Cyber-sabotage

UNDER CONSTRUCTION

Cyber-sabotage

dictionary-term

Alternative Forms

  • IT Sabotage

  • Sabotage

Definitions

Definition 1

Cyber-sabotage: complete version 1 and submit to community Slack thread for feedback.

Definition

Cyber-sabotage may designate two distinct classes of object:

  • The risk of cyber-sabotage,

  • An unsuccessful attempt

  • A cyber-sabotage incident.

A cyber-sabotage incident is a specialized form of insider threat incident (e.g.: sabotage represented 27% of insider attacks in Randazzo et al., 2005). Its distinctive characteristics are:

  • It is caused by an insider threat actor, called the saboteur.

  • The saboteur has the deliberate intention to cause harm to the organization business operations, data, or information system / network. Randazzo et al., 2005 Causing harm may not be the only motive (financial gain being a common distinct objective), but causing harm must be an important objective of the inside attacker to qualify as a sabotage, if not the primary objective. Moore et al., 2008

  • IT is instrumental in the incident’s sequence of events.

  • When successful, the incident effectively causes harm to the organization.

Underreporting and statistics

Cyber-sabotage incidents - as for insider threat incidents in general - tend to be underreported to authorities by organizations because organizations have strong incentives to limit reputation harm by avoiding publicity on the event and chances of obtaining reparation are low (Randazzo et al., 2005).

For these reasons, statistics should be considered from a critical perspective. Statistics provided in this article are extracted from the studies referenced in the bibliographic section. These studies have several limitations (geographic location, underreporting, etc.). The statistics in this article are provided in parenthesis with the mention “e.g.” to stress these limitations.

Personal predispositions of saboteurs

Most saboteurs had personal predispositions Moore et al., 2008, including:

  • Serious mental health disorders.

  • Social skill difficulties and decision-making biases.

  • A history of rule violations.

Distinctive characteristics of saboteurs

  • Saboteurs tend to not share common characteristics, i.e. their gender, IT expertise, age, marital status, professional success, ethnicity, etc. are not meaningful predictors (Randazzo et al., 2005).

  • Most insider plan their attack in advance (e.g. 81% inRandazzo et al., 2005)

  • A majority of them tend to not properly consider the potential negative consequences of their action (e.g. 65% in Randazzo et al., 2005). Some had the sentiment that committing sabotage on a computer was less serious than causing physical damage (Randazzo et al., 2005).

  • For general insider attacks, a majority of incidents do not require technical sophistication but use simple and legitimate capabilities or exploit systemic vulnerabilities in applications or business processes (e.g.: 87% in Randazzo et al., 2005). In contrast, IT saboteurs tend to hold technical positions (e.g. 86% in Moore et al., 2008), often with high privileged accesses.

  • While most insider attacks are executed at the workplace and during normal business hours (Randazzo et al., 2005), a majority of saboteurs are former employees (e.g. 59% in Moore et al., 2008)

  • A minority of insiders were known for being difficult to manage (e.g. 15%) or untrustwothy (e.g. 4%).

Saboteurs motivations

  • Unmet expectations (salary, bonus, promotion, recognition, and/or personal control of IT systems) causing dissatisfaction or disgruntlement, and a desire of revenge. A majority of saboteurs were perceived as disgruntled employees before the attack (e.g., 57% in Moore et al., 2008), many were motivated by revenge (e.g., 84% in Moore et al., 2008 and 23% of general insider attackers in Randazzo et al., 2005), or a desire for respect (e.g., 15% in Randazzo et al., 2005).

  • A minority of inside attackers tend to have multiple motives (e.g. 27% in Randazzo et al., 2005), financial gain being the most prevalent motive for general inside attackers (Randazzo et al., 2005).

Behavioral precursors

For general insider attacks, the insider’s planning behavior is noticeable in a number of cases (e.g.: 31% in Randazzo et al., 2005). More specifically for IT saboteurs, behavioral incidents seem to come to the attention of supervisors or co-workers before the sabotage takes place in a high number of cases (97% in Moore et al., 2008). Such incidents comprise:

  • Conflicts with co-workers, aggressive or violent behavior, mood swings, sexual harassment.

  • Poor job performance.

  • Deception about qualifications.

  • Absence or tardiness. Violations of explicit organizational policies and rules. Inappropriate purchases on company accounts. Violations of dress code, poor hygiene. Drug abuse.

Technical precursors

Precipitating events and contributing factors

Vulnerabilities

Consequences

Countermeasures

Paradigmatic Examples

Entourage and possibility of early detection:

  • 19% were perceived as disgruntled employees before the incident. concerning behavior reported to the supervisor, incl. complaining about salary, outburst at coworkers, isolaiton from coworkers (27%) ( Randazzo et al., 2005)

  •  

Distinguished characteristics of incidents:

  •  

  • A minority of incidents (e.g. 26%), the perpertrator used someone else’s identity (Randazzo et al., 2005)

  •  

Sample Sentences

Eve was enraged when, following her cloud migration project’s failure, her manager Bob told her she would receive a disciplinary sanction for her poor performance. Filled with bitterness, she coded a time bomb to wreck havoc on the corporate IT network. At that moment she didn’t realize that this cyber-sabotage would lead her to serve 3 years sentence in prison.

Conceptual Diagram

 

Related Terms

Quotes

Filter by label

There are no items with the selected labels at this time.

Bibliography

https://open-measure.atlassian.net/wiki/spaces/BIB/pages/1452015631

https://open-measure.atlassian.net/wiki/spaces/BIB/pages/1452048558

Moore et al., 2008

See Also


Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.


This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.