erty and financial data. For example, attackers have been able to compromise home refrigera-
tors that have Internet connectivity. The attackers then used the compromised refrigerators to
send out malicious emails to other potential victims to grow their botnet. The term thingbot is
gaining popularity to describe botnets that include IoT devices that can be leveraged to attack
organizations and targeted individuals.
Disgruntled or Nosy Employees
This group includes employees of an organization who may be disgruntled, nosy, or whistle-
blowers. It is always easy to obtain access to devices that are on an internal network that one
already has access to. Many organizations do not do a good job of designing role-based access
controls that restrict employees’ access to company information, given the added cost of
implementing and maintaining such controls. And in many cases, disgruntled employees
already have legitimate access to sensitive data based on their duties.
The data leak surrounding the 2014 attack on Sony Pictures caused the company to halt
the theater release of the movie The Interview because the attackers threatened physical dam-
age to movie theaters as well as leakage of additional data. Initially, the attack was attributed to
North Korea since the plot of the comedy movie included the assassination of leader Kim
Jong-un. However, later speculation by industry experts has lent credibility to the notion that
the attack was probably carried out by disgruntled individuals who were former employees
and knew the weaknesses of the company’s network infrastructure, which allowed them to
access company data. The attackers obtained and released copies of executive emails, includ-
ing the one pictured in Figure 7-27. In this email, a Sony executive and a prominent film pro-
ducer exchanged messages about President Obama that are racist in nature. Both the execu-
tives later issued a public apology for engaging in the conversation.
ABUSE CASES IN THE CONTEXT OF THREAT AGENTS 219