chapter  14
15 Pages

The nonviolent lone actor: the insider threat in information security

WithJOSHUA SINAI

In the twenty-first century, the threat from ‘insiders’ in a position of trust with access to critical aspects of an organization’s Information Technology (IT) infrastructure, whether in government, the military, or the private sector, who intentionally compromise and sabotage secrets or proprietary information has become one of the paramount threats facing a nation’s security and critical infrastructure since the modern Internet came into being around the mid-1980s. One reason for the increase in this threat is the massive and exponential explosion in the availability of proprietary or classified information within organizations, and its relative ease of access by what are presumed to be “trusted” IT professionals, ranging from data entry clerks to IT network administrators. Similar to the process of radicalization into extremism and terrorism, such risky insiders in IT-who are mostly lone actors (although many belong to extremist hacktivist groups)—are also radicalized-and selfradicalized-by their own version of extremist ideologies. In fact, just as jihadism became the new ideological fad of the 1980s, replacing, in its mass popularity, the previous far left radicalism of the 1960s and 1970s, this new IT-based extremist ideology that promotes the notion that all information (including fee-based subscriptions to information ‘carriers’ such as newspapers and music companies) should be free and accessible to everyone (including an organization’s most secret and proprietary information), has become the latest ideology to gain widespread adherents. Julian Assange, the most prominent exponent of this ideological mantra, is considered a genius software programmer and cryptographer.1 For him, even during periods of national emergency when states are threatened by terrorist groups intent on launching catastrophic attacks against infrastructure and populations, not only should countermeasures by governmental authorities be questioned and complete civil liberties and transparency be maintained at all levels of society, including by military and intelligence organizations, but he also believes that perpetuating these organizations’ “secrets sustain[s] corruption.”2 This was his motivation for creating WikiLeaks in 2006-to be the recipient of governments’ and corporations’ secret and proprietary information, with the

senders’ identities encrypted to protect them from potential disclosure and prosecution. It should be pointed out that while some of the secret and proprietary documents posted on sites such as WikiLeaks may be generated by insiders, much of the material is generated by hacktivists belonging to groups such as LulzSec and Anonymous, who surreptitiously penetrate their targeted organizations to obtain such sensitive documents in order to advance their own political agendas. Certain government programs-notably China’s offensive cyber-espionage program-have long engaged in Internet espionage against their Western adversaries in order to exploit their IT systems for secret and proprietary information.3