22nd October 2009 - The arrest of a former product engineer at Ford Motor Co. for stealing sensitive design documents worth millions of dollars is just one of many insider threats occurring on a regular basis nowadays, says Imperva, the data security specialist.

“As Personally Identifiable Information (PII), credit cards, and financial information become more commoditized on the black market, we’re going to start seeing more attacks focused on sensitive data that is considered intellectual property – such as Ford’s design documents. “ said Brian Contos, Chief Security Strategist at Imperva.

“Insiders abound regardless of the state of the economy, however, in difficult economic times the number of insider attacks is known to increase. Malicious insider actions are often triggered by some type of crisis – personal, financial, or professional” he added.

According to Contos, the greatest threats are from the inside. Insiders can operate more quickly, easily, and with greater stealth than an outsider.

Insiders have two things outsiders don’t:  trust and access, he comments.  This makes barriers to committing the crime less of a technical issue and more of an ethical one. Criminals know this, and they know the return on investment of recruiting an insider is better than an external attack:  why hack when you can recruit.

While the case at Ford deals with sensitive data theft, consider attacks on critical infrastructure supported by nation-states or even terrorist organizations, he explained. The impact of a malicious insider is far more devastating than that of an external attacker.

Never before has so much information been so easily accessible by so many, added Contos. This in combination with a difficult economic environment is a perfect storm for malicious insiders.

“Unfortunately the actions Xiang Dong Yu (aka Mike Yu) aren’t that dissimilar from other high profile incidents of insider threat where millions of dollars worth of intellectual property were stolen and given to competitors” explained Contos.

Some examples include:

·         A Chinese national—a programmer at Ellery Systems in Boulder Colorado transferred proprietary source code to a Chinese competitor Beijing Machinery.  Subsequently, foreign competition directly attributed to loss of the source code drove Ellery Systems into bankruptcy. This incident was partially responsible for the 1996 Economic Espionage Act.

·         Yonggang (Gary) Min plead guilty to stealing $400 million in trade secrets from DuPont in 2006 after ten years as a research chemist with the intention of bringing it to a competitor.

·         Three Coca-Cola employees were charged with stealing confidential information and samples of a new drink and trying to sell them to Pepsi.

For more on Ford: http://www.infoworld.com/d/applications/facebook-outage-silences-150000-users-627

For more on Imperva: http://www.imperva.com

For further information or to speak to Brian Contos, please contact Darshna Kamani on 020 7183 2834 or email This email address is being protected from spambots. You need JavaScript enabled to view it.