Skip Navigation

Insider Threat Incidents & The Severe Impacts To Organizations & Businesses

While network intrusions and ransomware attacks by Cyber Criminals can be very costly and damaging, so can the actions of employees’ who are negligent, malicious or opportunists. Another problem is that Insider Threats lives in the shadows of Cyber Threats, and does not get the attention that is needed to fully comprehend the extent of the Insider Threat problem.

The National Insider Threat Special Interest Group (NITSIG) in conjunction with the Insider Threat Defense Group (ITDG) have conducted extensive research on the Insider Threat problem for 15+ years. This research has evaluated and analyzed over 5,300+ Insider Threat incidents in the U.S. and globally, that have occurred at organizations of all sizes.

The NITSIG and ITDG maintain the largest public repositories of Insider Threat incidents, and publish monthly Insider Threats Incidents Reports. These reports provide indisputable evidence of how very costly and damaging Insider Threat incidents can be to organizations of all types and sizes.

Why are so many Malicious Insiders successful in causing severe harm to their employers?  They just look for security gaps and vulnerabilities within an organization, to achieve their objectives. An organization must Think Outside The Box to successfully detect and mitigate the risks / threats posed by Insiders.

Insider Types

  • Outsider With Connections To Employee (Relationship, Marriage Problems, Restraining Orders, Etc.)
  • Employees Who Are: Unwitting, Ignorant, Negligent, Malicious Or Opportunists
  • Disgruntled Employees Transforming To Insider Threats / Job Jumpers
  • Employees’ With A Divided Loyalty Or Allegiance To U.S. / May Support Terrorism
  • Employees’ In Collusion With Other Employees’
  • Employee – Cyber Criminal Collusion
  • Contractors / Business Partners

Negative Impacts From Insider Threat Incidents

  • Espionage (National Security – Foreign Nation State Sponsored, Economic, Industrial, Corporate)
  • Financial Loss (Fraud, Embezzlement, Theft, Etc.)
  • Data Theft (Loss Of Intellectual Property, Trade Secrets, Sensitive Business Information, PII, Customer Contacts, etc.)
  • Data Breach Costs (Credit Monitoring, Regulatory Fines)
  • Loss Of Productivity From Data Destruction, Information Technology & Network Sabotage, Facility Sabotage
  • Loss Of Physical Assets (Computer, Inventory, etc.)
  • Loss As A Leader In The Marketplace
  • Damage Of The Company’s Reputation In The Marketplace
  • Stock Price Reduction
  • Bullying Or Sexual Harassment Turns Into Workplace Violence
  • Workplace Violence / Death(s)
  • Legal Expenses, Compliance Fines, Lawsuits To Deal With Any Of The Above
  • Employees’ Lose Jobs
  • Company Goes Out Of Business

Malicious Insider Threat Incidents

The severe financial damages and the resulting impacts from Insider Threat incidents, are not a new problem as referenced in the below examples.

IT Administrator Sabotages Network / PBX System — January 28, 2014

When EnerVest IT Administrator Ricky Joe Mitchell heard that his job with the oil and gas company was on the chopping block, he didn’t go quietly.

Instead, he reset the company’s servers to their original factory settings, disabled cooling equipment for EnerVest’s IT systems, along with a data-replication process and deleted PBX system info. As a result, EnerVest was unable to communicate reliably with customers or conduct business operations for a full month and was forced to spend hundreds of thousands of dollars on data recovery efforts. The incident cost the company over $1 million, according to the prosecution. In addition data that the company thought had been backed up, could not be retrieved.

Mitchell will be sentenced on April 24, 2014 to a maximum term of imprisonment of ten years and three years supervised release. Mitchell will also be ordered to pay restitution for the damage caused by his criminal conduct. The U.S. Secret Service conducted the investigation.


IT Systems Administrator Receives Poor Bonus — Sabotages IT Systems — December 13, 2006

A 63-year-old, former system administrator that was employed by UBS PaineWebber, a financial services firm, allegedly infected the company’s network with malicious code.

