islamic Extremism, ISIS
Who was he? The Haider family had emigrated to Australia from Afghanistan when Numan was seven. He was a student in a high school in Victoria. Mother was a lawyer and father used to be a senior bureaucrat in Kabul
Activities: Stabbed two police officers outside a police station; when called to discuss radical activities he was engaged in and his proclamations of commitment to ISIS
Numan was radicalized over a couple of months
Case Study – November 2015 Paris Attacks
Name: Abdelhamid Abaaoud
Location: Paris, France
Date: 13 November 2015
Ideological Affiliation: ISIS
Who was he?: Abaaoud was of Moroccan descent, who dropped out of Belgium's top school and grew up influenced by radical Salafism in Molenbeek area
Activities: Masterminded & coordinated terrorist attacks in France that left 129 civilians killed & 368 injured. He was later killed in a police raid. He recruited his 13-year-old brother to join him in Syria - making him one of IS's youngest recruits. He was also in contact with the perpetrator of the 2014 Jewish Museum attack
Case Study – School teacher & Civil Servant Arrested for
links with ISIS
Location: Malaysia
Date: March 16, 2017
Idealogical Affiliation: ISIS
Who was he? In a countrywide crackdown, a 37-year-old primary schoolteacher and a civil servant were among those arrested for their alleged links with ISIS
Activities: Attempts to recruit people for ISIS; spreading extremist jihadist teachings through social media
Fallout? Challenged the perception that people holding secure government jobs and in positions of influence are insulated from extremist ideology
Those who are most vulnerable are (but not limited to):
Younger people
Those experiencing an identity or personal crisis
Individuals with feelings of unmet aspirations or a sense of injustice
People with a need for adventure or excitement
Pre-existing conviction that their religion or culture is under threat
Individuals who feel socially isolated, and possibly, suffering from depression
Those who have a history of criminal behaviour
For some, ISIS satisfies that need for identity and/or the sense of belonging
Others they are taken in by the ‘glory and honour’ of the battle
Vulnerable population
• Promises of excitement, empowerment, glory and freedom
• More material rewards, such as cash, drugs and housing
• A personal connection is formed
• You can be at home in the UK talking directly to an individual fighter in Syria who is bragging about his military accomplishments
• He/she offers you help and encouragement to travel to join him/her
• To someone so disaffected, this attention is understandably compelling
• The process of radicalisation is rarely the same for two people
• Strong brand created via social media
• Online process used by organizations: – broadcast their views
– provoke negative sentiment toward enemies
– incite people to violence
– glorify martyrs
– create virtual communities with like-minded individuals
– provide religious or legal justifications for proposed actions
The process of Radicalization
• Being increasingly secretive about their habits
• Displaying feelings of isolation and expressions of “us and them” mentality
• Becoming more argumentative or domineering in their viewpoints
• Being quick to condemn those who disagree
• Ignoring views that contradict their own
• Questioning their faith or identity
• Downloading or promoting extremist content, such as clips, manuals or literature
• Expressing extremist views, or seeking out the company of those who do
• Losing interest in activities they used to enjoy
• Distancing themselves from friends and social groups
• Having a changed style of dress and/or personal appearance
• Abnormal routines or travel patterns
Caution is always recommended in reaching judgments !
Signs of Radicalization
Religious radicalization and its contribution to extremism
Radicalization and religious indoctrination are no longer the monopoly of the poor and the oppressed.
• Islamic State has a number of professionals from across the world who are managing the group’s sophisticated communication, banking, and other infrastructural requirements
• Al Qaeda chief, Ayman al-Zawahiri was a trained surgeon before he joined the terrorist organisation
• Lashkar-e-Taiba in the Indian subcontinent has been known to hire engineers, doctors, technicians, and other professionals in the past
• In India and Bangladesh, Islamic ideologies have drawn recruits from urban and educated backgrounds.
Young, British and Radicalized
Name: Omar, a 29-year-old
Location: High Wycombe in Buckinghamshire, fighting for Islamic State in Syria
Who was he?: Nicknamed the "supermarket jihadi" by newspapers, because he once worked in Morrisons
Radicalisation:
• Omar also describes wanting to go to defend the "weak and oppressed women, children and elderly neglected by the West" in the war in Syria.
