Instant Ebook Access, One Click Away – Begin at ebookgate.

com

Managing the Insider Threat No Dark Corners 1st

edition Edition Safari

https://ebookgate.com/product/managing-the-insider-threat-
no-dark-corners-1st-edition-edition-safari/

OR CLICK BUTTON

DOWLOAD EBOOK

Get Instant Ebook Downloads – Browse at https://ebookgate.com

Click here to visit ebookgate.com and download ebook now
Instant digital products (PDF, ePub, MOBI) available
Download now and explore formats that suit you...

Managing the Insider Threat No Dark Corners 1st Edition

Nick Catrantzos

https://ebookgate.com/product/managing-the-insider-threat-no-dark-
corners-1st-edition-nick-catrantzos/

ebookgate.com

Insider Threat Protecting the Enterprise from Sabotage

Spying and Theft 1st Edition Eric Cole

https://ebookgate.com/product/insider-threat-protecting-the-
enterprise-from-sabotage-spying-and-theft-1st-edition-eric-cole/

ebookgate.com

Mobile Computing 1st edition Edition Safari

https://ebookgate.com/product/mobile-computing-1st-edition-edition-
safari/

ebookgate.com

Dark Waters An Insider s Account of the NR 1 The Cold War

s Undercover Nuclear Sub First American Edition Lee
Vyborny
https://ebookgate.com/product/dark-waters-an-insider-s-account-of-the-
nr-1-the-cold-war-s-undercover-nuclear-sub-first-american-edition-lee-
vyborny/
ebookgate.com
Programming in C 2nd Edition Safari

https://ebookgate.com/product/programming-in-c-2nd-edition-safari/

ebookgate.com

Separation Process Engineering Second Edition Safari

https://ebookgate.com/product/separation-process-engineering-second-
edition-safari/

ebookgate.com

A Shot in the Dark A Creative DIY Guide to Digital Video

Lighting on Almost No Budget 1st Edition Jay Holben

https://ebookgate.com/product/a-shot-in-the-dark-a-creative-diy-guide-
to-digital-video-lighting-on-almost-no-budget-1st-edition-jay-holben/

ebookgate.com

Documenting Software Architectures Views and Beyond Second

Edition Safari

https://ebookgate.com/product/documenting-software-architectures-
views-and-beyond-second-edition-safari/

ebookgate.com

The Dark Fortress 1st Edition Daniel Lipkowitz

https://ebookgate.com/product/the-dark-fortress-1st-edition-daniel-
lipkowitz/

ebookgate.com
 MANAGING THE
INSIDER THREAT
No Dark Corners

Nick Catrantzos
Managing the
Insider Threat

No Dark Corners
Managing the
Insider Threat

No Dark Corners

Nick Catrantzos
CRC Press
Taylor & Francis Group
6000 Broken Sound Parkway NW, Suite 300
Boca Raton, FL 33487-2742

© 2012 by Taylor & Francis Group, LLC

CRC Press is an imprint of Taylor & Francis Group, an Informa business

No claim to original U.S. Government works

Version Date: 20120123

International Standard Book Number-13: 978-1-4398-7293-2 (eBook - PDF)

This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to
publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials
or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material repro-
duced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any
copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint.

Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any
form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming,
and recording, or in any information storage or retrieval system, without written permission from the publishers.

For permission to photocopy or use material electronically from this work, please access www.copyright.com (http://www.copy-
right.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400.
CCC is a not-for-profit organization that provides licenses and registration for a variety of users. For organizations that have been
granted a photocopy license by the CCC, a separate system of payment has been arranged.

Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identifica-
tion and explanation without intent to infringe.
Visit the Taylor & Francis Web site at
http://www.taylorandfrancis.com

and the CRC Press Web site at

http://www.crcpress.com
 Contents

Foreword xvii
Preface xix
Author xxi

Part I DIAGNOSTICS
Chapter 1 The Problem and Limits of Accepted Wisdom 3
Introduction 3
The Problem 4
Terms of Reference 4
Historical Approaches 5
Types of Studies on Hostile Insiders 5
Studies Focusing on Motivations 6
Studies Focusing on Compilations and Cases 7
Studies Focusing on Cyber Insiders and More Controls 8
Losing Sight of Existential Threats by Aggregating Cases Too Liberally 8
Limits of Cyber-Centric Bias 9
Implications 9
Questions for Online or Classroom Discussion 10
Exercises for Group Projects 10
Endnotes 10

Chapter 2 New Research and Contrarian Findings 15

Delphi Research on Insider Threat 15
Initial Research Findings Confirming Accepted Wisdom 17
Alternative Analysis Takes Shape 18
Why Infiltrator vs. Disgruntled Careerist? 18
Infiltrator’s Challenges vs. Defender’s Capacity 20
Infiltrator Step 1: Get through Screening 21
Infiltrator Step 2: Gather Information 22
Infiltrator Step 3: Exploit Vulnerabilities 24

v
vi Contents

The Alternative 24
Balancing Trust and Transparency: The Copilot Model 26
Contrast with Traditional Strategy 27
New Insider Defenses 28
Close Probation 28
Transparency on the Job 28
Team Self-Monitoring 29
Comparison with Other Security Strategies 29
Questions for Online or Classroom Discussion 32
Exercises for Group Projects 32
Endnotes 33

Part II KEY PLAYERS

Chapter 3 Agents of Change—Corporate Sentinels 39
Key Activities 39
Corporate Sentinels 41
Traditional Role 41
Expertise and Alienation 41
Sentinel Alienation 44
Perfunctory Adaptation 44
Imperial Overreach or Power Play 44
Cronyism or Favor Exchange 45
Transformational Role in a No Dark Corners Approach 45
A Sentinel’s Guide to People Security 46
Human Relationships 46
The Dishonest Employee 47
Management Responsibility in Loss Prevention 47
Procedural Controls 47
Pre-Employment Screening 48
Personal Safety and Self-Defense 48
Workplace Violence 49
Unfair Labor Practices 50
Security and Civil Rights 51
Conclusion 53
Questions for Online or Classroom Discussion 55
Exercises for Group Projects 55
Endnotes 56
 Contents vii

Chapter 4 Agents of Change—Leaders and Copilots 57

Leadership’s Attitude to Sentinels and Insider Threat Defenses 58
Where to Begin 59
Know Your World 59
Start Somewhere 61
At Least Ask 61
Why Leaders Falter 62
The Issue–Attention Cycle Meets Insider Threats 63
Phase 1: Pre-Problem 63
Phase 2: Alarmed Discovery 64
Phase 3: Awareness of Difficulties 64
Phase 4: Gradual Decline of Public Interest 65
Phase 5: Post-Problem 65
Alternative Approach 67
Another Opportunity: Rotational Assignments 69
Questions for Online or Classroom Discussion 71
Exercises for Group Projects 71
Endnotes 71

Part III MAKING A DIFFERENCE

Chapter 5 Rethinking Background Investigations 75
Introduction 75
Traditional Background Investigation Process 76
Identity Verification 77
What Gets Investigated and How 77
Credentials and Credibility 78
Where Blurred Accountability Comes with a Price 79
Other Red Flags Often Unseen 80
Adjudication of Adverse Findings 80
Transformational Opportunities with a No Dark Corners Approach 81
Making a Team Out of Warring Camps 81
Alternative Process: Adjudication by Team vs. Fiat 82
Resolving Differences 82
Ramifications for the Entire Process 83
Who Should Perform the Background Investigation? 83
Case Study: A David Takes on Goliath in Pre-Employment Background
Investigations 84
viii Contents

The Setting 84
All-Find’s Approach 84
Pro-Back’s Approach 85
Business Outcome 85
Conclusion 86
An Overlooked Problem: Investigating the Nonemployee 86
Access the Real Issue 87
Questions for Online or Classroom Discussion 91
Exercises for Group Projects 91
Endnotes 91

Chapter 6 Deception and the Insider Threat 93

Introduction 93
Deception’s Role 93
Inadequacy of Defenses 94
Representative Methods for Detecting Deception 95
What Do Polygraph Examiners Know about Deception? 95
The Reid Technique 96
Background 96
Key Features 97
Limitations 97
The WZ Method 98
Background 98
Key Features 98
Limitations 98
Scientific Content Analysis 101
Background 101
Key Features 102
Limitations 102
Other Techniques for Detecting Deception 102
Cross-Examination 103
Background 103
Key Features 103
Limitations 103
Behavioral Detection 104
Background 104
Key Features 105
Limitations 106
 Contents ix

The Deceiver’s Edge 106

What Makes a Good Liar 107
No Dark Corners Applications 107
Interrogation 108
Application 109
Debriefing 109
Application 109
Interviewing 110
Application 110
Conversation 110
Application 111
Elicitation 111
Application 111
Where to Expect Deception from Trust Betrayers 111
The Infiltrator’s Deception 112
Deceptions Possible in Screening Process 112
Possible Indicators 112
Deceptions Possible during Probation Period 114
Possible Indicators 114
Deceptions Possible after Probation While Seeking Vulnerabilities 115
Possible Indicators 115
The Disgruntled Insider’s Deception 116
Deceptions Possible in Screening Process 116
Possible Indicators 116
Deceptions Possible during Probation Period 116
Possible Indicators 116
Deceptions Possible after Probation While Seeking Vulnerabilities 117
Possible Indicators 117
The Detection Dilemma 118
Context-Based Anomaly Detection 119
At Least Ask 121
Know Your World 121
Start Somewhere 121
The What-If Discussion 122
Sample Scenarios 122
Core Cast 122
Scenario 1: A Bad Feeling Early On 122
x Contents

Questions to Explore 124

Scenario 2: A Rising Tide of Concern 125
Questions to Explore 127
Deception’s Role in Scenarios 128
Questions for Online or Classroom Discussion 129
Exercises for Group Projects 129
Endnotes 129