The malicious code he used is said to have cost UBS $3.1 million in recovery expenses and thousands of lost man hours.

He was apparently irate about a poor salary bonus he received of $32,000. He was expecting $50,000.

In retaliation, he wrote a program that would delete files and cause disruptions on the UBS network. His malicious code was executed through a logic bomb which is a program on a timer set to execute at predetermined date and time. The attack impaired trading while impacting over 2,000 servers and 17,000 individual work stations.

4 years after the attack, UBS was still suffering. Some of the information on the approximately 2,000 Unix-based servers in the home office and the 370 branch offices that were hit by the malicious code were never fully restored.

After installing the malicious code, he quit his job. Following, he bought “puts” against UBS. If the stock price for UBS went down, because of the malicious code for example, he would profit from that purchase.


Charges Filed Against Former Employee In Petroleum Company $1 Billion Trade Secret Theft – December 21, 2018

U.S. law enforcement agents have arrested a man for allegedly stealing trade secrets from the petroleum company where he worked. Hongjin Tan, who is from China, is a legal permanent US resident. Tan allegedly stole the information to use at a competing company in China where he had been offered a job. Phillips 66 has confirmed that it is cooperating with the FBI in an investigation related to a former employee; the company was not named in court documents.

According to the criminal complaint, Tan allegedly stole trade secrets related to manufacture of a “research and development downstream energy market product.” The company’s methods of developing the product are of great value, both economically and to competitors. The value of the trade secrets in this case is estimated to be more than $1 billion dollars.

Until recently, Tan worked for the petroleum company and allegedly downloaded hundreds of files, including files related to the manufacture of the product. Investigators allege that Tan was offered a job at a company in China where he planned to use these files to benefit his new employer. Tan has been residing in the United States for the past 12 years.


Former Vice President & Controller Pleads Guilty To Embezzling Over $19 Million Over A 10-Year Span – August 2, 2018

Beginning in 2007 until he was discovered in January 2017, Jon Frank of NCI Inc. initiated transfers from the company’s bank account into his personal accounts totaling $19,440,331.

Mr. Frank created false documents to make it appear that the money was being sent as reimbursement to another company that was administering the health insurance plan for Frank’s employer. Relying upon his knowledge and the altered documents, he was able to mislead the individuals performing audits of the company’s financial records. Frank spent the money on expensive automobiles and real estate, among other things.

NCI designs, installs, and runs IT systems and network for government agencies including the U.S. Army, Air Force, and National Guard.


Ex-Employees Allegedly Steals Micron Trade Secrets Valued at Over $400 Million — November 2, 2018

Three individuals who worked for DRAM maker’s Taiwan subsidiary stole Micron IP to benefit a company controlled by the China’s Government.

Like many other businesses, semiconductor manufacturer Micron Technology employs a range of physical, electronic, and policy measures to protect its trade secrets. Yet all it took for the company to allegedly lose intellectual property worth at least $400 million to a Chinese competitor, was two employees with legitimate access to the data.

The indictment alleges that Stephen Chen, former president of a Micron subsidiary in Taiwan called Micron Memory Taiwan (MMT), conspired with two other former employees to steal proprietary data on Micron’s DRAM technology. The trio is then alleged to have used the stolen data to advance China’s development of its own DRAM technology.

Chen resigned from Micron in 2015 and began working as a senior vice president at United Microelectronics Corp. (UMC), a Taiwanese semiconductor foundry with a technology-sharing agreement with Fujian Jinhua Integrated Circuit, a Chinese government-owned semiconductor plant.

In that role, Chen is alleged to have hired two former MMT process managers to UMC. Both of the engineers allegedly stole confidential and proprietary data before and after quitting the Micron subsidiary and used it to advance UMC and, in turn, Finjan Jinhua’s own DRAM development work.

