Cyber breaches at financial firms increasingly are inside jobs

Not surprisingly, the economic downturn is spawning a rise in cyber breaches at financial services firms, but increasingly the culprits are the banks' own employees, academic experts told Congress on Wednesday.

Damages inflicted on financial firms by managers, sales staff and other non-technical personnel averaged about $800,000 per organization, according to the CERT Program, a federally-funded research center at Carnegie Mellon University's Software Engineering Institute.

"The continued stress of the current economy on the workplace is impacting and exacerbating the potential for insider threat," CERT Chief Scientist Gregory Shannon testified at a House Financial Services Financial Institutions and Consumer Credit subcommittee hearing.

Many lawmakers expressed concern that the general public is unaware of all manner of cybercrime, especially small business owners who do not have the resources for corporate-level security reinforcements.

Carnegie Mellon's CERT currently is collaborating with the U.S. Secret Service and Treasury Department, with sponsorship from the Homeland Security Department, to develop an insider threat model aimed at defending the financial sector.

Aiding on the offensive side, the FBI is investigating more than 400 reported cases of corporate account takeovers in which hackers have attempted unauthorized transfers from businesses' bank accounts, Gordon Snow, FBI cyber division assistant director, told lawmakers. The ongoing cases have dealt a collective blow of about $85 million to the victimized companies.

"Organizations are working hard to build walls around their network infrastructure to keep people out but are having a difficult time defending against potential menaces that are already on the inside of the fence," Shannon testified.

Almost half of all inside attackers at financial services firms conspired with outside accomplices on their exploits, while a third consorted with other colleagues to commit the crimes, he added. Employees also have taken to stealing intellectual property and conducting online sabotage.

"One former system administrator wiped out billions of files on a financial institution's servers all over the world at 9 a.m. one morning; and recently an individual copied source code containing proprietary trading algorithms to servers outside the U.S. after submitting his letter of resignation," Shannon testified.

Pilfered code can cost businesses millions of dollars, allow competitors' to make money off the firms' leaked business strategies, or grant rivals a heads-up on their closely-held forthcoming financial decisions, Snow said.

Last year, the Secret Service arrested 1,200 suspected cybercriminals allegedly responsible for more than $500 million in fraud losses, said A.T. Smith, Secret Service assistant director. To nab the crooks, the agency combed through 867 terabytes of data, which agents say is equivalent to nearly four times the amount of data in the archives of the Library of Congress.

The Secret Service last weekend opened an office in Beijing, adding to the 23 overseas outposts the agency has established to forge partnerships with foreign investigators. While it is widely presumed that China sponsors cyber espionage in America, identity thieves located all over the world have become an economic drain on both countries. Federal officials have said that cooperating with China to tackle online fraud could help bridge other digital divides, such as differing views on freedom of expression.