BEWARE, very soon big brother will be able to follow you to work. Software is being designed to allow companies to flag up employees who are potential saboteurs, industrial spies or data thieves. It might also flag up whistle-blowers.
US companies surveyed earlier this year said at least one-third of damage to business due to cybercrime was committed by insiders. “Many of the biggest financial losses tend to be due to trusted insiders, individuals who steal or who disable computer systems,” says Gilbert Peterson at the Air Force Institute of Technology (AFIT) in Ohio.
Writing in a forthcoming edition of Digital Investigation, Peterson and colleagues say their software is based on an open-source algorithm called Author-Topic. Developed by researchers at the University of California, Irvine, it gauges which topics authors commonly write about. Fed a series of documents, such as academic journal articles, Author-Topic examines the frequency with which words appear in each and uses that to infer which topic that document is about. It then identifies topics that each person writes on most.
Peterson’s team uses the software to analyse emails, rather than articles, and extra software records whether people are sending emails internally or externally. Their system identifies people who are not discussing certain, expected topics - say social activities - with their colleagues, and flags them as possibly feeling alienated. It also identifies those who are discussing sensitive topics externally and classes them as having “clandestine, sensitive interests”. People who are flagged in both categories could pose a risk to a company, say the authors.
In addition to potential saboteurs, the software can also spot whistle-blowers. When it was fed the 250,000 emails sent between employees at bankrupted energy company Enron, it flagged employee Sherron Watkins as one of just three who were both alienated and had clandestine, sensitive interests. It was Watkins who blew the lid on the firm.
The search engine IDOL, made by Autonomy in the UK, can also detect insider threats, according to managing director Mike Lynch. But the AFIT system will be open-source, so organisations will be able to use it for free. In most US states such software is legal, but Ian Brown of the Oxford Internet Institute says that in Europe employees can only be monitored if they are suspected of fraud.
EDITOR’S NOTE: PRIOR PERMISSION IS REQUIRED BEFORE ANY REPRODUCTION OF THIS STORY IN FULL
IF REPORTING ON THIS STORY, PLEASE MENTION NEW SCIENTIST AS THE SOURCE AND, IF REPORTING ONLINE, PLEASE CARRY A LINK TO: http://www.newscientist.com
UK CONTACT - Claire Bowles, New Scientist Press Office, London:
Tel: +44(0)20 7611 1210 or email firstname.lastname@example.org
US CONTACT – New Scientist Boston office:
Tel: +1 617 386 2190 or email email@example.com
"This article is posted on this site to give advance access to other authorised media who may wish to report on this story, or quote extracts as part of fair dealing with this copyrighted material. Full attribution is required, and if reporting online a link to www.newscientist.com is also required. This story posted here is the EXACT text used in New Scientist magazine, therefore advance permission is required before any and every reproduction of each article in full. Please contact firstname.lastname@example.org. Please note that all material is copyright of Reed Business Information Limited and we reserve the right to take such action as we consider appropriate to protect such copyright."
THIS ARTICLE APPEARS IN NEW SCIENTIST MAGAZINE ISSUE: 1 DEC 2007. EMBARGOED UNTIL WED, 28 NOV 2007, 13:00 HRS ET US (18:00 HRS GMT)