Security

Forget the outside hacker, the bigger threat is inside by the coffee machine

After a week of incidents, Register vultures pick over the innards


Kettle In this week's Kettle the topic is one that's been much in the news this week - the much-underrated insider threat issue.

There are thousands of security shops willing to sell elaborate firewalls, zero-trust barriers, and AI security systems that claim to be able to spot a wrong'un easily. But time and again the most effective thieves are already inside the building and using their corporate-issued credentials.

Such was the case this week in the NSA of all places, where a rogue systems engineer, who resigned in anger, tried to sell purloined documents to a Russian agent in exchange for cryptocurrency. Brandon Vigliarolo covered the case and explains what motivated the plot and the surprisingly easy way he was discovered.

News of another insider who did get away with it, it seems, came on Tuesday, as an ex-staffer at Dutch chip-making biz ASML appears to have taken a new job with Huawei, and is accused of taking secrets with him. Tobias Mann has the inside information of the case and, as Biden's sanctions bite harder, we may see more of these sorts of shenanigans.

Then there's the ultimate insider - yourself. On Wednesday Jessica Hardcastle reported on an ACLU Freedom of Information lawsuit showing that US Immigration and Customs Enforcement hired security snoops to trawl through social media content to look for anti-American sentiments. She explains the complex web behind this and it's something we all had a lot to say on. You can see the full discussion below.

So join us for 15 minutes of news, insight, and more than a little snark in the latest Kettle, hosted by Iain Thomson and spun to gold by producer Nicole Hemsoth. There's also an audio version available now on Apple, Amazon, Spotify and Google. ®

Send us news
20 Comments

Microsoft answered Congress' questions on security. Now the White House needs to act

Business as usual needs a real change

Let's kick off our summer with a pwn-me-by-Wi-Fi bug in Microsoft Windows

Redmond splats dozens of bugs as does Adobe while Arm drivers and PHP under active attack

Microsoft paid Tenable a bug bounty for an Azure flaw it says doesn't need a fix, just better documentation

Let customers interfere with other tenants? That's our cloud working by design, Redmond seems to say

AWS is pushing ahead with MFA for privileged accounts. What that means for you ...

The clock is ticking – why not try a passkey?

Arm security defense shattered by speculative execution 95% of the time

'TikTag' security folks find anti-exploit mechanism rather fragile

Defiant Microsoft pushes ahead with controversial Recall – tho as an opt-in

Windows maker acknowledges 'clear signal' from everyone, then mostly ignores it

Microsoft bigwig says the Feds catching Chinese spies in Exchange Online is the cloud working as intended

'It's not our job to find the culprits – That's what we're paying you for' lawmaker scolds Brad Smith

TikTok confirms CNN, other high-profile accounts hijacked via zero-day vulnerability

Beware of zero-click malware sliding into your DMs

Can platform-wide AI ever fit into enterprise security?

You know what they say about headlines that end in a question mark

FCC takes some action against notorious BGP

How's your RPKI-based security plan coming along? Feds want to know

Google borrows from Android to make ChromeOS better

'Large portions' of droid tech stack going into laptop OS plumbing

IBM spin-off Kyndryl accused of discriminating on basis of age, race, disability

Five current and former employees file formal charges with US employment watchdog