Chapter 7 Lawful Disruption of the Insider Threat 135

Introduction 135
What Is Lawful Disruption? 135
Defender Dilemmas 138
Three Biases of Authorities That Risk Undermining the Institution 139
Prosecutorial Bias 139
Investigative Bias 141
Intelligence or Need-to-Know Bias 141
Deciding How Far to Go 143
Risks in Failure Analysis and Problem Solving 144
Representative Options: What Defenders Can Do Themselves 146
Changes That Increase Perceived Effort for the Desired Attack 146
Changes That Increase Perceived Risk for the Attacker 147
Changes That Reduce the Anticipated Yield of the Attack 148
Changes That Alter the Insider’s Guilt or Justification for Attacking 148
Techniques of Lawful Disruption by Employee Level 149
Leader Disruptions 150
Corporate Sentinel Disruptions 150
Team Member Disruptions 151
Techniques Based on Exploiting Disruptive Behaviors Already in the
Workplace 152
The Tank 153
Description 153
Disruption Value 153
The Sniper 153
Description 153
Disruption Value 153
The Grenade 154
Description 154
Disruption Value 154
 Contents xi

The Know-It-All 154

Description 154
Disruption Value 154
The Think-They-Know-It-All 154
Description 154
Disruption Value 154
The Yes Person 155
Description 155
Disruption Value 155
The Maybe Person 155
Description 155
Disruptive Value 155
The Nothing Person 155
Description 155
Disruptive Value 155
The No Person 155
Description 155
Disruptive Value 155
The Whiner 156
Description 156
Disruptive Value 156
The Layered Offense 156
Core Cast 156
Scenario 1: Disrupting a Suspected Infiltrator 156
Discussion 159
Scenario 2: Disrupting an Insider Threat of Workplace Violence 160
Discussion 162
Scenario 3: Disruption Taking an Unexpected Turn 163
Discussion 164
Scenario 4: Disruption at the Top 165
Discussion 167
Comparative Observations 167
Practice 168
A Distress Call and Unpredicted Turn of Events 169
Problem 169
Response 169
Disruptions 170
xii Contents

Potential Outcomes 170

Sequence of Actual Outcomes 171
Lessons Learned 172
Questions for Online or Classroom Discussion 172
Exercises for Group Projects 172
Endnotes 173

Chapter 8 Existential Insider Threats 175

Introduction 175
First Things First 175
Protecting People and Property 176
Defender’s Advantage in Dealing with Infiltrators 177
Spillover Effects from Defending against Existential Insiders 177
The Big Three Existential Insider Threats 178
Sabotage with Cascading Impacts 178
Decapitation Attacks through Assassination 182
Espionage Yielding Decisive Victory 183
Problems of Threshold and Accumulation 183
Aligning Existential Threat Defense with the DHS 186
What Makes It an Existential Threat? 187
Assistance with Evaluating Existential Magnitude 188
DHS Protective Security Advisors 188
Local Task Force Entities with a Protective Mandate 191
Red Teaming Defined 196
Where to Recruit Red Team Members 197
Red Teaming Value to Countering Existential Insider Threats 201
Red Team Members from Within 203
Drawing from the Risk or Vulnerability Assessment Team 203
Red Teaming More for Existential than Nonexistential Threats 204
Worse Case and Worst Case Scenarios 206
When Red Team or Special Resources Are Not an Option 206
Avoiding Warning Fatigue 207
Recommended: The Software Developer Approach 208
Conclusion 209
Questions for Online or Classroom Discussion 209
Exercises for Group Projects 210
Endnotes 210
 Contents xiii

Chapter 9 Other Insider Threats 215

Introduction 215
Cyber Attacks—Insider or Other Threats? 216
Threats of Violence 218
Domestic or Intimate Violence 218
Threats on the Job 218
Exploiting Employer Assets for Gain 219
Financial Gain 219
Self-Aggrandizement 224
Unifying Themes and Need for a Systematic Approach to Lesser Insider
Threats 226
The Threat Scale 227
Application of Threat Scale to Insider Threats by Category 230
Scale for Cyber Attacks 230
0: Nuisance Level 230
1: Escalating Irritation 231
2: Chronic, Active Disruption 231
3: Unacceptable, Proximate Harm 232
Scale for Threats of Violence 232
0: Nuisance Level 232
1: Escalating Irritation 233
2: Chronic, Active Disruption 234
3: Unacceptable, Proximate Harm 234
Scale for Exploiting Assets for Gain 235
0: Nuisance Level 235
1: Escalating Irritation 235
2: Chronic, Active Disruption 236
3: Unacceptable, Proximate Harm 236
Special Cases 237
Sympathizers 237
Lynch Mobs, Flash Mobs, and Overwhelming Crowds 238
Citizen Unrest and Uprising 240
Sporting Event Mayhem 241
Undermining Contemporaries 241
Prodigal Kin 242
Misguided Redeemers 243
xiv Contents

Fleeting or Occasional Insider Threats—A Nebulous Category of Others 244

Extortion as Another Indirect Threat 246
Lessons of One-Off Cases 246
Implication of Changing Workplace Dynamics for Insider Threats 247
The Shamrock Organization as Incubator for No Dark Corners 247
A Final Caution: Instant Intimacy and Insider Threats 249
Conclusion 250
Questions for Online or Classroom Discussion 251
Exercises for Group Projects 251
Endnotes 252

Chapter 10 Consulting for No Dark Corners Implementation 257

Introduction 258
The Inside–Outside Dilemma 258
Recommended: Outside Diagnosis, Hybrid Prescriptions, Internal
Implementation 261
Institutional Insertion Points for a No Dark Corners Program 262
Sudden Impact Response 262
Postmortem Redesign 263
Strategic Anticipation 265
Application Opportunities for No Dark Corners Consulting 266
Where to Begin 267
Consultant’s Role 269
Objectives and Resources 270
Metrics 270
Value 271
Fees, Compensation, and Effectiveness 271
Making Change Happen 272
Pilot Programs 273
Exemplars 273
Engaging 101: Some Features of Starting a No Dark Corners Assignment 274
Delivering 101: Some Ways of Navigating a No Dark Corners Assignment 277
Findings 101: Common Findings to Expect in a No Dark Corners
Consulting Engagement 280
Disengaging 101: Drawing the Assignment to a Close 281
The Laser and the Flashlight 283
Checking the Flashlight’s Bulb and Battery 284
 Contents xv

Conclusion 285
Questions for Online or Classroom Discussion 286
Exercises for Group Projects 286
Endnotes 287

Chapter 11 Answer Guide 289

Chapter 1 289
Chapter 2 291
Chapter 3 294
Chapter 4 298
Chapter 5 301
Chapter 6 303
Chapter 7 305
Chapter 8 307
Chapter 9 310
Chapter 10 313
Endnote 315

Appendix A: Three Rounds of Delphi Questions 317

A. Delphi Round 1 Questions 317
B. Delphi Round 2 Questions 317
Part I: Ratings 317
Part II: Questions for Your Reaction and Comment 318
Part III: Scenarios and Related Questions 319
C. Delphi Round 3 Questions 320
Rating Question 321
Countermeasures 321

Appendix B: Summary of Delphi Round 1 Findings Accompanying Round 2

Questions 323
Thoughts from Delphi Round 1 323
Analysis 324

Appendix C: Summary of Delphi Round 2 Findings Accompanying Round 3

Questions 327
Highlights of Delphi Round 2 327
Part I 327
Part II 327
Part III 327
Overall 328
xvi Contents

Appendix D: Delphi Expert Comments and Stories 329

A. Transparency: Pushing Out Management Data 329
B. Two-Person Rule 330
C. A Business Decision to Favor Infiltrators 330
D. Small World Insider Challenges 330
E. Why No “Broken Windows” in Infrastructure Defense 330
 Foreword

When conflict is a question of force against force, options are simple. Victory goes to the
side that has the bigger numbers, the better weapons, or superior maneuvering capability.
But what happens when the real danger comes from within? Insider threats scare all of us
because we can never be sure that we are so strong, so fast, or so powerful that one well-
placed betrayer cannot cost us everything. This book examines precisely this challenge of
our age, the insider threat, and how to defend against it.
Nick Catrantzos and I trace our collaboration to the 1990s, when Nick worked on
one of my consulting engagements for a major information powerhouse. The latter came
to me after spending tens of millions of dollars to anticipate an upcoming crisis situa-
tion. Somehow, though, corporate leaders had the nagging feeling that they may have
missed something. Nick’s job became to uncover what they had missed, while my job
was to figure out how to do this on a limited budget, with an impending deadline, and
on an uneven corporate landscape where not all departments involved in the project were
on the same page. Between the two of us, Nick and I found that the Achilles’ heel here
was that various departments were not communicating with each other and were thus
more likely to duplicate, collide, or fail when the actual crisis came. In a sense, the client
had adequately defended against outsider threats without realizing how vulnerable the
organization was from within. This, to me, offered a revealing insight into insider threats
and how they crop up in the best of organizations. The story ended well, but we had our
moment of truth in telling the bad news to the client. To the latter’s credit, they eventu-
ally asked me to send Nick to visit their headquarters after they had taken our recom-
mendations to heart and started bringing their various departments to work together in
crisis simulations and regular drills. In short, they brought their talented people out of
the dark corners into the light of shared purpose and collaboration. And they were proud
of this—even to the point of showing off in front of us. In my mind, this little consulting
engagement epitomizes what Nick’s No Dark Corners approach is all about.
Since this consulting involvement, Nick went on to study the conventional wisdom
on insider threats as a topic for a master’s thesis. The findings from his social sciences
research surprised him. Why is it that more controls do not work? Why does overreliance
on specialized security functions—called corporate sentinels—frequently end up being
counterproductive? Why don’t some standard insider defenses like background inves-
tigations expose hostile trust betrayers? These are some of the questions answered in
Managing the Insider Threat: No Dark Corners.
This book begins with a CliffsNotes version of Nick’s insider threat research and
ends with a thought-provoking examination of what it takes to advise an organization
on how to institute the No Dark Corners approach to insider threat defense, whether by
launching it internally or through outside, consulting resources. As I have learned in more
than 25 years of international consulting, sometimes where an organization stands on an

xvii
xviii Foreword

issue depends on where its advisers sit. Some entities accept, welcome, and insist on keep-
ing certain engagements entirely in-house. Others have to go outside not only for objec-
tivity but also to avoid the awkwardness of exposing certain doubts and vulnerabilities
to underlings or rivals in the same organization that they have to work with on a routine
basis. So this last chapter on consulting resonates particularly well with me.
In between the research findings and the last chapter, though, Nick presents some
fascinating contrarian ideas about issues such as

