Tag Archives: Sabotage

The Risk of the Insider Threat

Elon Musk, CEO of Tesla, sent an email to all employees over the weekend telling them that the company was hacked by an employee who changed code on an internal product and sent company data outside without permission.

The software, the Tesla Manufacturing Operating System, is likely used internally in the manufacturing process.

The employee created false user names and then modified the software without approval.  He also sent large volumes of sensitive Tesla data to third parties.

This investigation is not over and there is a question about whether outsiders were involved.  There are lots of people who do not like the idea of an electric car, starting with the oil and gas industry and some Wall Street insiders.  The traditional car makers, who seem perfectly willing to lie and cheat to pass emissions test could also be motivated to harm Tesla.

In this particular case, the employee said he was mad because he was passed up for a promotion.  THAT was probably a good move since it is going to be hard for him to work from prison.

This is an important notice for all employers.

Every company, except those with one or two employees, have employees who are not happy.  Would an unhappy employee become a saboteur?  Hopefully not, but the larger the company is, the more likely that at least one person will have a grudge and could, possibly, act on it.

In Tesla’s case, even though this person created fake accounts to try and hide his deeds, the company had sufficient tools in place to uncover the sabotage and figure out who the employee was.

For your company, how much damage could a disgruntled employee do and could you detect it?  How quickly could you repair the damage?  Could you figure out who did the damage in order to prevent a repeat performance?

In today’s world it probably does not take much to get just one employee really peeved and if you have someone outside the company who could motivate that action with money – well you have really increased the odds.

Information for this post came from CNBC.

Tanker Seems To Be At The Airport

Sometimes when the Russians don’t want you to know where you are, they seem to be able to do it.

Wired is reporting of a number of tanker ships that seem to be miles from where they actually were.

In June the 37,000 ton tanker Atria was transiting the Marmara Sea along the Bosphorous strait and into the Black Sea.  A simple journey, done by ships thousands of times.

When the ship approached the port of Novorossiysk things started to go wrong.

Modern ships, especially big commercial ships are outfitted with sophisticated GPS navigation systems.  Multiple ones in case of a failure.  GPS systems can track the position of a ship to within a foot or two.

In this case, as the ship entered the port, all GPS tracking failed.  Then the ship’s GPS systems claimed that the ship was at the airport, about 30 miles from where it actually was.

Normally, the captain said, if the GPS goes crazy, it shows the ship’s position a couple hundred feet from where it actually is.  In this case it was more like 25 or 30 miles.

U.S. maritime officials have confirmed that at least 20 ships have been affected by this GPS issue, but that likely dramatically underestimates the truth.

At the same time that the GPS said that the ship was at the airport rather than the port, the ship’s collision avoidance system showed it had company.  20 to 25 large ships were, according to the system, also at the airport.

For some reason, the Russians were messing with GPS signals.  Likely, they were overpowering the real signal with a fake signal which the ship’s GPS receiver accepts as valid.

According to the security firm FireEye, GPS spoofing is used in a number of locations in Russia.

For the ships, they understand that the Russians like to do this so they don’t place unfailing trust in the system.  They use their paper maps and dead reckoning – like sailors did a hundred years ago.  It is hard to hack a paper map and a sextant.

U.S. military equipment (vehicles and planes) also use GPS systems, but since the satellites that transmit the GPS signals are owned by the U.S. Air Force, we do have a few tricks up our sleeves.  I was part of the team that built the very first GPS system for the Air Force and while those tricks are likely quite effective, at least some of them would disrupt your ability to navigate to the nearest Starbucks.  When it comes to a choice between finding a Starbucks and World War III, I have a pretty good clue which option the Air Force will choose.

Still, it is a pretty interesting situation.  You rely on a technology for commerce that your adversary has the ability to disrupt.  Not a great story.

Information for this post came from Wired.