Before leaving MMT, one of the indicted individuals, based in Taiwan at the time, allegedly downloaded over 900 confidential and proprietary files belonging to Micron from the company’s US servers. The engineer stored the downloaded files on external USB drives and in a personal Google Drive account that he later accessed while working for UMC.

A lot of the stolen trade secrets were contained in PDF documents and multi-tabbed Excel spreadsheets. Several of the PDF documents contained hundreds of pages — the biggest one had 360 pages.

Former Contractor Found Guilty of Planting Logic Bomb in Army Reserves Payroll System — September 22, 2017

A jury in North Carolina has found former US Army Reserves payroll system contractor Mittesh Das guilty of placing a logic bomb on his former employer’s system. After Das’s company lost its contract and another company assumed responsibilities, the logic bomb activated, causing disruptions that resulted in paychecks being delayed for more than two weeks.

Das had placed a “logic bomb” within the computer program responsible for the handling of pay and personnel actions for approximately 200,000 Army reservists. The logic bomb was discovered when this program began experiencing performance issues in November 2014.

In 2012 Das was in charge of managing the servers controlling payroll systems, located in Fort Bragg, North Carolina. But on November 24, 2014 the contract was handed over to another business and almost immediately things started to go seriously wrong.

Prosecutors described Das’s program as “progressively destructive,” adding: “The damage had to be corrected through removal of the malicious code, restoration of all information and features, and a thorough review of the entire system to locate any further malicious code, amounting to a total labor cost to the US Army of approximately $2.6 million.”

Das faces a possible 10 years in jail and fines of up to $250,000 for his crime. He will be sentenced on January 9, 2018.


Company Sues Former Employee Over Logic Bomb — April 13, 2017

Allegro MicroSystems in Massachusetts is suing a former employee for allegedly planting a logic bomb in a financial database.

Nimesh Patel began working at Allegro in 2002 and resigned on January 8, 2016.

Court documents allege that Patel used an unreturned company-issued laptop and another employee’s credentials, to access the company’s network on January 31, 2016, when he planted the logic bomb.

It was scheduled to activate on April 1, the first day of the company’s financial year. The sabotage was detected on April 14, and within two weeks, the logic bomb code was found.

During his 14-year employment at Allegro, Patel received three laptops from his employer, a well-known high-performance semiconductors manufacturer. Two of these were for business use, while a third, an older model, was provided for personal use.

When he resigned from Allegro, Patel returned only one of the two business laptops he was supposed to give back, and kept the third, as he was not obliged to return the laptop he received for personal use.

When Allegro discovered Patel’s actions, they summoned their former IT worker to return the second laptop because the device was capable of accessing Allegro’s IT network. Instead of complying with the company’s request, Patel returned the older laptop, meant for personal use, after he wiped the hard drive without reinstalling a fully-functional OS.


Tennessee Man Sentenced For Unauthorized Access Of Former Employer’s Networks For 10 Years — August 4, 2017

An Arlington, Tennessee man pleaded guilty today to intentionally accessing a competing engineering firm’s computer network without proper authorization in order to obtain proprietary information.

Needham admitted that, over a nearly two-year period, he repeatedly accessed the servers of Allen & Hoshall, his former employer, to download digitally rendered engineering schematics and more than 100 PDF documents containing project proposals and budgetary documents.

Needham also admitted to accessing, on hundreds of occasions, the email account of a former colleague at Allen & Hoshall, which provided Needham access to the firm’s marketing plans, project proposals, company fee structures and the rotating account credentials for the company’s internal document-sharing system.

According to the plea, Needham used his unauthorized access to view, download and copy proprietary business information worth approximately $500,000.


Fry’s Electronics Employee Of 20 Years Found Guilty Of Embezzling $65.6 Million Over A 4 Year Period — December 24, 2008

A Ferrari-driving vice president of Fry’s Electronics who was allegedly such a heavyweight gambler that casinos chartered private planes to fly him to Las Vegas, has been arrested on charges he embezzled more than $65 million from the retailer to fuel his lavish lifestyle and pay off debts.