• Why infiltrators are more likely to be the more serious danger to an organization
than ordinary, disgruntled employees
• How deception plays a role in every kind of insider threat, from the most seri-
ous, existential threat to the kind of nuisance that just makes life more difficult
on the job
• How the smart leader and resourceful organization have more options than most
realize, particularly when it comes to using tactics of lawful disruption to thwart
hostile trust betrayers

This is just a small sample of what awaits the reader of this book. The reader will
find that this work taps a multitude of sources and the author’s expertise in offering new
insights into how to deal with the kind of threat every professional fears and, sooner or
later, must face. This book demystifies the insider threat, making solutions accessible to
any professional, not just to specialists. The No Dark Corners approach gives all of us
a chance to take a hand in our own protection. Written intelligently, supported analyti-
cally, and filled with useful case studies and examples, this book is destined to become
a classic in taking a holistic approach to solving a very vexing predicament. I hope you
enjoy it as much as I did.

James E. Gordon
Managing Director
Navigant Consulting
Hong Kong, 2011
 Preface

An enemy launching a frontal attack can be anticipated and repulsed. An adversary who
attacks from within, however, is not so readily countered. This book began as a study
seeking to identify defenses against trust betrayers who were targeting critical infrastruc-
ture. It then evolved into a thesis that earned top writing honors at the Naval Postgraduate
School1 and into a subsequent article in the peer-reviewed journal Homeland Security
Affairs. 2 Bolstered by further research commissioned by a professional security indus-
try association, the work next migrated into an industry research report, Tackling the
Insider Threat, 3 samplings of which reappear in this book in Chapter 10 in edited form,
with the permission of the ASIS Foundation. This book now synthesizes the findings of
these preceding works, building upon them to explore the insider threat in some of its
different dimensions and to present interpretive methods for applying No Dark Corners
strategies to contend with real-world insider trust betrayal as an existential and non­
existential threat.
Using a Delphi method, this work harvested insights of experts from mature arenas
of defense against insider threats, such as workplace violence and counterespionage, in
order to assist with defending against the insider threat to critical infrastructure. Findings
uncovered flaws in institutional defenses that adversaries can exploit, with infiltrators
posing a greater threat than disgruntled insiders. Resulting recommendations ran counter
to accepted wisdom. These recommendations shaped the contours of a No Dark Corners
approach that applies and extends seminal theories of Oscar Newman’s Defensible Space
and George Kelling’s Fixing Broken Windows.

ORGANIZATION OF THE BOOK

The student or practitioner will find this book progressing through three sequential
phases of exposition. Part I, Diagnostics, begins with problem definition (Chapter 1)
and research findings (Chapter 2) that led to the No Dark Corners strategy for address-
ing insider threats. With these foundational underpinnings, Part II then shifts gears to
examine agents of change, namely, key players in a position to implement or undermine
the No Dark Corners strategy, including corporate sentinels (Chapter 3) as well as leaders
affecting application of this approach (Chapter 4).
Next, in Part III, the book examines key areas where No Dark Corners–style engage-
ment can make a difference in the way the institution counters insider threats: rethinking
background investigations (Chapter 5), recognizing deception (Chapter 6), and lawful
disruption (Chapter 7). Continuing a migration from the theoretical to the practical in
applying the innovations of No Dark Corners within an organizational framework, suc-
ceeding chapters examine application challenges for existential threats and involvement

xix
xx Preface

with the Department of Homeland Security (Chapter 8) and for other institutions, such
as businesses facing nonexistential insider threats (Chapter 9) that are nevertheless dam-
aging to the enterprise, with both chapters noting particular challenges for representative
work environments. The final chapter (Chapter 10) offers a consulting framework for
introducing new insider defense insights into organizations and institutions seeking to
reduce their exposure to malicious insiders.
Throughout the book, each chapter offers questions to stimulate online or classroom
discussion as well as exercises or problems suitable for team projects. After the final
chapter, an answer guide follows, although it would be more accurate to label this not so
much a list of correct responses as propositions and thoughts to stimulate further inquiry
on the part of observers or practitioners.
Appendices at the end of the book present details that some readers might find arcane
while others might regard as too abbreviated. The first of these treats the Delphi ques-
tions and feedback material used in the original No Dark Corners research (Appendices
A to C), so that those wishing to use a similar method of social sciences inquiry can build
on and surpass work done to date in a field that has been previously visited but by no
means trampled. Another appendix (Appendix D) captures some of the representative,
unstructured insights that Delphi respondents offered during the period of inquiry.
No Dark Corners replaces a laser with a flashlight. The laser is the narrow beam of
workplace monitoring only by corporate sentinels or security specialists. The flashlight
is a broader beam of employee engagement and monitoring on the front lines at the team
level. There are no easy answers. No Dark Corners represents one approach to filling
the gaps in traditional insider defenses in order to deliver the victory of ownership over
surprise.

ENDNOTES

1. N. Catrantzos, No Dark Corners: Defending against Insider Threats to Critical

Infrastructure, MA thesis, Center for Homeland Defense and Security, Naval
Postgraduate School, Monterey, CA, September 2009.
2. N. Catrantzos, “No Dark Corners: A Different Answer to Insider Threats,” Homeland
Security Affairs, Volume VI, Number 2, May 2010. Retrieved May 11, 2011 from
http://www.hsaj.org/?fullarticle=6.2.5.
3. N. Catrantzos, “Tackling the Insider Threat,” Connecting Research in Security to
Practice, Alexandria, VA: ASIS Foundation, 2010. Content from Tackling the Insider
Threat was used with the permission of the ASIS Foundation.
 Author

Nick Catrantzos teaches homeland security and emergency management for the School
of Management, University of Alaska, Fairbanks. Formerly a security director for a large
public utility and critical infrastructure, he previously directed operations for two inter-
national security consultancies, Control Risks and Kroll Associates, and led public sector
vulnerability assessments under ManTech Security Technologies. In late 2009, he gradu-
ated from the Naval Postgraduate School’s Homeland Security Master’s Program, where
he won top writing honors for his thesis on insider threats. As an intelligence collector, he
was awarded the Meritorious Service Medal for outstanding service to two government
agencies. Subsequently, he safeguarded stealth technology in the defense industry.
Catrantzos first grew interested in insider threats while managing intelligence exploi-
tation of defectors at an overseas location. Subsequently, in the corporate arena during the
closing days of the Cold War, he handled the business aspects of defense against hostile
intelligence collectors and potential traitors seeking to clandestinely acquire the benefit of
advanced American technology. At Lockheed’s headquarters he oversaw all background
investigations of corporate employees and comanaged the institutional response to an
international hostage situation involving staff trapped in a war zone. Later, he developed
institutional policies and protocols for handling threats of workplace violence.
Catrantzos first began his involvement with infrastructure defense in 1996, when he
briefed the newly formed President’s Commission on Critical Infrastructure Protection.
He subsequently moved into private-sector security and crisis management consulting,
returning to concentrate on public sector vulnerabilities after the events of September 11,
2001.
The sole California representative to serve on three successive federal panels on drink-
ing water infrastructure, Catrantzos was recognized in 2007 with the highest award of
the Association of Metropolitan Water Agencies for dedication to security progress that
“is a very significant contribution to water systems throughout the country.”
Catrantzos has contributed to two industry guidelines, Facility Physical Security
Measures and Workplace Violence Prevention and Intervention, via the American
Society for Industrial Security (ASIS) International, and has contributed to ASIS Security
Business Practices Reference Volumes 2, 3, 5, and 6.
Nick Catrantzos has been a Certified Protection Professional, a licensed investiga-
tor, and a certified incident commander. He graduated magna cum laude with a bacca-
laureate in linguistics and summa cum laude with a master’s in security studies with an
emphasis in homeland security. He spent many years managing adverse consequences.
Now he concentrates on preventing them.
He may be reached via www.NoDarkCorners.com, which links to his blog, http://
all-secure.blogspot.com, where he discusses issues of moment.

xxi
 Pa rt I
Diagnostics
 Chapter 1
The Problem and Limits
of Accepted Wisdom

The greatest obstacle to discovering the shape of the earth, the continents and the ocean
was not ignorance, but the illusion of knowledge.
Daniel J. Boorstin

INTRODUCTION

A frontal attack can be countered through force or maneuver, but a hostile insider attack
may do its worst before activating a single defense. All a malicious insider needs to carry
out an attack are access to a worthy target, an open door, and a dark corner from which
to study and strike. Frontal attacks can be anticipated or met with traditional fortifica-
tions whose effectiveness is limited only by resources and imagination. However, attack-
ers operating from within can carry out attacks that are fatal to an organization without
requiring an opposing army or sophisticated weaponry. Given sufficient access and
license, trust betrayers can be devastating. This we know, because insider threats repeat-
edly surface as an abiding concern for defenders. Nevertheless, insider threats remain
statistically rare, making them more difficult to analyze, defend against, or anticipate.
What do we do about insider threats? Prevailing wisdom recommends doing more:
look harder, submit our fellows and ourselves to newer and more microscopic security
audits and restrictions, the better to detect our adversaries. How well do such defenses
work? At best, results are mixed. At worst, doing more of the same delivers results more
promissory than substantive, while alienating the average employee.
This book looks at the insider threat from a multidisciplinary perspective. It reviews
the literature on this subject and draws on Delphi research tapping seasoned profession-
als with broad career experiences. Ultimately, the book arrives at an alternative to pre-
vailing wisdom. That alternative proposes taking institutional defense out of the arcane
realm of specialists and distributing the role more widely at the work team level. The
proposed approach deputizes coworkers to take a hand in their own protection, as a
copilot must be ready to fly a plane if the pilot falters by mischief or misadventure. The
resulting team-level engagement leaves fewer places for hostile insiders to elude scrutiny,
hence fewer opportunities to prepare and carry out an insider attack.

3
4 Managing the Insider Threat

THE PROBLEM

The insider threat is an Achilles heel for any enterprise or institution targeted for destruction
by adversaries. Although risk and vulnerability assessments skyrocketed in the aftermath of
9/11, as reflected in the federal subsidies promoting them, the security focus centered largely
on vulnerability to attack of large populations.1 In this context, adversaries were character-
ized as traditional attackers working as outsiders who generally approach their targets head
on with brute force—precisely in the manner of the 9/11 hijackers.
In this context, the insider threat has generally attained secondary status. One possible
reason is that there is a dearth of statistically significant data on hostile insiders. As a review
of the current literature indicates, trust betrayal—whether in espionage or other fields—
remains statistically rare.2,3 Where analyzed further, the insider threat has been subordinated
to cyber security studies centering on hackers and disgruntled employees, ex-employees, or
consultants.4–6 Although such studies have supplied value and focused attention on the prob-
lem, they have offered few solutions other than to advise added scrutiny. Data compiled to
date suggest that the vast majority of insider cyber attacks have been either fraud-driven or
moderate in scope and impact. In other words, such attacks remain less than devastating to
the targeted employer—the modern, electronic equivalent of embezzlement or vandalism.7
Similarly, such studies preserve their narrow focus by intentionally excluding cases of espio-
nage, while at the same time avowing that the threat remains real and advising ordinary,
more-of-the-same solutions such as layered defense.8 Consequently, it is difficult for security
practitioners to derive new insights from cyber-centric insider threat investigations and their
attending platitudes. The net result is that today’s insider threat remains substantially as it
did yesterday: frequently studied retroactively yet seldom yielding practical tools, tactics, or
recommendations that would serve a defender in countering the threat.
The overall aim of this research was to identify countermeasures that defenders can
use to prevent terrorist attacks via trust betrayers and thereby reduce the vulnerability of
critical infrastructure and institutions. The journey to this destination involved applying
lessons of experts from other, more mature arenas of defense from insider threats, such as
workplace violence, line management, corporate security, and counterespionage. In the
course of following this path, the inquiry also sought to answer, “If current indicators
and countermeasures fall short, what should we do differently?”

TERMS OF REFERENCE

Throughout this book, the operational definition of insider threat is an individual and,
more broadly, the danger posed by an individual who possesses legitimate access and
occupies a position of trust in or with the infrastructure or institution being targeted.
Hostile or malicious insider and trust betrayer also refer to the individual who represents
an insider threat, although these two terms focus more attention on the individual than
on the phenomenon. Infiltrator refers to a subset of hostile insider who sees himself or
herself as an adversary before attaining insider status within the targeted infrastructure
or institution. The infiltrator joins a targeted employer or group under false pretenses as a
means of obtaining sufficient access to facilitate an attack. Institutions as used here refer
to public and private sector enterprises, employers, entities, and organizations.
This book’s focus is on the kind of hostile insider that poses an existential threat to the
institution. Accordingly, the foundational research described focuses less on unbounded
 The Problem and Limits of Accepted Wisdom 5

definitions of insider threat that include malingering or contentious employees or naysay-

ers who may pose a nuisance or cause difficulties for the organization yet stop short of
bringing it down to its knees.

HISTORICAL APPROACHES

The body of literature on the insider threat owes its existence to analysts of different
areas of focus, as examined and sampled in the sections that follow. Psychological and
sociological analyses of those who betray delve into motivations and enabling social con-
texts. Studies and historical documents related to espionage lean heavily on memoirs,
historical compilations, and showcasing of flaws and pitfalls. More recently, emerging
concerns over cyber security and susceptibility of critical networks to denial of service
attacks have come to the fore in government-sponsored studies on insider threats.
Increasingly, government works appear to subordinate the insider threat to cyber
security studies,9 centering on hackers and disgruntled employees, ex-employees, or con-
sultants who cause damage via computer networks. Although such studies have value,
some have also limited their focus by concentrating exclusively on the specialized area of
information technology.10,11 Indeed, in one report to the President, infrastructure experts
underscored this danger of focusing too intently on IT:

Essentially, the threat lies in the potential that a trusted employee may betray their obli-
gations and allegiances to their employer and conduct sabotage or espionage against
them. Insider betrayals cover a broad range of actions, from secretive acts of theft or
subtle forms of sabotage to more aggressive and overt forms of vengeance, sabotage,
and even workplace violence. The threat posed by insiders is one most owner–operators
neither understand nor appreciate, and it is a term that is commonly used to refer to IT
network use violations. This often leads to further confusion about the nature and seri-
ousness of the threat.12

Efforts to develop predictive models to detect and thwart malicious insiders have
ranged from a quantitatively based yet unproven formula13 to broad-based theoretical
models designed mainly to predict the triggers that lead an assassin or radical group to
take violent action.14,15 Others focus exclusively on detecting anomalous behavior in hind-
sight, on the assumption that trust betrayers are disgruntled and detectable by mistakes
rooted in character flaws—while standing mute about infiltrators disciplined enough to
avoid such mistakes.16 The literature contains much analysis on the psyches,17,18 social
climates,19 and cyber vulnerabilities20,21 associated with malicious insiders. Yet analy-
sis appears more limited when it treats pragmatic lessons and inferential guidance that
apply directly to practical countermeasures. However, research on threats from assassins
to saboteurs suggests that applicable findings may be adaptable from indirectly related
works and may offer more promise in charting a course to defending against the mali-
cious insider who is more dangerous than a computer hacker. 22–24

Types of Studies on Hostile Insiders

The literature elucidating the insider threat divides into three general categories: individual-
centered studies focusing largely on psychological motivations or social context, case study
6 Managing the Insider Threat

TABLE 1.1 Insider Threat Categories of Research and Comparative Attributes

Individual Motivations Descriptive
and Psychosocial Compilations, Government Cyber or
Context Biographies Regulatory Focus
Focus Insider as deviant Sensational headlines Technology-driven
Enabling social Fatal flaws of defenders controls
contexts Regulatory oversight
Countermeasures Counseling, early Inferential, i.e., reverse- Barriers to access,
intervention and engineered from with emphasis on
rehabilitation, finger-pointing at automation
workplace hygiene unseen vulnerabilities Process monitoring
factors Awareness programs Compliance audits and
quantitative models
Unaddressed Accounting for why Analytical examination Pragmatic and
Issues or Gaps most others matching of trends and patterns pervasive solutions
same profile do not to contribute to vs. narrow
become insider threats prediction or mitigation recommendations
that focus mainly
on imposing rules
and monitoring
compliance

compilations with cases that are anecdotal or biographical, and government-sponsored

studies focusing largely on cyber threats. Table 1.1 arrays these various approaches in
relation to one another.

Studies Focusing on Motivations

Those efforts that center around individual motivations and the psychological or socio-
logical context of individual cases of insiders tend to dwell on underlying causes such
as ideology, avarice, and social isolation, if not even appearing as apologists. 25 While
expanding their focus to look at the more modern phenomenon of insider threats that
apply to cyber attacks, others who view the insider through a behaviorist’s lens predict-
ably accord primary emphasis to stressors in the insider’s life.26 Even an analyst who has
looked at individual cases in this framework and made historical compilations of numer-
ous other cases of insider threats, notes that analysis of motivation and context alone
provides unsatisfying answers. 27 Similarly, other analysts lament the extent to which the
“trust literature is dominated by” sociological approaches that take issue with the lim-
ited value of studies that attempt to illuminate trust betrayal purely through focus at the
individual level. 28 Such studies fail to account for why the vast majority of people with
similar pedigrees and circumstances neither betray trust nor violate loyalties to become
malicious insiders.
One sociologist looks beyond traitors and saboteurs to consider prisoner informants,
scabs crossing union picket lines, Nazi collaborators, and whistleblowers as insiders
whose status as betrayers ultimately rests on whether there exists a support group to back
their actions, since “one cannot gain a hero or martyr image by oneself.”29
 The Problem and Limits of Accepted Wisdom 7

Studies Focusing on Compilations and Cases

Studies with more of a multidisciplinary approach show promise in shedding more light
in this area.30 Eoyang, 31 for example, notes that actions involving an insider’s betrayal of
trust are generally the result of calculation, not impulse. This note dovetails readily with
the observations of Allen and Polmar, 32 whose study of more than 70 cases of insider
betrayal left them characterizing the betrayers of the 1980s as motivated by “marketplace
espionage” and otherwise appearing “faceless, unglamorous people” who were “seem-
ingly ordinary.” Others invest entire careers at examining multiple cases over time, such
as American traitors studied for more than 20 years by the Defense Personnel Security
Research Center.33
Descriptive compilations and biographical narratives shift the focus to dramatic,
anecdotal elements of cases of insider betrayal. Media accounts number among these
kinds of stories, such as a case involving an airport elevator mechanic who was allegedly
abusing his access for 20 years to smuggle illegal aliens into Los Angeles.34 Similarly,
more sensational accounts of betrayal and capture, once ripped from newspaper head-
lines, lend themselves particularly well to timely compilation (as by Allen and Polmar),
whereas analysis and application to countermeasures may lag.35 A recurring theme in
compilations is the showcasing of failures in detection of foul play. The level and accu-
racy of detail varies in such works, and their didactic value is principally in highlighting
examples of breaches to defend against and security gaffes to avoid. Thus, a KGB mem-
oir looking at notorious American traitors such as the FBI’s Robert Hanssen and CIA’s
Aldrich Ames reflects this insight:

Intelligence officers might think they’re chiefly responsible for recruiting agents, but most
of the work really consists of finding people who want to be recruited. 36

Such memoirs occasionally reveal insights that only come after a long career in intel-
ligence or counterintelligence, hence Wright’s conclusion that there is only one way to
uncover the malicious insider. “Put him through an extremely thorough vet,” probing
through the insider’s entire life and career, “until his secret life begins to unravel.”37
Even a short career as a case officer can yield complementary insights. A variation
in the harvesting of lessons learned through memoirs comes from examining lessons
designed for those whose job it is to seek out and exploit insiders. By inferring or reverse
engineering guidance out of pitfalls, one case officer supplies this useful indicator: “Cover
stories are what typically get agents into trouble.”38 He goes on to explain how cover sto-
ries must be credible yet uncomplicated. This links the foregoing perspective of Wright,
a senior British MI5 executive at the end of his career, with Waters, a fledgling CIA case
officer reaching the same epiphany from a different vantage.
Sobering advice from practitioners takes many forms. It may not necessarily be
encouraging for those interested in countering or intercepting insiders, as another mem-
oir reveals:

The KGB usually only found out about moles within its ranks when a Western defector,
such as Edward Lee Howard, fled to our side with information about Soviet traitors. 39

A unique variation of this theme appears in Fishman’s look at insider self-dealing and
betrayal of nonprofit organizations, which leans heavily on compiling historical scandals.
However, Fishman sees the promise of technology to enhance oversight by using web
8 Managing the Insider Threat

postings of audit trail data where the information becomes transparent and subject to
scrutiny and action by “citizen–soldiers.”40

Studies Focusing on Cyber Insiders and More Controls

Cyber security specialists, whose focus dominates current government studies on insider
threats, observe that most insider cyber attacks to date have been either fraud-driven or
reversible in scope and impact, that is, less than devastating to the target.41,42 It is thus dif-
ficult to rely on lessons focusing exclusively on cyber-centric insider threat investigations,
if the objective is to defeat the kind of insider whose unimpeded attack could be fatal
to the institution or enterprise targeted. Finally, in the arena of government studies on
insider threats, there are signs of a growing appreciation of the significance of the hostile
insider as a potentially catastrophic vulnerability and some efforts to compare cyber and
espionage cases, while still acknowledging that most cyber attacks by insiders appear to
occur after termination of employment.43
What remains unstated but may yet contribute to the self-limiting nature of cyber-dom-
inated insider threat research is the subtle, permeating influence of such cyber world fix-
tures as COBIT44 (Control Objectives for Information and related Technology) standards
on how information technology professionals handle security and compliance-related tasks.
Consequently, it comes as little surprise that recommendations for addressing the insider
threat arising from this camp invariably speak of “controls,” emphasizing the use of auto-
mated monitoring tools and technology to track and restrict network access. They also lean
in the direction of generating more rules as conditions of use—the equivalent of lengthening
software license agreements that any computer user must acknowledge and accept before
launching a given software application. The difficulty with these trademarks of the cyber
security bias is not that they are valueless. It is that they are insufficient or counterproductive.
Adding the controls does produce an audit trail. This audit trail demonstrates due diligence.
The proper display of due diligence then helps defend against charges of negligence after
a breach occurs, thereby fending off fault-finding and finger-pointing campaigns. But just
because a suite of controls prevents casual intrusion or hacker attacks by outsiders does not
mean the same controls will stop a knowledgeable insider threat.

Losing Sight of Existential Threats by Aggregating Cases Too Liberally

Another pitfall in overemphasizing the cyber component in the growing body of govern-
ment-sponsored studies on hostile insiders is analogous to the problem that workplace
violence research suffers when its purview is extended to armed robbery. At present,
the National Institute for Occupational Safety and Health includes armed robberies in
compilation and reporting of workplace violence statistics.45 Thus, although practitioners
in this field are most interested in understanding and preventing rampage killings of the
kind associated with either disgruntled employees or spillover of domestic violence into
the place of business, their efforts are diluted by skewed data. The person who comes to
the office and kills a boss and several coworkers is quite different from the criminal who
shoots a convenience store clerk or taxi driver while conducting a holdup at gunpoint.
Yet, the distinctions are lost when the cases are aggregated too liberally. This kind of
liberal aggregation is precisely what distorts the picture of the insider threat when cyber
attacks by hackers and mischievous teenagers are combined with seriously destructive
 The Problem and Limits of Accepted Wisdom 9

sabotage meticulously planned and executed by a hostile insider whose aims and capacity
for destruction are much more focused and lethal.

Limits of Cyber-Centric Bias

Finally, the cyber-centric lens distorts as much as it magnifies. One international observer
studying in the context of defenses dating to the President’s Commission on Critical
Infrastructure Protection in 1996 and extending to post-9/11, uncovered a case of hyper-
reality as an outgrowth of overconcentration on the cyber threat.46 Specifically, Cavelty
noted that a senior critical infrastructure protection adviser expressed shock that the
September 11 carnage did not originate from cyberspace, as that was widely believed to
be the most likely source of the next attack. At present, predictions of imminent cata-
strophic cyber strikes continue to attract media attention as the next worst threat to
come,47 yet they are often based less on statistically valid analysis than on surveys of
cyber security practitioners at best providing “a rough measure of executive opinion.”48

IMPLICATIONS

Insider threat studies concentrating exclusively on hackers and cyber network attacks risk
skewing analysis and recommendations in the direction of adverse events that seldom
represent existential threats to the organization. Even though such cyber adversaries may
attain the equivalent of insider access and privileges once they have breached firewalls and
cyber access controls, they are seldom true insiders. By Ben-Yehuda’s49 construct, there is
no treason if there is no corresponding betrayal of trust and violation of loyalty. So hack-
ers and typical cyber attackers possess neither the trust nor loyalty that would qualify
them as insiders. Nor do they possess the corresponding level of esoteric insider knowl-
edge that would multiply the destructive power of their typical attack. Consequently,
remotely based cyber attackers who are not insiders carry out actions akin to intrusion by
stealth or outsider sabotage. What they may have in common with insiders is deception.
But they are not fatal insider threats. Miscategorizing them distorts efforts to arrive at
a common analytical core linking genuine insider threats to attack preconditions, their
telltale signatures, targeting process, and susceptibility to detection and deception.
Similarly, overconcentration on the sensational aspects of insider threat cases or on
the psychological motivations and societal contexts of the act of betrayal are equally self-
limiting. Their emphasis on the root causes of betrayal or on the idiosyncratic experience
of a given malefactor soon becomes the primary focus, leaving security practitioners to
fend for themselves in trying to infer useful security countermeasures on their own.
The professional literature that covers this theme indicates that the insider threat is
dangerous and often examined, only to be followed by calls for more study. The steady
appearance of more studies and convening of groups such as Noonan and Archuleta’s for
their report to the President supports the argument that the insider threat to critical infra-
structure continues to present a problem of national concern that is by no means solved
or adequately addressed. Under the circumstances, what is absent in finding better ways
to counter hostile insiders is a level of insight that goes beyond the limited fields of view
that the three camps represent. What is needed is a level of insight that amplifies experi-
ence, which Leonard and Swap50 have defined as “deep smarts,” the lens through which
we now look to a Delphi research effort for an alternative view.
10 Managing the Insider Threat

QUESTIONS FOR ONLINE OR CLASSROOM DISCUSSION

1. If insider threats are indeed rare, and most people are not trust betrayers, how
does this affect the ability to carry out research into hostile insiders? How do you
account for the claim that hostile insider action is comparatively rare?
2. Why do you suppose that, as Band et al. assert, the majority of cyber insider
attacks appear to be tracing to former insiders, that is, to employees or contrac-
tors who are no longer working at the targeted institution?
3. Identify three or more factors that affect the extent to which an act of trust
betrayal may be more readily deterred or condoned based on ambient working
conditions. What can a defender do about these conditions?
4. Taking into account the checkered trajectory of some IT ventures, ranging from
Apple’s failed Lisa handheld computer to Microsoft’s problems with the Vista oper-
ating system and the much feared Y2K debacle that never quite unfolded at the turn
of the last century, does the cyber community face unique challenges in credibility
when casting the spotlight on the cyber-centric view of insider threats? Discuss.

EXERCISES FOR GROUP PROJECTS

1. Review popular literature from the 1980s and explain what made 1985 the Year
of the Spy. Now, retrieve a copy of Herbig’s study of treason over time and draw
out the similarities and differences between then and now in the individuals who
are willing to commit treason against the United States. What, if anything, has
changed? Does this affect the capability to defend against today’s traitor? If so,
how? If not, why not? Does the motivation to commit espionage have any impact
on the ability of counterespionage officers to detect traitors?
2. Contrasting the 1980s with the present day, once more, how have advances in
technology or changes in cultural norms affected the ease or difficulty of detect-
ing a trust betrayer and intervening before this individual has an opportunity to
carry out an attack?
3. Identify a case of trust betrayal in your work environment, profession, or indus-
try that led to significant changes in how one does business. Analyze this case
individually and then as a group. To what extent were the changes beneficial?
Did they meet their objective, or were they put in place as the result of over-
reaction? Were there any unintended consequences? Over time, is the affected
institution better off for having instituted the changes? What alternatives might
you propose as a team?