• Omar describes the excitement of making his journey to Syria to do his "Islamic duty" because, he says, he was "leaving the land of immorality and going to a land of jihad”.
• "For any believer that's paradise, man."
My childhood was good, nothing out of the ordinary, but then I became a "lost sheep". I started to question 'what am I doing?
Religious intolerance gives a boost to radicalization
• The persecution of Rohingya Muslims of the Rakhine province in Myanmar by the Myanmar military has escalated to serious proportions
• This has forced mass migration of several hundred thousand Rohingyas into Bangladesh and India
The rise of the lone wolf attack – Islamic State Propaganda
The loss of ground by the Islamic State in Syria and Iraq has prompted a new and more devastating strategy by the group – “The lone wolf attack” The terror outfit has successfully reached out to thousands of volunteers to carry out precision terror strikes
What can companies do?
• Acquaint yourself with the both the global and local threat levels of terrorism
• Investigate what aspects can make the company attractive to terrorists, and consider specific risks the company may be vulnerable to
• Draw up a periodic threat vulnerability analysis
• Formulate a security and counter-radicalization plan, and encourage the employees’ awareness with regard to issues of security and radicalization
• Operate a proper access policy and ensure the implementation of proper access control methods
• Check references when taking on new staff; make sure you are dealing with reliable companies when hiring third-party employees
• A response mechanism needs to be designed to counter any situation where organization's repute might be at stake due to the employees
• Policy on tackling extremism and radicalization must be communicate to all managers/employees, and has to be promptly followed as per the guidance when issues arise
• Have a conversation about online radicalisation and extremism early and often.
• Engage with your child early on about the dangers of the internet and to have on going conversations.
• Explore online together – Sit down with your child and learn about what websites and apps they like and why.
• Check they know how to use privacy settings and reporting tools – where reporting functions are, how to block someone and how to keep information private for example on Facebook and Twitter.
• Tell your child to think before they post.
• Be a friend and follower on social media.
• Make yourself aware of who your child is talking to online.
• Set rules and agree boundaries – One idea is to sit with your child and create a ’family agreement’ that helps them understand what they should do to stay safe online
• Make sure that content is age-appropriate by setting parental controls.
What can parents do to protect their children?
Insider Threat
An insider threat arises when:
A person with authorized access to the organization’s resources,
Which includes includes personnel, facilities, information,
equipment, networks, and systems,
Uses that access to harm the security or reputation of the
organization.
Who are the trusted people?
Managers
Operations personnel
Security personnel
Vendor staff
Part time workers
Insider Threat
This attack could be carried out by:
Infiltrating the company for an attack, or
Becoming radicalised while in the company already
Being blackmailed or coerced into such activity
The person could:
Attack directly, or
Facilitate an attack
This attack could be:
Violent, or
Non-violent – recruitment, propaganda
Insider Threat
Insider Threat – typical examples
• Unauthorized disclosure of sensitive information - A short-term contractor leaked
privileged information from his employer
• Process corruption - The manager, with an over-inflated sense of his own value and
contribution to the organization, increased his own salary and claimed overtime
payments without oversight or authorization from another employee
• Facilitation of third party access to an organization's assets - An agency employee
facilitated access to an ex-employee with links to organized criminals for the
purpose of committing major fraud
• Physical sabotage - A temporary employee working as a security guard
purposefully tampered with equipment vital to the operation of the organization
• Electronic or IT sabotage - An employee sabotaged the automatic access system at
his workplace
Insider Threat
Case Study: • In 2010 an American citizen, Sharif Mobley was arrested in Yemen for terrorism
links and allegedly killing an official in the Yemeni Intelligence agency. • It was further revealed that Sharif had been employed in five Nuclear Power plants,
the latest being a plant in New Jersey prior to leaving for Yemen in 2008. • Several reports claim that Sharif was to return to working at these plants to carry
out an insider attack.
Insider Threat
Case Study: • From 2011 to 2015 a Russian broker in the equities desk of Deutsche Bank’s
Moscow headquarters would use Russian Rubles to buy blue stock trades, funnel them through offshore companies having offshore accounts
• Then he would sell the same Russian stock, in the same quantity, in London for Dollars, Pounds and Euros.
