Top

Published in:

2015 | OriginalPaper | Chapter

Pervasive Monitoring as an Insider Threat

An Adapted Model

Author : Dana Polatin-Reuben

Published in: Human Aspects of Information Security, Privacy, and Trust

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Revelations that the United States’ National Security Agency implemented a global surveillance programme with the help of its allies have drawn increased attention to pervasive monitoring activities in general. With the Internet Engineering Task Force characterising pervasive monitoring as an advanced persistent threat, the possibility of modelling pervasive monitoring as a threat activity has been raised. This paper proposes that pervasive monitoring can be considered an insider threat, with private or state actors using legitimate network functions and credentials to exfiltrate the data of governments, corporations, and end-users. The insider threat model put forth by Nurse et al. is examined and adapted with the help of pervasive monitoring case studies.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Factors that Influence Information Security Behavior: An Australian Web-Based Study

next chapter Identifying Blind Spots in IS Security Risk Management Processes Using Qualitative Model Analysis

Farrel, S., Tschofenig, H.: Pervasive Monitoring is an Attack, (RFC 7258) Internet Engineering Task Force, May 2014. https://tools.ietf.org/html/rfc7258 (2014). Accessed 18 Feb 2015

Hasan, R., Myagmar, S., Lee, A.J., Yurcik, W.: Toward a threat model for storage systems. In: Proceedings of the 2005 ACM Workshop on Storage Security and Survivability, pp. 94–102. ACM, New York (2005)

Johansson, J.M.: Network threat modeling. In: Proceedings of the Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises. IEEE, New York, 9–11 June 2003

Cappelli, D., Moore, A., Trzeciak, R.: The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud). Pearson Education Inc, New Jersey (2012)

Nurse, J.R.C., Buckley, O., Legg, P.A., Goldsmith, M., Creese, S., Wright, G.R.T., Whitty, M.: Understanding insider threat: a framework for characterising attacks. In: Workshop on Research for Insider Threat (WRIT), in Conjunction with the IEEE Symposium on Security and Privacy (SP). IEEE, New York, 18 May 2014

Marcus, B., Schuler, H.: Antecedents of counterproductive behavior at work: a general perspective. J. Appl. Psychol. 89(4), 647–660 (2004)CrossRef

Wiggins, J.S.: The Five Factor Model of Personality: Theoretical Perspectives. Guildford Press, New York (1996)MATH

Paulhus, D.L., Williams, K.M.: The dark triad of personality: Narcissism, Machiavellianism, and psychopathy. J. Res. Pers. 36(6), 556–563 (2002)CrossRef

Schneier, B.: Attack trees. Dr. Dobbs J. 24(12), 21–29 (1999)

10.

Hutchins, E.M., Cloppert, M.J., Amin, R.M.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues Inf. Warfare Secur. Res. 1(1), 80 (2011)

11.

ARMA International: Generally Accepted Recordkeeping Principles®. http://www.arma.org/docs/sharepoint-roadshow/the-principles_executive-summaries_final.doc (2012). Accessed 18 Feb 2015

12.

The World Bank: Worldwide Governance Indicators. http://data.worldbank.org/data-catalog/worldwide-governance-indicators (2014). Accessed 18 Feb 2015

13.

Ball, J., Borger, J., Greenwald, G.: Revealed: How US and UK Spy Agencies Defeat Internet Privacy and Security, The Guardian. http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security (2013). Accessed 18 Feb 2015

14.

Risen, J., Lichtblau, E.: Bush Lets U.S. Spy on Callers Without Courts, The New York Times, 16 December 2005. http://www.nytimes.com/2005/12/16/politics/16program.html?pagewanted=all&_r=0 (2005). Accessed 18 Feb 2015

15.

Cauley, L.: NSA has Massive Database of Americans’ Phone Calls, USA Today, 11 May 2006. http://usatoday30.usatoday.com/news/washington/2006-05-10-nsa_x.htm (2006). Accessed 18 Feb 2015

16.

National Security Agency/Central Security Service: Transition 2001, December 2000. https://www.eff.org/document/nsa-transition-2001 (2000). Accessed 18 Feb 2015

17.

Greenwald, G., MacAskill, E.: NSA Prism Program Taps in to User Data of Apple, Google and Others, The Guardian, 7 June 2013. http://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data (2013). Accessed 18 Feb 2015

18.

MacAskill, E., Borger, J., Hopkins, N., Davies, N., Ball, J.: GCHQ Taps Fibre-Optic Cables for Secret Access to World’s Communications, The Guardian, 21 June 2013. http://www.theguardian.com/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa (2013). Accessed 18 Feb 2015

19.

Rosenblatt, J.: Google Fights E-Mail Privacy Group Suit it Calls Too Big, Bloomberg Business, 28 February 2014. http://www.bloomberg.com/news/articles/2014-02-27/google-fights-e-mail-privacy-group-suit-it-calls-too-big (2014). Accessed 18 Feb 2015

20.

Google Inc.: Google Terms of Service (archive), 14 April 2014. http://www.google.com/intl/en/policies/terms/archive/20131111-20140414/ (2014). Accessed 18 Feb 2015

21.

Devereaux, R., Greenwald, G., Poitras, L.: Data Pirates of the Caribbean: The NSA Is Recording Every Cell Phone Call in the Bahamas, The Intercept, 19 May 2014. https://firstlook.org/theintercept/2014/05/19/data-pirates-caribbean-nsa-recording-every-cell-phone-call-bahamas/ (2014). Accessed 18 Feb 2015

22.

Assange, J.: WikiLeaks Statement on the Mass Recording of Afghan Telephone Calls by the NSA, WikiLeaks, 23 May 2014. https://wikileaks.org/WikiLeaks-statement-on-the-mass.html (2014). Accessed 18 Feb 2015

23.

Soldatov, A., Borogan, I.: Russia’s Surveillance State, World Policy Journal, Fall 2013. http://www.worldpolicy.org/journal/fall2013/Russia-surveillance (2013). Accessed 18 Feb 2015

24.

Walton, G.: China’s Golden Shield: Corporations and the Development of Surveillance Technology in the People’s Republic of China. International Centre for Human Rights and Democratic Development, Montreal (2001)

Title: Pervasive Monitoring as an Insider Threat
Author: Dana Polatin-Reuben
Publisher: Springer International Publishing
Book: Human Aspects of Information Security, Privacy, and Trust
Print ISBN: 978-3-319-20375-1

Electronic ISBN: 978-3-319-20376-8

Copyright Year: 2015
DOI: https://doi.org/10.1007/978-3-319-20376-8_22

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner