Kim Philby was one of the most notorious double agents Britain ever produced – for three decades he secretly worked for the Soviet Union, passing it secrets, whilst sitting at the heart of MI6, the UK’s Secret Intelligence Service.
When his cover was blown in 1963, Philby defected to the Soviet Union, and died in Moscow in 1988.
BBC News has now uncovered a previously-unseen video recording of Philby giving a lecture to East German Stasi agents in 1981, describing how for years he walked out of his office with a briefcase stuffed with secret papers.
Snippets of the video have been released online.
“Every evening I left the office with a big briefcase full of reports which I had written myself, full of files taken out of the actual documents, out of the actual archives. I was to hand them to my Soviet contact in the evening. The next morning I would get the file back, the contents having been photographed, and take them back early in the morning and put the files back in their place.”
Furthermore, Philby explains that he believes he avoided suspicion because of his upper-class background.
Time and technology have moved in on the intervening years, but the threat posed by insiders within your organisation remains real.
Many security vendors and media focus on the threats of external hackers, malware attacks and the like – whilst turning a blind eye to the risk that you may have a rogue employee on your payroll, surreptitiously stealing information and causing harm to your business.
The reason for the focus on external threats is easy to understand – they are easier to stop. Preventing someone who you have invited into your organisation from stealing information and secrets can be a lot harder than stopping a remote hacker.
But don’t make the mistake of ignoring the insider threat. It may be harder to control, but the damage that can be caused by a spy in your midst can be considerable.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
6 comments on “Britain’s most infamous spy reminds us of the danger of the insider threat”
I seem to recall reading about Kim recently but it might have been another similar case – or the article in 2013 (I think it was) the BBC also posted on him.
I don't have any comments except to ask (with the risk of fuelling conspiracy theorists):
Did anyone notice the similarity between this case and that of Snowden ?
(If you want a hint: think about where Snowden is)
A good question that should be raised amongst all organisations is how they can and should recognise the insider threats to their prized assets, whether it be money, intellectual property or personal data relating to stakeholders, customers or other people.
Here, it could be an open forum for businesses big and small including organisations in the voluntary, charitable and non-profit sector as well as the public service to ask and answer these questions concerning their "crown jewels". This could involve how they can recognise the "Judas" in the midst and take the steps to avert an information leak or minimise the damage caused by that leak.
It would be foolish to assume similar threats do not exist currently. And whenever I see recommendations for ultra-complex passwords I think – that wouldn't help much when the crooks get backend access. Yes, you should avoid "password" but brute force attacks are for targeted accounts and for the normal person, just fear-mongering
Organisations need to wake up to the fact that their users, be they employees, contractors, partners, are their greatest risk. Afterall, they are the biggest known vulnerability we just can't patch. Whether the risk comes from users exploiting their access in malicious ways a-la Philby and Snowden, or just being human and making genuine mistakes, we must address it by limiting the rights our users have, enforcing appropriate access controls and monitoring user activity to detect anomalous behavior. Until we do, we're just making things too easy for those intent on getting their hands on our data or IP.
'The reason for the focus on external threats is easy to understand – they are easier to stop'
I think the answer lies deeper – similarly to the Philby case, nobody wants to believe that the good chap who works long hours and is a real company man could possibly be a traitor. The damage can go far deeper than just what is stolen from the company when something like that gets out. A lot of boards would far prefer to just hope it doesn't happen to them…
"If you see something say something", but who do you say it to, who isn't going to share it with the wrong people?
If the one who's corrupt is your company's interface to the outside world, that's a problem