ENDNOTES

1. T. Masse, S. O’Neil, and J. Rollins, The Department of Homeland Security’s Risk

Assessment Methodology: Evolution, Issues, and Options for Congress, CRS Report
for Congress RL 33858. Washington, DC: Congressional Research Service, 2007,
pp. 5–9. Retrieved August 16, 2008 from https://www.hsdl.org/homesec/docs/crs/
nps32-02070709.pdf&code=6a9f9433e059472a02fc2d35079cfc84.
2. See E. D. Shaw and L. F. Fischer, Ten Tales of Betrayal: The Threat to Corporate
Infrastructures by Information Technology Insiders, Monterey, CA: Defense Personnel
 The Problem and Limits of Accepted Wisdom 11

Security Research Center, 2005, p. 34. Retrieved May 24, 2010 from https://hsdl.org/?​
view&doc=86525&coll=public. Shaw and Fischer, looking at espionage as a sub-
set of trust betrayal, argued that such trust betrayal appeared relatively rare, while
betrayals by cyber insiders might be poised to be more frequent, hence more amena-
ble to profiling and categorizing by subtype.
3. J. P. Parker and M. F. Wiskoff, Temperament Constructs Related to Betrayal of Trust,
Monterey, CA: Defense Personnel Security Research Center, 1991, p. 4.
4. R. C. Brackney and R. H. Anderson, Understanding the Insider Threat, Santa Monica,
CA: RAND Corporation, 2004. Retrieved August 14, 2008 from http://www.rand​
.org/pubs/conf_proceedings/CF196/index.html.
5. D. M. Cappelli, A. M. Moore, R. Trzeciak, and T. J. Shimeall, Common Sense Guide
to Prevention and Detection of Insider Threats, 3rd ed.—Version 3.1. Pittsburgh, PA:
Software Engineering Institute, Carnegie Mellon University, 2009.
6. E. C. Leach, “Mitigating Insider Sabotage and Espionage: A Review of the United
States Air Force’s Current Posture.” Master’s thesis, Air Force Institute of Technology,
Wright-Patterson Air Force Base, Ohio, 2009.
7. E. Kowalski, D. Cappelli, and A. Moore, Insider Threat Study: Illicit Cyber Activity in
the Information Technology and Telecommunications Sector. Pittsburgh, PA: U.S. Secret
Service and Carnegie Mellon Software Engineering Institute, January 2008, pp. 24–26.
8. Capelli, Moore, Trzeciak, and Shimeall, pp. 6–8.
9. Brackney and Anderson, p. 32.
10. Kowalski, Cappelli, and Moore, 2008.
11. “DoD Insider Threat Mitigation: Final Report of the Insider Threat Integrated
Process Team,” Department of Defense, April 24, 2000. Retrieved August 18, 2008
from https://acc.dau.mil/CommunityBrowser​.aspx?id=37478.
12. T. Noonan and E. Archuleta, The Insider Threat to Critical Infrastructures. The
National Infrastructure Advisory Council, April 6, 2008, p. 32.
13. A. J. Puleo, “Mitigating Insider Threat Using Human Behavior Influence Models.”
Master’s thesis, Air Force Institute of Technology, Wright-Patterson AFB, Ohio, 2006.
14. R. B. Fein and B. Vossekuil, Protective Intelligence and Threat Assessment
Investigations. Washington, DC: National Institute of Justice, 1998.
15. D. T. Olson, “The Path to Terrorist Violence: A Threat Assessment Model for Radical
Groups at Risk of Escalation to Acts of Terrorism,” Master’s thesis, Naval Postgraduate
School, Monterey, CA, 2005. Retrieved September 5, 2008 from https://www.hsdl.org/
homesec/docs/theses/05Sep_Olson.pdf&code=​08ed3b0e4d34e346e2dc3540cdc0e1f8.
16. Leach, p. 8.
17. J. Kaupla, “Are you hiring future champions or future saboteurs?” ERE.net (recruit-
ers’ network), May 25, 2008. Retrieved August 24, 2008 from http://www.ere​
.net/2008/03/25/are-you-hiring-future-cham​pions-or-future-saboteurs/.
18. Shaw and Fischer, 2005.
19. N. Ben-Yehuda, Betrayals and Treason: Violations of Trust and Loyalty, Cambridge,
MA: Westview, 2001.
20. Noonan and Archuleta.
21. Kowalski, Cappelli, and Moore.
22. Fein and Vossekuil.
23. Olson.
24. “Physical Vulnerability of Electric System to Natural Disasters and Sabotage,” U.S.
Congress Office of Technology Assessment, report OTA-E-453, Washington, DC:
U.S. Government Printing Office, June 1990.
12 Managing the Insider Threat

25. For example, J. Bulloch, in Akin to Treason (London: Arthur Barker, 1966; p. 151),
dwells on the psychology of personal motivation to the point of characterizing trai-
tors as sad individuals. M. Boveri, on the other hand, in Treason in the Twentieth
Century (J. Steinberg, Trans., 1961) London: MacDonald, 1956, p. 13, focusing on
social context, takes the view that treason is a necessary precursor to radical change
in all organized societies.
26. Shaw and Fischer epitomize this approach in their analysis of insider cyber threats,
with the result that they accord primacy to personal stress as a dispositive factor, on
pp. 15–20, possibly reflecting Shaw’s bias as a clinical psychologist.
27. Ben-Yehuda, p. 110.
28. Parker and Wiskoff, p. iii.
29. M. Akerstrom, Betrayal and Betrayers: The Sociology of Treachery, New Brunswick,
NJ: Transaction Publishers, 1990, p. 50.
30. See Sarbin, Carney, and Eoyang who, like Ben-Yehuda, also focus attention on
betrayal of trust and associated indicators that are relevant to arriving at a deeper
understanding of malicious insiders.
31. Eoyang, C., “Models of Espionage,” in Citizen Espionage: Studies in Trust and
Betrayal, ed. Sarbin, T., R. Carney, and C. Eoyang (Westport, CT: Praeger, 1994),
69–91.
32. Allen, T. B., and N. Polmar, Merchants of Treason: America’s Secrets for Sale, New
York: Delacorte Press, 1988, pp. 3, 47.
33. K. L. Herbig, a historian who spent two decades studying traitors at the Defense
Personnel Security Research Center, has written extensively on her findings, includ-
ing in Changes in Espionage by Americans: 1947–2007, Technical Report 08-05,
Monterey, CA: Defense Personnel Security Research Center, March 2008, p. v.
34. D. Weikel, “LAX tightens security measures after alleged smuggling,” Los Angeles
Times, September 5, 2008. Retrieved September 5, 2008 from http://mobile.latimes​
.com/detail.jsp?key=179165&full=1.
35. In the case of Allen and Polmar’s book, for example, the cases mentioned answered
the demand of a market created by Time Magazine’s label of 1985 as the Year of
the Spy, which fueled other commercial successes in this genre. One of these was
Washington Post reporter Pete Earley’s Family of Spies, which told the story of John
Walker’s compromise of classified codes to the Soviets while Walker served in the U.S
Navy and of Walker’s subsequent recruitment of family and friends to continue pro-
viding a stream of classified material for Walker to sell long after Walker had retired
from military service.
36. V. Cherkasin, Spy Handler: The True Story of the Man who Recruited Robert Hanssen
and Aldrich Ames, New York: Basic Books, 2005, p. 27.
37. P. Wright, Spycatcher: The Candid Autobiography of a Senior Intelligence Officer,
New York: Viking, 1987, p. 301.
38. T. J. Waters, Class 11: Inside the CIA’s First Post-9/11 Spy Class, New York: Dutton,
2006, 81.
39. O. Kalugin and F. Montaigne, The First Directorate: My 32 Years in Intelligence
and Espionage against the West, New York: St. Martin’s Press, 1994, p. 202. Oleg
Kalugin, former KGB general officer, was an impromptu stand-in for a scheduled FBI
speaker at a 2000 security conference in Washington, DC. The FBI speaker was stuck
in traffic while the former KGB general extemporized in fluent English on issues of
the day. His wit and polish gave Kalugin the air of a Soviet version of William F.
Buckley.
 The Problem and Limits of Accepted Wisdom 13

