Here We Go Again – Whistleblower or Cybercriminal?
Just the other day, Tesla got hacked by one of its now ex-employees, who did quite a bit of damage – stealing gigabytes of data and regularly, supposedly, exporting data and selling it to third parties. Hmmm, the trusted employee. Insiders are one of the primary causes of data breaches. They are cybercriminals and, quite frankly, despicable.
Now, remember this was an employee and most data breaches occur internally. Hmmm, got your thinking cap on? The perpetrator, I guess we could call him by his name, Martin Tripp, had complained he was not given a senior enough role at the company, and when managers identified problems with his job performance and reassigned him, he expressed anger and became combative with co-workers because of the decision.
Ok, combative is more than a clue. Did anyone ever think that maybe he was wrapped too tight? No one noticed? Supposedly, he coded an elaborate hack to leak trade secrets about electrical cars, and blamed unsuspecting colleagues to cover his tracks. He slipped “several gigabytes” of Tesla data, including photos and video, outside the network – several times, mind you. This is according to a lawsuit lodged by Elon Musk’s company. Nice guy. So, he does the hacking, and co-workers get blamed. The light bulb still doesn’t go off in someone’s head?
What’s next on the agenda? He wanted revenge for not getting a promotion. Well, our boy Martin showed incredible stupidity. He claimed he was a whistleblower, and that the batteries used in the cars were faulty. He then contacted media outlets as a whistleblower, and the media didn’t believe him, or, I should say, did not follow up with him. He is now seeking protection as a whistleblower. Now, I ask you, Martin caused significant damage to Tesla and he wants to be lauded for spilling the beans? And that’s assuming the beans are true. What is wrong with this picture? Wish I knew. I firmly support whistleblowers, but not using the method Mr. Tripp used.
You’re innocent until proven guilty. I don’t think Martin Tripp has much chance of walking away from this scot-free. We will see. The lesson, of course, is don’t ever underestimate the very high potential of insider threats.
And that brings up one final point. If the company in question had been using the appropriate security, data discovery, and classification solution, this would never have happened. Do you know where the cracks are in your organization? I bet you do.