Angry Employees Downloading Viruses And Spyware On Purpose?

from the take-that dept

While external hack attacks have surpassed disgruntled employees causing problems, that doesn't mean those disgruntled employees don't exist. While the more technically minded disgruntled employees may cause problems by shutting down a computer system or some other nasty little trick, apparently some upset employees are taking to a different form of corporate "civil disobedience." 23% of companies surveyed claim that they believe upset employees are downloading viruses and other malicious software on purpose just to cause trouble (the article doesn't make it clear how these companies knew the downloads were on purpose -- so you could question the study on that point). This doesn't go quite as far as the employee who wrote and sent out a virus to colleagues, but it certainly seems like the type of internal "hack" less technically savvy employees might try. Still, the overall impact of a company with any decent security software is likely to be minimal. Update: Ed Bott digs a little deeper and questions the study. His concerns are probably accurate.

Reader Comments (rss)

(Flattened / Threaded)

  1. identicon
    Ratliff, Aug 24th, 2005 @ 7:17am


    Doesn't the idea that a company's employees are intentionally downloading viruses sound like a convenient way for the people in charge of IT security to say it's not their fault? "Well, I hate to say this, but we can hardly protect against viruses if our own people are working against us." My extensive experience on both sides of the management divide has left me with the idea that managers are routinely encouraged to think of their employees as lazy, resentful, and malicious, so in a lot of cases it wouldn't be much of a stretch for them to believe this -- and for some people, it would be easier to swallow than the idea that they can't really protect their system from attack.

    reply to this | link to this | view in thread ]

  2. identicon
    JEB, Aug 24th, 2005 @ 8:26am

    Re: CYA

    When I read the statement, "IT security to say it's not their fault?", it sounded like politics being played. One of those, 'I'll show them who was right all along' scenerios. This problem addresses the lack of maturity in the industry. Eventually, this type of problem will all be moot.

    reply to this | link to this | view in thread ]

  3. identicon
    Nonesuch, Aug 24th, 2005 @ 8:31am

    How they know it's on purpose

    Corporations log all HTTP/FTP requests from internal clients to the Internet. Often the user is required to authenticate to the gateway, so you know it's really the employee not J. Random Hacker.
    If the logs show somebody searching google for VX information, seeking out exploit sites, and then downloading .arj files named for worms, then hunting around for a .arj extractor and downloading that, it's rather obvious what was going on.

    reply to this | link to this | view in thread ]

  4. identicon
    jeremiah, Aug 24th, 2005 @ 10:13am

    hottie in marketing...

    I'll tell you what, tho...that uber-hottie in marketing can download spyware all she wants if it means I get to sit in her cube flirting while running Spybot and AdAware.... :) :)

    reply to this | link to this | view in thread ]

  5. identicon
    Anonymous Coward, May 14th, 2007 @ 11:03am

    lets have SEX BABY

    reply to this | link to this | view in thread ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.