When he was on assignment for the FBI in its Los Angeles field office, John McClurg was charged with bringing down hacker Kevin “Dark Dante” Poulson.
Poulson orchestrated a hack of Pacific Bell’s phone lines after breaking into one of its facilities to steal a stockpile of systems manuals. He famously hacked a Los Angeles radio station in 1990 to win a Porsche during a call-in contest, and when he was featured on America’s Most Wanted, he blocked calls to the show’s 1-800 phone line so no one could give tips on his whereabouts.
But McClurg, who is now the chief security officer at Dell Inc., did eventually catch up with Poulson. When he did, he also broke the three-layer encryption that Poulson used to cover his tracks by cracking his password. Poulson would be indicted and spend five years behind bars. That was before Poulson remade himself as a journalist, now a senior editor at Wired. McClurg has also pivoted his career, becoming a security specialist in the IT industry, and has been the chief security officer at Dell since February 2011.
Presenting at GTEC in Ottawa Oct. 29, McClurg described how he is turning his attention to a different type of spy – so-called insider threats that try to profit from selling the proprietary data of their employer. McClurg has finished the the pilot of his program that seeks to predict insider threats before they happen. Or as he calls it, a Business Assurance Program.
“We’re assuring the business by wrapping our arms around the trusted insider that will turn on their employer to hurt them,” he says.
The software designed by McClurg’s team considers more than 40 different factors to score the likelihood of a trusted insider turning on their employer. Details such as the level of clearance that person has and their history of compliance are just the beginning. McClurg’s system breaks down risk using multi-variate analysis across nine different factors and can dig into the company’s various data stores.
For example, the system can access expense-tracking software Concur to see how often an employee paid for group meals on the company dime, or used a personal credit card to cover expense instead of a corporate-issued credit card. Dell’s personnel management system can also be tapped to see if an employee is travelling to foreign destinations and whether a brief was provided on the purpose of that trip.
Employees that try to access areas higher than their clearance, receive negative feedback from a manager on a performance review, or near a known departure date from the company, their risk of becoming an insider threat is increased.
“You’re only limited by your imagination in a way,” McClurg says. “Rather than discarding data like we used to, we’ll want to keep all the data because correlations could become important.”
While Dell is using the tool solely for finding its own insider threats at the moment, McClurg has his eyes set on a bigger goal.
“This shouts business opportunity to me,” he says. “We’re talking to the business side of the house to see if they are interested as well.”
Not only could companies use the predictive system to prevent insider threats, he says, but there could be other potential uses – such as detecting that an employee may be the verge on a violent outburst that could harm colleagues. The product would fit well into Dell’s new approach as an IT services operation, a re-invention of the brand that has been in progress since founder Michael Dell came back to transform the PC sales organization. It’s now been one year since Dell removed itself from the public market, becoming a private entity.
While McClurg sees potential advantages of preventing insider threats before they happen, he also acknowledges the dangers of accusing a person of doing something before they actually do it.
“We won’t punish propensity. You can think all the evil things you want, you won’t go to jail,” he says. “Here in the Western world, we have a lot of freedoms that allow people to say what they want.”
It’s when that propensity turns into action that McClurg looks to enact punishment. And as Dark Dante will tell you, that’s not a situation you want to be in.