Cybercriminals Select Insiders To Attack Telecom Providers

An anonymous reader quotes a report from Help Net Security: Cybercriminals are using insiders to gain access to telecommunications networks and subscriber data, according to Kaspersky Lab. In addition, these criminals are also recruiting disillusioned employees through underground channels and blackmailing staff using compromising information gathered from open sources...

According to Kaspersky Lab researchers, if an attack on a cellular service provider is planned, criminals will seek out employees who can provide fast track access to subscriber and company data or SIM card duplication/illegal reissuing. If the target is an Internet service provider, the attackers will try to identify the employees who can enable network mapping and man-in-the-middle attacks.

Not surprising

[Anonymous Coward]

This is not surprising given the industry's constant attack on employee satisfaction. Offshoring, outsourcing, cutting hours and benefits, crappy working conditions. Inside-out security begins with not screwing people over. The companies have shit in their own bed.

Our employees ...

[PPH]

... are fully gruntled for your protection.

Social engineering - the next new tech frontier?

[jenningsthecat]

Yes, I know that what we now call 'social engineering' has been around for as long as humans existed, and probably longer. But when I say "new tech frontier", I mean the marriage of the scientific method, technological processes, and technologically-gathered data, with more scientifically-rigorous studies and experiments in sociology, psychology, neurology, and biology.

Criminals are now systematically, and probably even experimentally, exploiting employees' psychological and social traits in combination wit

OutSourcing IT

[oldgraybeard]

This is interesting when you consider the companies out sourcing their IT. So that they don't even know who has the keys to their infrastructure ;)
I can see the CEO and exec's disclaimers now, "Hey it wasn't our fault, We had nothing to do with it!" while pointing fingers ;)

It's silly to think that...

[BringsApples]

...there are people out there that are just 'hackers', without ever having worked quite extensively in the same environments that they hack up. To think that there are 'hackers' with tons of know-how, but no real-world experience seems naive. Of course, I'm not saying that there aren't people that 'hack at' systems, surely they do, all fucking day long. But they generally get luck here and there, and the rest of the time they are kept at bay (often by their own short-tempered childishness).

This is the

Re:

[Archtech]

Throughout the later 1990s I gave talks about software security and predicted exactly this. The vast majority of "hackers" (i.e. attackers) in those days were just doing it for fun, to prove themselves, to impress their friends, or whatever. I always ended my talks by warning the audience that this "Garden of Eden" period wouldn't last. Given the large numbers of serious, dedicated criminals out there - not to mention terrorists and national aggressors - it would only be a matter of time before the techniqu

Re:

[Hylandr]

+1

Thanks to H1Bs

[nehumanuscrede]

It won't even cost that much to bribe an insider.

A native worker is expensive, but an offshore type who is brought in to replace the expensive folks. . . . not so much.

Start offering the folks who make $20 / day $50,000 and watch how fast your networks fall.

Total rot

[Hognoxious]

Piffle. Sounds like the something from a Frederick Forsythe/John Le Carré cold-war novel.

Too much work

[ubungy]

I just call after hours and explain that my blt drive just went awol. Not sure what this means but they're usually tripping over themselves to help me with whatever information I need.

Insert free advert for Kaspersky Lab

[khz6955]

Nothing to read here, moving on ...