> CHS1 [Confidential Human Source] is cooperating with the FBI because of patriotism to the United States and a perceived obligation to Victim Company A. CHS1 has not asked for and has not been offered any form of payment, including consideration regarding immigration or citizenship.
Does that mean this person is a foreign national? Would it be risky for this person to return home (perhaps to Russia?) after assisting the US government in this way?
If I were the FBI I would be putting this dude in witness protection and building them a new identity.
we often theorize about / present a threat model of an insider becoming malicious in exactly this way. rare that we hear of it actually occurring.
the number used in such threat modeling scenarios is typically $1MM. maybe we need to up that to $4.5MM. (per TFA)
note the simplification in the headline: the $1MM was merely the insider’s share, not the proposed ransomware amount.
Most companies struggle with basic security controls like patching. Very few would survive insider threats with admin creds.
