The machine that learns how to stop whistleblowers

INSIDER THREAT John connects via VPN Administrator performs ssh (root) to a file share - finance department John executes remote desktop to a system (administrator) - PCI zone John elevates his privileges root copies the document to another file share - Corporate zone root accesses a sensitive document from the file share root uses a set of Twitter handles to chop and copy the data outside the enterprise USER ACTIVITY

An example of whistleblower behaviour taken from Harry McLaren’s slides

Workplace surveillance is nothing new, but this slide from Harry McLaren’s talk on Machine Learning for Threat Detection illustrates particularly well the challenges facing journalists wishing to protect whistleblowers.

McLaren is talking about malicious threats, and the way that machine learning can be used to identify suspicious patterns of behaviour. But the example given above is equally useful in illustrating the way that similar behaviour might be used to identify an employee intending to whistleblow on illegal, unethical or dangerous behaviour by his or her organisation.

Data Loss Prevention (DLP), network forensics, and content management technologies are already being used to prevent such leaks, but machine learning adds a new dimension to the field.

The point for journalists is that collections of small actions – including those which protect the whistleblower – can be just as compromising as obvious oversights like a lack of information security.

I’ve embedded video of McLaren’s talk (from May 2016) and the full slides below.

Advertisements

One thought on “The machine that learns how to stop whistleblowers

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s