by: Bill Matherly Jr.
The individual a technical consultant for the TOROC committee gained unauthorized access to classified sections of the network. The reason for the breech in security or for the threat was not immediately known but with the quick reaction from law enforcement and the other computer security professional, steps were taken to mitigate the cyber attack.
This situation only disturbs me in the notion that, companies and various organizations have always been very weary about enlisting the technical prowess of a “hacker” to secure their proprietary network, the sensitive information and the contents of that thereof.
While it’s difficult to know which individuals are capable of fulfilling such internal attacks, it’s the responsibility of the company or organization who hire these types of individuals to make a strict effort to collect as much background information on the applicate applying for the responsibility to care for their intellectual properties, intellectual computer network and systems as possible.
A series of background checks on a per individual basis, could have indicated the type of ethics an applicant has and could have sent up some potential red flags that would be some sort of indication that trusting a certain individual with this type of control could be proven to be detrimental.
Instead in this instance the Olympic Committee, decided to opt for the standard public relations practice of spinning this off as “the person we trusted to care for our network, turned out to be a malicious hacker…”. This is not effective in addressing the underlying issue. The issue is NOT the person gained unauthorized access to a network, while as disturbing as that is, the underlying issue is that Olympic Committee failed to take the necessary risk assessment to ensure that type of cyber terrorism performed on a global scale would not happen.
Bill Matherly is a computer security consultant in Oklahoma City, and is a regular contributor of The Security Catalyst website. He can be reached via email at firstname.lastname@example.org. All views and opinions expressed in this article are not necessarily the views and opinions of The Security Catalyst web site or administrators.