• Both the Russian company and the offshore company had the same owner. • This “mirror trading” facilitated the movement of locked up rubles into dollars and
the funds trace was found to end in the hands of Chechen rebels close to the Chechen leader Kadyrov.
Case Study: Company Trade Secrets Photographed
Organization/Sector: Manufacturing Firm
Incident: Two manufacturing firm employees posing as equipment inspectors; gained access to rival company premises and photographed their manufacturing operations
The information was then forwarded to a Chinese firm to fulfill their own contract
What went wrong? Though security policies were in place to ensure that individuals are accompanied by escorts or prohibited from carrying cameras, there was a failure to implement them
Case Study: Employee Loads Malware onto Hardware
Organization/Sector: Hard Drive Manufacturing Company
Incident:
• An employee from a firm which had been subcontracted to make hard drives for a client, loaded malware onto 1,800 hard drives
• The malware searched for online gaming credentials and sent them to an individual in China
What Went Wrong? The employee claimed it was a mistake and not intentional. Nevertheless, it exposed the risks associated with contracting/subcontracting work
Case Study: Programmer who “Fixed” Software
Organization/Sector: Software Company
Incident: A programmer of 30 years, inserted a line of code into a software causing the machine using the software to shut down after a few power cycles
This turned out to be lucrative for the programmer who was called to “fix” the problem and went on to earn extra income
Case Study: Financial Engineer Steals Trading Algorithms
Organization/Sector: Hedge Fund Organization
Incident: Financial engineer managed to steal his organization’s trading algorithms in spite of tight controls around that intellectual property
What Went Wrong? Two virtual machines were used to bypass the controls and information was sent to his personal email account and external hard drive
How Was this Detected? Additional controls installed by IT detected the unusually large numbers of files on the employee’s system
Case Study: Employee Steals Business Partners Data
Organization/Sector: Computer Networking Company
Incident: • A networking firm had access to its clients most sensitive intellectual property
for purposes of business • An employee of the networking firm who had access to this information,
downloaded nearly 80 documents and emailed it to the new employer
Case Study: Employees Modify Confidential Client Information
Organization/Sector: Law firm
Incident: • Three employees downloaded documents from their firm and modified
confidential client information • They then abruptly quit and moved to another firm • The former employees continued to have access to company data which
allowed them to transmit faulty information to the former employer’s cache of documents
Case Study: Sabotage of City Traffic Control System
Organization/Sector: Traffic control system Incident: Two employees of a traffic control organization, sabotaged the traffic signal control boxes and locked out anyone else from being able to fix the problem causing mayhem in the city
Case Study: Employee Tampers with Country’s Terrorist List
Organization/Sector: Government Security Agency Incident: • An immigration officer used his access to the country's security database and
included his wife’s name on the “terrorist watch list” • This prevented his wife who was abroad to return to the country • This case went undetected for 3 years in spite of pleas by the wife.
Case Study: Medical Student Steals Cancer Research
Organization/Sector: Medical Research
Incident: A Chinese researcher in US, stole research data of possible cancer-
fighting compound and shipped the compound to China to fund his research
there
What Went Wrong?
• Stole three pill bottle-size containers of the compound called C-25 from the
desk of his research guide
• Remotely accessed the medical college computer service to delete crucial
data related to the C-25 research
Case Study: Airline Employee Smuggles Weapons On-board
Organization/Sector: Aviation Industry, Delta Airlines
Incident:
• An airline employee smuggled a total of 153 firearms, including AK-47 assault
weapons, onto 17 Delta flights between Atlanta and New York City in 2014
• The previously convicted felon worked as a ramp agent/baggage handler for
Delta Airlines
What Went Wrong?
• Comprehensive employee background checks weren’t done
• The employee had access to secure areas
• A thorough background check of all employees – Suspicious gaps in resumes
– Travel
– Social media presence
– History of mental illness
• Develop criteria for denial of hiring
• Educate personnel on what indicators to watch out for
• Confidential internal reporting procedure
• Behavioural profiling
• CCTV
• Thorough access control checks
• No waivers, including for security personnel
• Develop response procedures
Best practices to counter insider threat
Thank You