40. J. J. Fishman, The Faithless Fiduciary and the Elusive Quest for Nonprofit
Accountability, Durham, NC: Carolina Academic Press, 2007, pp. 310–311.
41. Kowalski, Cappelli, and Moore, 2008.
42. DoD, 2000.
43. S. Band, D. Cappelli, L. Fischer, A. Moore, E. Shaw, and R. Trzeciak, Comparing
Insider IT Sabotage and Espionage: A Model-Based Analysis, Carnegie Mellon
University Software Engineering Institute, Pennsylvania: Carnegie Mellon University,
pp. 40, 52. Retrieved March 20, 2010 from www.cert.org/archive/pdf/06tr026.pdf.
44. COBIT is an IT governance framework for addressing the combined requirements of
controls, technology, and business risk. The IT Governance Institute first published
COBIT in April 1996. Today COBIT emphasizes regulatory compliance in relation
to IT governance. COBIT has become the standard for IT audits, particularly in
rating compliance to the Sarbanes-Oxley Act of 2002. For more information, refer
to http://www.isaca.org/Content/NavigationMenu/Members_and_Leaders/COBIT6/
Obtain_COBIT/CobiT4.1_Brochure.pdf.
45. This is why handling cash, dealing with the public, and delivering people or goods
rate as high risk factors according to NIOSH. See http://www.cdc.gov/niosh/violrisk​
.html for more details. Within this framework, a taxi driver who also works at a con-
venience store would rank among the most susceptible to workplace violence when,
in reality, he would be most likely to encounter armed robbers and suffer injury in
the interaction.
46. M. D. Cavelty, “Like a Phoenix from the Ashes,” in Securing the Homeland: Critical
Infrastructure, Risk and Insecurity, ed. M. D. Cavelty and K. S. Kristensen, London:
Routledge, 2008.
47. See, for example, J. Stein, “The threat is real—Why aren’t we worried? Book review:
Cyber War by Richard Clark and Robert Knake,” Washington Post, May 23, 2010.
Retrieved May 23, 2010 from http://www​.washingtonpost.com/wp-dyn/content/
article/2010/05/21/AR2010052101860.html.
48. S. Baker, S. Waterman, and G. Ivanov, In the Crossfire: Critical Infrastructure in the
Age of Cyber War, Santa Clara, CA: McAfee, Inc., 2010. Retrieved May 12, 2010
from http://resources.mcafee.com/content/NACIPReport.
49. Ben-Yehuda, pp. 307–308.
50. D. Leonard and W. Swap, “Deep Smarts,” Harvard Business Review, September
2004. Retrieved July 29, 2008 from http://harvardbusinessonline.hbsp.harvard.edu/
hbsp/hbr/articles/article.jsp?ml_action=getarticle​&articleID=R0409F&pageNumber=
1&ml_subscriber=true&uid=24509483&aid=R0409F&rid=24600531&eom=1.
 Chapter 2
New Research and
Contrarian Findings

It is not logic that we need … It is insight, the faculty of grasping at once the essential
out of the irrelevant.
Will Durant

DELPHI RESEARCH ON INSIDER THREAT

The author’s hostile insider studies began as a social sciences research effort carried out
under the rigors and oversight of the Naval Postgraduate School, Monterey, California.
The data gathering took place between January and April 2009, with subsequent analy-
sis and academic review culminating in the author’s published thesis on this subject in
September. The research inquiry asked seasoned defenders, investigators, and line man-
agers to answer questions and distill judgments through the iterative Delphi research
process.1 This project consisted of recruiting a dozen experts from different organizations
and disciplines and then asking them three series of questions over time. Respondents
operated independently, with guarantees of confidentiality, and without any knowledge
of or interaction with each other. After the first round of questions, Delphi respondents
saw a compilation of all their answers and then addressed a second round of questions
that were suggested by the first. Similarly, for the third and final Delphi round, respon-
dents received compilations of their aggregate responses to the second round of questions
in addition to a final series of questions informed by preceding rounds. This approach
also followed the counsel of analysts who advised, “We need multidisciplinary research
teams (not just geeks) investigating what we should look for as indicators of possibly
malevolent behavior.”2
The group of experts in this study consisted of a dozen professionals representing
different disciplines, with many having overlapping experience in fields such as

• Counterespionage
• Systems integration
• Operations management
• Fraud and threat investigations
• Critical infrastructure protection
• Prevention of workplace violence
• Local law enforcement investigations

15
16 Managing the Insider Threat

• Human resources intelligence collection

• Workplace violence defense and response
• Defense against systemic institutional fraud
• Corporate response to handling reputational risk
• Federal law enforcement undercover assignments
• Crisis management and crisis information handling
• Management of public agency ombudsman functions
• Military service in combat and noncombat environments
• Behavioral analysis and post-traumatic-stress interventions

Each respondent was selected, in part, for availability and, in part, for possessing

• At least 20 years of professional experience

• First-hand exposure to managing or investigating insider threats
• Current and foundational professional experience outside of each other’s organiza-
tion and unconnected to the researcher’s purview, employment, or sphere of influence

Each Delphi round involved transmitting questions by e-mail, and receiving responses
via e-mail, with at least 2 weeks between rounds. All respondents agreed to participate
in the study under strict confidentiality protections, and each signed an informed con-
sent document as part of a rigorous internal review board’s oversight consistent with all
contemporary social sciences research efforts. Of the dozen experts who agreed to par-
ticipate in three rounds of Delphi surveys, 100% saw the process through from start to
finish, from January to April 2009.3

THE DELPHI METHODOLOGY FOR INSIDER THREAT STUDY

Note: In various professional symposia and interchanges, the author has repeat-
edly addressed questions about the application of Delphi method of social sciences
research to the insider threat problem. Here follow answers to the most frequently
raised questions.

WHY ONLY 12 RESPONDENTS INSTEAD OF, SAY, 2000?

The Delphi process is iterative yet anonymous, requiring a significant commitment
on the part of respondents, including responses that took the form of explanatory
narratives that were far more demanding than surveys. In order to obtain meaning-
ful insights rather than just confirming the author’s opinions as a more superficial
inquiry could easily do, this Delphi study sought out practitioners who each have
more than 20 years of experience of being in responsible charge in their respective
fields and were willing to voluntarily participate in what would otherwise constitute
billable hours. This undertaking required the fullest stretch of the author’s network
and demands of professional courtesy. Despite 31 years of industry experience and
an address book with some 2024 entries, the author rated himself fortunate to
be able to assemble a dozen professionals who contributed their career thoughts
throughout the Delphi process.
 New Research and Contrarian Findings 17

WHAT ABOUT THE POTENTIAL EFFECTS OF GROUPTHINK

OR ONE EXPERT INFLUENCING ANOTHER?
The Delphi method isolates respondents from each other, rather than gathering
them together in a focus group. This technique not only defends against group-
think but gives equal deference to the laconic and introverted whose voices might
otherwise go unheard in the presence of more vocal and extroverted participants
gathered together in the same room.

WOULD IT NOT BE BETTER TO SEEK OUT MORE RESPONDENTS?

To increase respondent numbers, the research would have risked a corresponding low-
ering of the bar in experience and insight of Delphi experts. Neophytes are in greater
supply, as are graduate students who would be more receptive to providing iterative
responses. However, such a response pool would necessarily rob the process of the
kind of wisdom and “deep smarts” that come only through broad, practical experi-
ence over time.4 In Delphi research, the smallest number of respondents should not be
less than 10; hence, this study settling on 12—in case of any losses from one round of
questions to the next. In practice, informed analysts have gone on record to state that
“the sample size varies … from 4 to 171 ‘experts.’ One quickly concludes that there
is no ‘typical’ Delphi; rather that the method is modified to suit the circumstances
and research question.”5 Other analysts, applying the Delphi method to policy issues,
found useful sample sizes varying from 10 to 50 experts.6
Finally, since 12 jurors suffice to deny one of liberty or exonerate one of capital
crimes, the Delphi dozen appeared to comprise a sufficiently diverse group to offer
meaningful yet independent wisdom in this research effort.

DID THIS RESEARCH MEET ANY RIGORS OF ACADEMIC OVERSIGHT?

The Delphi research effort itself extended from January through April 2009 and
consisted of three iterative rounds of questions and feedback. Recruitment of
experts and gathering of their signed, informed consent forms, in satisfaction of the
requirements of the institutional review board of the Naval Postgraduate School,
took place between November 2008 and January 2009. Two PhD faculty advisers
supplied functional guidance and critiques of the research process and scrutinized
the gathering and presentation of its yield.

Initial Research Findings Confirming Accepted Wisdom

At the outset, Delphi experts suggested that traditional countermeasures, such as ran-
dom audits, would offer high value in defending against a devastating attack. The Delphi
experts independently converged on the accepted wisdom reflected in the foregoing litera-
ture review and represented in Table 2.1.
The worst insider threat initially seemed likely to be a disgruntled employee with
(1) the capacity to plan a devastating attack and (2) the arcane knowledge to make the
most of the opportunity.7 Upon further exploration, this assertion did not survive scru-
tiny. Indicators of the disgruntled trust betrayer included unexplained anger and other
18 Managing the Insider Threat

TABLE 2.1 Insider Countermeasures and Indicators First Suggested by Delphi Panel
Observable Indicators Countermeasures
• Undue secrecy • Random audits
• Decline in performance • Frequent duty rotations
• Arrogance, displays of ego • Background investigations and vetting
• Own disclosures or revelations • Investigating reports of suspicious acts
• “Beat the system” talk, behavior • Technological monitoring of employees
• Unexplained anger, behavior changes
Note: These indicators and countermeasures have no special order or correlation to each other.

suspicious behaviors, such as undue secrecy and self-aggrandizement, potentially serving

as red flags. Similarly, countermeasures such as random audits, monitoring of employees,
and vetting investigations appeared likely to offer value as ways to thwart this kind of
insider. By the end of the Delphi process, however, the same experts identified flaws in their
own initial thinking. Their later judgments flew in the face of the accepted wisdom and
ran counter to their own initial impressions of what constituted effective countermeasures.

ALTERNATIVE ANALYSIS TAKES SHAPE

Three shifts in perspective and conclusions of the Delphi experts moved them away from
the accepted wisdom. The sea change came as a result of research questions that required
the respondents to think like an attacker rather than a defender. This change made the
respondents realize they could penetrate institutional defenses with relative ease. Out of
this realization, Delphi experts determined that they could more usefully recruit, train,
and direct an infiltrator rather than a disgruntled career employee. Finally, the Delphi
experts arrived at recommended countermeasures involving a final change of perspective:
reliance on work team members rather than exclusive reliance on corporate sentinels, that
is, the institution’s security, audit, and other specialists charged with watching for telltale
signs of foul play.

