Nothing compromises network security more than the users themselves. Dishonest employees with a motive can easily do greater damage than even the most skilled hackers who deploy the most sophisticated of techniques.
The FBI arresting Bo Zhang, a New York based computer programmer last week on charges of stealing proprietary software code from the Federal Reserve Bank of New York underscores this fact. The software in question is the “Government-Wide Accounting and Reporting Program” (GWA) used for processing U.S. government financial transactions.
Bo Zhang, a contract employee assigned to the Federal Reserve Board of New York (FRBNY) to further develop a specific portion of the GWA source code allegedly misused his access privileges to steal the code. After the arrest, Zhang admitted to copying the GWA Code onto his hard drive at the FRBNY and then to a bank-owned external hard drive. He then transferred the code from the external hard-drive to his private office computer, home computer, and laptop.
Zhang’s motive was apparently to train individuals in the code, in a private business that he ran. However, the intentions of theft are immaterial, for the breach compromised the security of this critical source code. Zhang probably did not expose transaction data and personal identity information or steal federal funds, but an enterprising criminal can very well use such a route to devastating effect.
Zhang faces up to 10 years in prison and a $250,000 fine if found guilty.
This episode is an eye-opener to strengthen security procedures for internal employees, especially contract employees, on whom the in-house company has very little information or control.
JAN