Ausaf Umar Siddiqui is accused by the IRS of concocting an incredibly profitable scheme in which he cut side deals with some of Fry’s suppliers, buying their goods at higher prices than they would normally get, and buying more of them than he normally would, in exchange for kickbacks of up to 31% of the total sales price.

The IRS alleges in a criminal complaint filed against Siddiqui that he set up a shell company that hid $65.6 million in kickback payments from five Fry’s vendors from January 2005 to November 2008. Of that amount, $17.9 million was paid to subsidiaries of Las Vegas Sands, which operates the Venetian Casino Resort, according to the criminal complaint and regulatory filings. Authorities confirmed the payments went to the casino

The company overpaid for merchandise that was later sold at a reduced price resulting in a significant financial loss for the company. The leftover money was deposited into a shell company account, PC International, controlled by Siddiqui.

As the former Vice President of Merchandising and Operations for Fry’s, Siddiqui supervised a staff of 120 individuals responsible for buying all merchandise sold at the 34 Fry’s locations in the United States. It is alleged that Siddiqui convinced executives at Fry’s Electronics that despite his staff of 120 he should be solely responsible for the purchasing from suppliers, instead of independent contractors, resulting in the vast amount embezzled from the electronic chain.

The IRS filed a criminal complaint against Siddiqui in 2011. After filling the complaint, the IRS further examined Siddiqui’s bank records. He had racked up $167 million in gambling losses over 10 years and had taken out loans totaling approximately $10.4 million. In addition, the IRS had a $18.5 million lien on his property for unpaid taxes.


IT Systems Administrators Sabotage Cost $10 Million+ And As A Result Had To Lay Off 80 Employees

An angry systems administrator — who alone developed and managed his company’s network — centralized the software that supported the company’s processes on a single server. He then coerced a coworker to give him the only backup tapes for the software. After the systems administrator was fired for inappropriate and abusive treatment of his coworkers, a logic bomb he had planted deleted the only remaining copy of the critical software from the company’s server. The company estimated the cost of damage in excess of $10 million and as a result had to lay off 80 employees.

Malicious Insiders Who Thought Outside the Box

Terminated Employee Uses Google Remote Desktop To Steal Trade Secrets — November 24, 2015

In late 2015, Atlantic Marine Construction Company, a Virginia Beach construction company, filed a lawsuit against a former Vice President of Construction and his new employer, alleging various causes of action arising out of the VP’s trade-secret theft. At first glance, this lawsuit reflects a familiar scenario: a departing employee steals proprietary data on his way out and later provides it to a competitor. This case includes an interesting twist, however. Atlantic Marine alleges that the VP stole the trade secrets at issue after he was terminated, using a software tool to access his former employer’s network.

The former VP allegedly stole the information at issue using Google Chrome Remote Desktop, a program that allows users to remotely access and control one computer from another over the Internet. Atlantic Marine alleges that the VP installed the program on a work computer during his employment without authorization. Then, after his termination, the VP logged on to the software with his personal Gmail address and accessed Atlantic Marine’s computer network at least 16 times to view, copy, and download various trade secrets, including proposal sheets with contract details, formulas used for calculating costs, and other valuable confidential data. The complaint, filed in federal court in the Eastern District of Virginia, alleges violations of the federal Computer Fraud and Abuse Act, the Virginia Computer Crimes Act, and the Virginia Uniform Trade Secret Act.

Notably, the alleged trade-secret theft at issue in the Atlantic Marine case could likely have been avoided by simply wiping the hard drive of the VP’s work computer upon termination, although this step could be at odds with an employer’s desire to preserve evidence in the event of future litigation. A different, safer step would have been to remove and preserve the VP’s hard drive, which would both keep the hard drive for future purposes and also prevent it from being used for removal of data.


