back to article Could you hack your bosses without hesitation, repetition or deviation? AI says: No

Businesses find themselves in a world where the threat to their networks often comes not simply from a compromise of their computers, servers, or infrastructure, but from legitimate, sanctioned users. There is nothing new about the notion of cyber-attackers seeing human beings as their biggest target. For years, real-world …

  1. Pete 2 Silver badge

    Career progression

    > But attackers who are already on the inside of a network, abusing his or her credentials for nefarious intent without anyone the wiser are rapidly gaining notoriety.

    It has been a source of puzzlement for years - no, decades, why IT workers with admin prvileges are so reluctant to use these for their own benefit. It should be quite easy for any sysadmin worth their paycheck to insert whatever sort of "payload" they choose onto their boss's computer. Or their boss's boss or ..... the CEO. Or even a co-worker who they dislike or who's job they would view as a promotion (that alone would be enouigh motivation for people to secure their own kit).

    That is, if "icky" stuff would actually need to be placed there - rather than the individual in question having already done the dirty work and it just needing to be discovered and reported.

    1. JimmyPage
      Boffin

      Re: Career progression

      It has been a source of puzzlement for years - no, decades, why IT workers with admin prvileges are so reluctant to use these for their own benefit.

      Well, firstly, it's a pretty crap setup if "admin" access is a synonym for "access all areas" for a single person, unless it's a small outfit. In which case there's probably other mechanisms in place (like working next to your boss). Even going back 10 years when I was sysadmin for a small business, there were things I didn't have access to (the directors email, for one).

      And even if you had genuine God access, the question is how to use it "to your own benefit" ? Because if you could devise a way to do so - and make it undetectable then (a) what are you doing being a sysadmin, and (b) well .... how do we know it hasn't happened ?

      Finally, it's a hard enough life getting the systems to do whatever nonsense the business is crying out for today, let alone getting it to do something off piste.

    2. Anonymous Coward
      Anonymous Coward

      Re: Career progression

      "It has been a source of puzzlement for years - no, decades, why IT workers with admin prvileges are so reluctant to use these for their own benefit."

      You have a nice and well paid job (in comparison to a lot of other jobs at least), why screw it up?

      "That is, if "icky" stuff would actually need to be placed there - rather than the individual in question having already done the dirty work and it just needing to be discovered and reported."

      I have found stuff like that quite often, it's usually some unknowledgeable user who did something stupid. Nobody cares, you just clean it up and move on to the next ticket.

  2. keithpeter Silver badge
    Windows

    Management by exception?

    "For example, the range of contacts a user will interact with through an email system and the nature of that communication will almost always be within certain limits."

    Clueless end user here

    Yesterday, I had to contact two middle manager type people outside my normal silo on an urgent basis to resolve an issue for a prospective student with a very unusual profile of qualifications and support needs. Then I needed to document what was effectively a new clause in the usual process, and make sure all the people in the chain knew what I had done. Such is the responsiveness of a fairly small public sector organisation, I got that resolved fairly quickly, and my 'identity' in the organisation is a humble one.

    So, yes, as mentioned towards the end of the article, it will come down to the response by IT support to an outlier event once flagged. One hopes that will be of the 'gather more information' kind rather than some kind of banhammer.

  3. Nick Kew

    Isn't this just application of the principle of googling "how to kill your wife"? The kind of thing the Thought Police have been doing since ... I was going to say Orwell's time, but it goes back much further than that: God has been policing thoughts for millennia before that, as the totalitarian tendencies of His servants has waxed and waned.

  4. The Man Who Fell To Earth Silver badge
    WTF?

    Given how abismal AI AV products perform

    And how many don't even have false positive reporting mechanisms, why would anyone want to give AI the ability to destroy employees lives?

    1. Anonymous Coward
      Anonymous Coward

      Re: why would anyone want to give AI the ability to destroy employees lives?

      because AI is going to be cheap = more profit.

      And... because employees won't be able to afford hiring another AI to analyse their case to spot what went wrong there, and further hire another AI to present their case in court against the business AI that flagged them in the first place.

  5. Anonymous Coward
    Anonymous Coward

    UEBA identifies sudden deviations from the pattern

    AI, take notice! (or else corrupt "the pattern")

    Oh, you already did, sorry!

  6. c1ue

    The problem with UEBA is context.

    In particular, baselining assumes that bad behavior is outside the baseline behavior set - in reality, bad behavior is context dependent. A sales person copying a customer list into their phone is not a bad behavior...unless he's quitting the next day.

    There's also the issue of alternate data capture. The ignorant crims today will try to copy into USB hard drives in one go; the smart ones will space copying out. Particularly sensitive data - just take a phone snap. etc etc.

  7. Anonymous Coward
    IT Angle

    Baselining and AI-driven security

    AI-driven security, some sort of technological snakeoil, similar to the current fashion for attaching everything to AI or blockchain, to gave it credibility.

    The network perimeter has been compromised by attackers, threats, and risks on both sides of the firewall.”

    Don't have an inside to hack, have all internal transactions implimented using encryption and kerberos one time tickets or some such. Put everyone on the outside and impliment a full irrevocably audit trail with a hardware dongle required to attach to the system.

  8. Afernie

    "Could you hack your bosses without hesitation, repetition or deviation? AI says: No"

    Mr Cotton's Parrot... same question.

  9. Claptrap314 Silver badge

    Hard problem...blah, blah, blah, AI, blah, blah, blah

    And this is the worst form--assume that "usual" is the definition of good, and initiate "corrective" action accordingly. I've worked in microprocessor validation. I've paid more than average attention to security since I was a child. Usual is good for monitoring drones. Real predators, not so much.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021