Insider Threat Example: Coworkers Accessing Other Coworkers’ Email Messages

Back in the mid-1990’s, a middle manager knew that the print queue messages for all the emails in the large organization were viewable in clear text; all you had to know was which printer queue to open. He would lurk in the print queues each day, all day, for all the printers all the other middle managers, and executives, used, and he would copy all the email messages he found that could be “advantageous” to his career. He amazed a lot of people by always seeming to know what was going on before anyone else did.
I was reminded of this particular mole-manager as I just read a news story, “Philly News Anchor Target in FBI Probe: FBI Investigates Anchor in Suspected Hacking of Fired Co-Anchor’s E-mail

Allegedly, the older male anchor, Larry Mendte, became jealous of his younger female co-anchor, Alycia Lane, and forwarded many of her email messages to the gossip sites that covered her career and social activities.
However, upon reading the story it looks to me like the station may have some significant security vulnerabilities in their network and/or email system. Here are a few snippets from the news report…

“An evening news anchor is under federal investigation and off the air after his fired co-anchor complained that someone may have hacked into her e-mails and leaked them to gossip columnists.”

“Lane says she began to suspect this year that her private e-mails were being accessed and forwarded to news outlets that have covered her career and social life. The FBI took the case, and the investigation eventually led to Mendte, 51. The station had hired Mendte, the one-time co-host of “Access Hollywood,” and the striking Lane, dubbed “the Latina bombshell,” in July 2003 to boost its sagging ratings.”

“The e-mail interceptions allegedly took place while Lane was defending herself on the criminal charges in the New York police case and preparing to sue the station for wrongful termination, Rosen said.”

So how were these email messages “intercepted”?

  • Perhaps he, too, like the mole-manager I used to know, lurked in the inadequately-secured print queues, where he found the juicy messages from and to Lane.
  • Perhaps Lane had shared her email password with someone else, who was careless and subsequently others used it.
  • Perhaps Lane herself was careless with her password, perhaps posting it on a memo note or some other common human security violation.
  • Perhaps Lane used a poor email password.
  • Perhaps Lane left her computer unattended and unsecured, and Mendte quickly changed the email settings to forward copies of all of her email messages to his personal email account.
  • If this was during an investigation, perhaps the investigators for the case were careless and left print messages of Lane’s laying about for others to find.
  • Or, perhaps the investigators sent copies of all the email messages to an email folder or network directory that was not properly secured, or to which Mendte also had authorized access.
  • And so many more possibilities…

Hopefully the information security department at KYW-TV is reviewing this incident and making changes to ensure something similar will not re-occur.

Tags: , , , , , , , , , , , , ,

Leave a Reply