would write down the key information and pass it along to her boyfriend
who would then try to blackmail the patients into paying them.
The ﬁrst time they tried the scam, the person they called agreed to pay.
Their victim immediately called the police, who in turn set up an old fash-
ioned sting, and the boyfriend and his insider accomplice were arrested.
This event was a wake-up call for the healthcare organization, which has
since made a complete turnaround.Today they have a strong security posture
with excellent security analysts, security awareness programs, and an ESM
deployment that monitors all network access points, critical servers, and access
control systems. In addition, the security director receives an ESM automated
report every morning outlining all instances of patient record access.
Hosting Pirated Software
This next organization had several Internet-facing servers, plenty of storage
space, and fast Internet links.They also had a malicious insider who decided
to use the server for storing pirated software, mostly video games. On each
server, the insider conﬁgured services to allow people to upload and down-
load the software.
This organization was using ESM for network and server monitoring
related to FCAP (Fault, Conﬁguration, Accounting, and Performance.) They
had not yet begun to leverage their ESM for monitoring security events.They
detected spikes in utilization during off-peak hours on the Internet-facing
servers and the Internet routers.This information was from operating system
logs, router logs, and system health monitoring software such as Nagios,
which is an open source-monitoring tool.
Based on these anomalies, they started investigating the cause.They
reviewed their router conﬁgurations, and everything seemed to check out.
Then they reviewed the servers and discovered that they were ﬁlled with
pirated software.This was a huge liability for the organization, and they
needed to get it removed.
The engineer assigned to clean up the mess was the insider who set the
entire thing up. Not knowing this, the organization assigned him to ﬁx the
problem. He removed the pirated software and brought down the ﬁle-sharing
service that was running on all the servers. A few weeks later he bragged to a
Insiders Abridged • Chapter 12 163
424_Wtr_Clr_12.qxd 7/27/06 1:47 PM Page 163