GE Employee Charged With Stealing Company’s Trade Secrets — August 2, 2018

A General Electric engineer in New York state with ties to businesses in China was arrested on Wednesday for allegedly stealing trade secrets related to GE turbine technology, according to the U.S. Department of Justice.

Xiaoqing Zheng, an American citizen believed to also hold Chinese citizenship, is accused of using a technique called steganography to conceal the GE data inside the binary code of an innocuous-looking digital picture of a sunset. He then sent the picture to his personal email address.


Steganography software is available on many websites and can be downloaded for free. Some of the steganography software available does not require installation. The software is a self-running executable, just download, click the mouse, and the software launches.

Rogue Employee Sets Up A Cypto Mining Server Under Data Center Floorboards — March 27, 2018

Cybersecurity firm Darktrace picked up on puzzling traffic patterns within a European bank, including servers that seemed to be connecting from an IP address in the company’s data center.

When they inspected it in person, by physically tracing cables, its experts realized that a rogue employee had set up a “cypto mining side business” under the data center floorboards.


How Many People Can Be Involved In An Insider Threat Incident?

Navy Bribery, Fraud And Corruption Scandal — September 20, 2018

Leonard Glenn Francis, a Malaysian defense contractor, has pleaded guilty to bribing “scores” of Navy officials with cash, prostitutes and other gifts — such as hotel stays, airfare and electronics — so that they would feed him classified or inside information, which he used to defraud the Navy, and to win lucrative contracts for his Glenn Defense Marine Asia company.

This incident is considered the worst corruption scandal in Navy history. Civilian authorities have filed criminal charges against 33 people. According to the Navy, an additional 550 active-duty and retired military personnel — including about 60 admirals who have come under scrutiny for possible violations of military law or ethics rules. The Navy says it has cleared more than half of those personnel, but has substantiated misconduct by about 70 people so far. It is keeping most of their names a secret.

Between 2006 and 2013, Francis handed out $1 million in lavish meals, alcohol and Cuban cigars, among other gifts. At his parties, naval officers reveled in the attention of an “armada of prostitutes.” According to documents accessed through the Freedom of Information Act, Francis hosted such feasts and sex parties on 45 separate occasions over a span of seven years. He has pleaded guilty to bribery and defrauding the military of $35 million. Some officials believe, however, that the figure may have been significantly higher.


Employee Sentenced To Prison For Role In Massive Identity Theft And Tax Fraud Scheme Involving 130+ Individuals  — May 3, 2016

A resident of Bowie, Maryland, was sentenced to four years in prison after pleading guilty in January for his involvement in a far-reaching identity theft and tax fraud scheme in which he assisted in the filing of fraudulent federal income tax returns seeking more than $4.4 million in refunds.

Marc A. Bell, 49, a former employee of the District of Columbia’s Department of Youth Rehabilitation Services (DYRS), admitted taking part in a massive and sophisticated identity theft and false tax return scheme that involved an extensive network of more than 130 people, many of whom were receiving public assistance.

According to court documents, the scheme involved the filing of at least 12,000 fraudulent federal income tax returns that sought refunds of at least $42 million from the U.S. Treasury. The false tax returns sought refunds for tax years 2005 through 2013 and were often filed in the names of people whose identities had been stolen, including the elderly, people in assisted living facilities, drug addicts and incarcerated individuals. Refunds also were sent to people who were willing participants in the scheme. The refunds listed more than 400 “taxpayer” addresses located in the District of Columbia, Maryland and Virginia.

According to documents filed with the court, from 2005 to 2013, Bell was employed as a program manager, program officer or placement expeditor at the District of Columbia’s Department of Youth Rehabilitation Services (DYRS). In his various capacities at DYRS, Bell had access to the agency’s database system, which contained the personal identifying information of DYRS youth, including their names and social security numbers.

