

US and UK alerted over large Swiss data leak, Rogue IT admin took state secrets - jacquesm
http://www.theregister.co.uk/2012/12/04/swiss_intelligence_data_loss/

======
rlpb
Obligatory xkcd that describes the unfortunate situation very well as usual:
<http://xkcd.com/898/>

------
saturdayplace
As much as we talk about securing your systems, having someone in-house go
rogue like this is a MUCH higher risk to your data than having someone break
in. Internal unrest (or stupidity) will _probably_ bite you harder than
crackers will.

~~~
m0nastic
While this definitely used to be the case (we used to find ~80% of incidents
were internal employee issues), for the past four or five years we've seen
that ratio change (not so much because the internal issues went down, but more
because of the rise of external activity).

The reality is that organizations have to be able to deal with both internal
and external threats, and a lot of the effort on that front has been around
reclassifying access to no longer consider insiders as trusted (which an
argument could be made that they never should have been trusted to begin
with).

~~~
saturdayplace
I'm not surprised to hear that the percentage of external activity is going
up. Do you have a good handle on what the average ratio is nowadays?

~~~
m0nastic
Good numbers industry-wide are difficult to come by (but getting better), but
according to the latest DBIR‡ (which, full disclosure, is put out by my former
employer) breaks it down as 98% external, and 4% internal (why that adds up to
greater than 100% is a mystery to me).

‡ [http://www.verizonbusiness.com/resources/reports/rp_data-
bre...](http://www.verizonbusiness.com/resources/reports/rp_data-breach-
investigations-report-2012-ebk_en_xg.pdf)

------
kitsune_
This is an older story [1]... but the CIA / MI6 angle is new to me.

It's an embarrassment, the Swiss intelligence services had already butchered
their relationships with foreign services with the "Egyptian Fax" leak back in
2005/2006. Somehow Swiss journalists got hold of an intercepted fax
communication between Egyptian's foreign ministry and Egypt's London embassy
that proved / alleged the existence of secret CIA prisons on foreign soil. [2]

[1]
[http://www.tagesschau.sf.tv/Nachrichten/Archiv/2012/09/26/Sc...](http://www.tagesschau.sf.tv/Nachrichten/Archiv/2012/09/26/Schweiz/Datenklau-
beim-Geheimdienst)

[2] [http://www.nytimes.com/2006/01/11/world/americas/11iht-
cia.h...](http://www.nytimes.com/2006/01/11/world/americas/11iht-
cia.html?_r=0)

------
fla
This story is a few months old now. Back then, it was everywhere in the medias
here in Switzerland. The huge issue if you ask me, is that the guy was able to
exfiltrate hard drives for weeks, without beeing questioned.

------
bernardom
Quote: He'd worked at the NDB for eight years but was reportedly disgruntled
at his job and felt management were ignoring his suggestions on systems
management.

The lesson, as always: don't mess with the BOFH.

------
adambyrtek
If the guy is really that smart, he has an offsite copy somewhere. Maybe even
something like the Wikileaks encrypted "insurance torrent".

------
aw3c2
Maybe he will leak details about the accounts of rich greece. That would be
nice.

