In the Ponemon Institute’s 2018 study on insider threats, they found that insider threats cost commercial enterprises an average of $8.76 million per year*. Besides monetary motivation, government agencies also need to monitor insider threats and the communication of dangerous individuals to protect the public. Insider breaches, as illustrated by Edward Snowden, Henry Frese and Kevin Mallory, can threaten national security as well as result in civilian casualties.
In a highly competitive world reliant on technology to function, the need for computer surveillance software to guard against insider threats is apparent. Our objective was to create a program to protect companies and government agencies from insider threats. Our goal was to show techniques that can be used to monitor modern communication services. We limited the scope of this project to monitoring and exfiltrating data from Discord and Gmail as a test case. We also worked on communication mechanisms that would bypass modern IDS by mimicking an ordinary user’s internet browsing habits. Specifically, we’re using Google Drive and Reddit to exfiltrate data. Neither of those sites are considered malicious, nor is any traffic to those sites abnormal. By using these sites as our communication link, our activities would not trip an alarm in an intrusion detection system. For the scope of this project, we limited our command and control protocol to Reddit as it would be beyond the time constraints of this project to account for other command and control links. Once we are able to show that bypassing heuristic detection is possible, this project can be expanded to include other social media services and websites in the future. Finally, our goal was to compile all the data collected from the target in a secure manner, accessible only to authorized parties. It is our hope that by monitoring this data, insider breaches can be prevented and, in the event of a breach, can be used as evidence against the perpetrator. This project not only proposes a solution to insider threats but also contributes to the gap in research related to spyware and distributed communications.
* 2018 Cost of Insider Threats: Global. Technical Report. Ponemon Institute LLC, Tracerse City, MI. https://www.insiderthreatdefense.us/pdf/Ponemon%20Institute%202018%20Report%20-%20The%20True%20Cost%20Of%20Insider%20Threats%20Revealed.pdf
Sierra is a computer surveillance senior design project created for COMP 490 & 491L at California State University, Northridge during the 2020-2021 school year. Visit our project detals page to for more information.
LEARN MOREVisit the gallery for more photos.
Framework Overview
GUI Displaying Screenshot
GUI Displaying Browsing History
Copyright © California State University, Northridge