Bell admitted that between approximately May 2010 and April 2013, he used his computer access to obtain the personal identifying information of at least 645 then-current and former DYRS youth. Bell admitted that he provided this information to other scheme participants, who used the names and social security numbers to file at least 1,160 fraudulent federal income tax returns that claimed refunds of approximately $4,441,194. The IRS issued approximately 700 U.S. Treasury checks, totaling approximately $2,422,211, in the names of the DYRS youth in whose names the tax returns were filed. Bell received financial compensation from co-conspirators for providing the stolen identities.


Samsung Supplier Leaked Blueprints of Samsung’s Bendable Screen Technology — November 30, 2018

Samsung’s latest bendable screen technology has been stolen and sold to two Chinese companies, according to prosecutors in South Korea.

The Suwon District Prosecutor’s Office charged 11 people on Thursday with stealing tech secrets from Samsung (SSNLF), the office said in a statement.

The prosecutors allege that a Samsung supplier leaked blueprints of Samsung’s “flexible OLED edge panel 3D lamination” to a company that it had set up. That company then sold the tech secrets to the Chinese firms for nearly $14 million, according to the prosecutors

Prosecutors said Samsung invested six years and $130 million to develop the bendable screen.


Poor Cyber Threat Awareness Training

Just 1 Click Of The Mouse Erased Data On 35,000 Computers (Caused By Insider) — August 9, 2015

It was known inside the InfoSec community, but now more details have been made public through CNN after a BlackHat 2015 presentation. Until now, little of this was publicly known. But Chris Kubecka, a former security advisor to Saudi Aramco after the hack, spoke to CNN Money about her experience.

Three years ago, the world witnessed the worst hack ever seen on Saudi Aramco, one of the world’s largest oil companies.

It started sometime in mid-2012. One of the computer technicians on Saudi Aramco’s information technology team opened a scam email and clicked on a bad link.

In a matter of hours, 35,000 computers were partially wiped or totally destroyed. Without a way to pay them, gasoline tank trucks seeking refills had to be turned away. Saudi Aramco’s ability to supply 10% of the world’s oil was suddenly at risk.

U.S. intelligence officials believe the attackers to be Iranians, and they did not just erase data on 35,000 Saudi Aramco computers; they replaced the data with an image of a burning U.S. flag.

Now one of the most valuable companies on Earth was propelled back into 1970s technology, using typewriters and faxes.


Phishing E-Mail Leads To Hacked Laptop That Compromised Entire Network — December 14, 2018

A corporate laptop being used in a coffee shop on a weekend, was enough to allow a sophisticated cyber crime group to compromise an organization’s entire infrastructure.

The incident began when an employee of the manufacturer took their laptop to a coffee shop, and visited the website of one of the firm’s partners. The user visited the site after being directed there by a phishing email.

The partners website had been compromised by FakeUpdates malware. The malware shows users pop-ups which claim their browser software needs updating. The laptop became infected.

The infected laptop then served as an entry point for the attackers to compromise the corporate network, allowing the attackers to access dozens of systems that could be compromised by taking advantage of the user’s permissions (Privileged User)

This exposure allowed the attackers to install Framework POS malware on the retail store server with the intention of stealing credit card data.

The security software being used by the clothing company relied on devices being inside the corporate network to pick up threats. As the laptop was being used outside the network, this incident didn’t become apparent until the laptop was back in the office — by which time it was too late.

The company that fell victim to the hackers was an apparel manufacturer with an extensive global presence, including retail locations.


Spoofed E-Mail Cost Company $44 Million In CEO Fraud Attack — September 2016

One of the world’s largest cable manufacturers Leoni AG publicly confessed that it had fallen victim to a classic CEO Fraud attack that has cost the company a whopping $44 million dollars.

According to authorities, a young woman working as CFO at Leoni’s Bistrita factory, located in Romania was the target of the scam.

The attackers crafted emails to appear like legitimate payment requests from the head office in Germany, sent by one of the company’s top German executives. When the CFO received the e-mail she proceeded paying out $44 million.

According to the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT), the scammers had extensive knowledge about the internal procedures for approving and processing transfers at Leoni, meaning the network had been penetrated earlier, highly likely through phishing emails, and the bad guys had been doing recon for months.


Poor Security Practices

How Bank Hackers Stole 1.25 Million With A Simple Piece Of Hardware — April 4, 2013

This incident sends a clear warning to take great care over who can gain physical access to your offices, and how closely visitors should be monitored — especially if they are an unfamiliar face.

On 4 April 2013, Darius Bolder, walked into the Swiss Cottage branch of Barclays bank in North London and — posing as an IT technician — managed to gain entry to the back office.

He now had physical access to the bank’s IT systems, and was able to connect a KVM (Keyboard / Video / Mouse) device to a computer.

The device, an innocuous-looking black box, was attached to a 3G router, and allowed hackers holed-up in a nearby hotel to record staff passwords and screen activity, enabling them to make 128 financial transfers worth £1,252,490.

The money transfers went to a network of mule accounts, specially set up to launder the stolen cash.


CIA Contractor Secretly Hoards His Classified Work At Home For 10 Years — May 30, 2018

A 10 year (2006-2016) CIA employee Reynaldo B. Regis of Fort Washington, Maryland, recently pleaded guilty to hoarding classified information during his 10-year stint working for various contractors within the CIA.

Regis pleaded guilty to lying to the FBI when he claimed he never transferred classified information into his personal notebooks and that he never removed classified information from his work space.

As everyone who has security clearance is aware, the rules of engagement follow along the tenets of least privileged access — strict need to know. Regis found that his access to the classified databases of the CIA was wide and apparently very interesting.

Regis conducted both unauthorized searches within the CIA databases, as well as those associated with his work.

His access was such that he was able to become knowledgeable of “CIA programs, operations, methods, sources, and personnel.”

Regis would make notes on each of his searches into his notebook and then take the notebook out of the CIA to his residence daily. Apparently, none of the routine package / bag inspections at the CIA building where Regis was employed caught Regis carrying his notebooks. Or if the notebooks were detected, they were not recognized as containing classified information.

Regis now faces up to five years (maximum) in prison. He will be sentenced Sept. 21, 2018. For now, he has been released on $10,000 bail, has surrendered his passport, may not travel outside the Washington, D.C., metro area, and may not change his current place of residence without court permission.


Information Theft Made Easy

Global Study Reveals Majority of Visual Hacking Attempts Are Successful — August 10, 2016

Organizations around the world are at risk of sharing highly sensitive information through visual hacking in business office environments.

This risk was revealed in the 2016 Global Visual Hacking Experiment, an expansion of the 2015 Visual Hacking Experiment conducted in the United States by Ponemon Institute and sponsored by 3M Company.

The global study included trials in China, France, Germany, India, Japan, South Korea and the United Kingdom. The combined results found that sensitive information was successfully captured in 91% of visual hacking attempts globally.

The experiments involved 157 trials with 46 participating companies across the eight countries. They exposed low-tech hacking methods as a significant risk to corporations around the world. The findings revealed that organizations need to create awareness among employees on protecting data displayed on device screens, as 52% of the sensitive information captured during the experiments came from employee computer screens.

In the experiments, a “White Hat Visual Hacker” (WHVH) assumed the role of temporary office worker and was assigned a valid security badge worn in visible sight. The WHVH attempted to visually hack sensitive or confidential information using three methods:

  • Walking through the office scouting for information in full view on desks.
  • Observing computer monitor screens and other indiscrete locations like printers and copy machines.
  • Taking a stack of business documents labeled as confidential off a desk and placing it into a briefcase.
  • Using a smartphone to take a picture of confidential information displayed on a computer screen.

All of the methods above were completed in front of other office workers at each participating company. In 68 % of the hacking attempts, office personnel did not question or report the visual hacker even after witnessing unusual or suspicious behavior.

Experiment Results

Trademark Notice