Why Infiltrator vs. Disgruntled Careerist?

For the Delphi respondents, one seminal, game-changing realization was that an infiltra-
tor poses the greater threat if the goal is to inflict damage fatal to the institution. What
supported this conclusion was Delphi respondent convergence on the view that existing
defenses do little to foil the prepared infiltrator.
Delphi expert observations, here, dovetailed with some findings in the published lit-
erature. Specifically, traditional insider defenses appeared to be readily advised and just
as readily circumvented. In fact, analysts making career studies of traitors, now extend-
ing their reach to cyber insider threats, continue to recommend measures that have yet to
eliminate treason. Their recommendations include more awareness training for the work-
force, encouragement to snoop on and report “concerning” behavior of fellow employees,
and even assigning individual risk values to these employees.8 Some observers, basing
their analysis on insular surveys of fellow specialists, also add their technology-intensive
solution—automated invasive monitoring by multiplying sniffer programs and computer-
ized audit trails to more closely follow every possible false step of every potential insider.9
 New Research and Contrarian Findings 19

With a mind-set recalling cyber aficionado shock at the low-technology nature of the
9/11 attacks,10 such observers see employees constituting the weakest link, thereby miss-
ing their potential as the first and possibly only line of defense.11 In the process of dispens-
ing this standard advice to address vulnerabilities and downright failures by intensifying
countermeasures that have already proven ineffective, these advisers alienate not only
employees of the institution but their security staff as well. One cyber security analyst,
however, swam against this tide. Examining the flawed assumptions and computing the
adverse results of imposing too many security controls, Microsoft researcher Herley
raised eyebrows at a new security paradigms workshop in Oxford by demonstrating that
users often have sound, rational reasons for rejecting overbearing security prescriptions.12
Epiphanies surfaced when the Delphi experts independently admitted that the very
countermeasures they had earlier recommended would present little impediment if they
were the ones plotting the insider attack. The resulting Delphi consensus was that

• Infiltrators are the better choice for a terrorist seeking an insider for a devastat-
ing attack.
• Standard defenses in all but specialized environments (such as nuclear security)
pose few insurmountable obstacles to an infiltrator.
• Underexploited resources available within the average organization can be opti-
mized to provide better protection against insider threats than sole reliance on
security and other corporate sentinels.

Research findings suggested that the terrorist attacking as an insider would be

more likely to be an infiltrator than a disgruntled careerist already in place.13 A career
employee with long-term access and detailed knowledge of inner workings will necessar-
ily know more about how to dismantle critical assets than an infiltrator new to the orga-
nization. The same careerist, given time and planning, is in the best position to develop
and carry out a devastating attack that circumvents defenses. However, the disgruntled
insider is potentially unstable and difficult to control. According to the Delphi experts,
this employee is not a joiner and is likely to be too egoistic to accept direction. Volatility
makes this person an operational risk likely to compromise an attack out of disagreement
with the particulars or out of spite at not being consulted on every move.14
Additionally, targeting information for attackers remains highly accessible in the age
of the Internet, particularly if the institution targeted historically operated openly with-
out the defenses available outside the national security arena. The institution’s critical
assets may also be immobile. Thus, in contrast to advanced weapons classified for rea-
sons of national security, critical infrastructure and other institutions cannot be relocated
or concealed once locations and operating details have been compromised. In this con-
text, the targeting information necessary for mounting an attack need not be so esoteric
as to be available exclusively to a career insider with very detailed knowledge.
Instead, as the Delphi experts reasoned, an infiltrator who gets through the door,
even at a relatively low level for a limited time, should be able to accumulate enough
details to enable an attack without having to spend years masquerading as an innocuous
employee. Additionally, as more than one Delphi expert noted, many infrastructures and
institutions are desperate for talent and have aging workforces with little effective succes-
sion planning. Thus, as one expert noted, average employers are prone to welcome any
skilled workers without criminal convictions who show an interest in accepting entry-
level positions. The same employers make frequent use of contractors, who soon gain
unfettered access to their systems. This situation gives an infiltrator two paths of entry:
20 Managing the Insider Threat

as a direct employee or as a contractor. Infiltrators may even try the two approaches
concurrently without fear of one rejection contributing to another. In this context, if the
remaining defenses (as delineated below) are also flawed, the chances for a successful
attack begin to tilt more in favor of an infiltrator than a disgruntled insider. Infiltrators
may not have quite so much access, but they can definitely be better controlled, focused,
and more disciplined about concealing telltale indicators of an impending attack to avoid
compromising that attack.

Infiltrator’s Challenges vs. Defender’s Capacity

The weaknesses of traditional defenses against this insider threat appear more evident if
depicted in the context of the mutual challenges of infiltrator and defender, as Figure 2.1
illustrates.15

Adversary view

Attacking group’s tasks Infiltrator’s tasks

1. Select target. A. Pass background screening,

including hiring interview and
background investigation.

2. Prepare infiltrator(s). B. Gather information on where and

how to attack for maximum effect.
a. Select candidate with unblemished record and ID
to pass background investigation.
b. Select or equip candidate with skills attractive to
target employer (over- vs. underqualified).

3. Enter targeted institution and probe. C. Exploit vulnerabilities.

------------------------------ Standard screening ------------------------------

Targeted institution

Probation Team/general employee Attention of corporate

involvement sentinels, only if . . .
• Token effort • Minimal or • Time or attendance problems
• Variable or no nonexistent • Reported misconduct
supervision • Complaints
• Pass by default • Reported criminal activity

Involvement
Unimpeded
only by
access
exception

FIGURE 2.1 Traditional situation for infiltrator and target.

 New Research and Contrarian Findings 21

Figure 2.1 depicts the situation in which infiltrator and targeted employer find them-
selves when these countermeasures and their limitations impinge upon each other in the
traditional scheme of penetration and defense. In this conceptualization, the adversary’s
job is to select a target, prepare an infiltrator, and gain entry into the target to the point
of being able to probe and maneuver with unimpeded access. It falls to the infiltrator to
pass the background check and then enter and pass a probationary period. The proba-
tion period itself affords sufficient freedom of maneuver to gather information unim-
peded by close scrutiny or interference. The infiltrator eluding detection or interference
is free to operate in the dark corners of insufficient oversight and supervision, as long as
his behavior and work performance do not deviate so much from the norm as to invite
attention.

Infiltrator Step 1: Get through Screening

The standard screening, or pre-employment, background investigation presents a low

hurdle to the prepared. As long as the infiltrator does not have a record of criminal con-
victions or obvious disqualifications (e.g., inability to lift 25 lb in a job whose essential
functions require some manual labor), he or she has little to fear from the third-party
consumer reporting agency performing the background check.
The more invasive background and update investigations required for national secu-
rity employment are not available for most employers, including entities operating the
nation’s critical infrastructure. Nor is it feasible to demand the same level of scrutiny for
a maintenance mechanic as for an intelligence analyst. Besides, the telltale component
of such investigations—the probe for financial irresponsibility—is only useful in cases
where trust betrayal is primarily driven by money, exemplified in the so-called “market-
place espionage” most frequently observed in counterintelligence cases of the 1980s.16
However, as Herbig17 discovered in her study of trust betrayal in such cases over time,
the trend in the past 10 years has changed: the most common driver for today’s traitors
is divided loyalties, that is, ideological rather than monetary motivation. Consequently,
yesterday’s focus on finances as an indicator of possible trust betrayal offers limited value
in detecting today’s traitors who will be living well within their means. Such trust betray-
ers will also be showing no signs of the kind of debt indicative of financial hardship that
would make them targets for bribery or ostensible candidates for selling out their employ-
ers to relieve financial distress.
Similarly, an infiltrator sent into an organization to attack it will be unlikely to draw
attention by amassing bad debts that set off financial responsibility alarms, assuming a
credit report is even requested or studied as part of the background investigation. Nor
will this individual invite negative scrutiny through drunk driving or criminal convic-
tions that the average background investigation detects through a standard check of supe-
rior court records in counties of residence and of employment.18 Insulating the infiltrator
even more from what such background investigations uncover is that the infiltrator is
already under the control and sponsorship of a primary, albeit undisclosed, employer: the
attacker. Thus, the infiltrator is seeking employment not so much for monetary or profes-
sional reward as for access to an assigned target. Meanwhile, the attacker coaches the
infiltrator to avoid actions that would raise eyebrows. The larger and more sophisticated
the attacker’s organization, the more candidates are available to choose from in qualify-
ing an infiltrator, and the more likely that the ultimate selectee will arrive on the job with
an unblemished record.
Exploring the Variety of Random
Documents with Different Content
believe they are better fitted than any others to settle the Indian
question. Their destructive work is nearly over: it has fitted them for
the constructive work to be done. As officers they have peculiar
advantages over civilians of the same capacity and worth, far less
temptation and far stronger standing ground for the control of
Indians. One-half of the sixty agencies might well be put at once
under selected officers; not that it is strict military duty, but it is not
an “old woman’s work,” as one of high rank said of Capt. Pratt’s
effort. The latter is doing, indirectly, more than any two regiments
for the pacification of the Indians—the army’s special business.
Railroads are doing the work of pioneers and of soldiers, peace is
not far off. There will soon be need of the army only as a national
police, and half of the 15,000 troops at the West may be dispensed
with. What better service can a few of its accomplished officers
undertake than building up a civilization at its weakest point?
The Indian can be rescued from a sad fate only by personal
devotion; that has, under God, created the great results of
missionary work throughout the world in recent years. The labors of
the Riggses, Williamsons and of Bishop Whipple and others during
the past half century, in the western wilderness, has been a seed-
sowing of which the results are now appearing. The men they have
touched and taught are those who are now breaking from the old
superstitions and asking for light, while official dealings have
scarcely a moral result to show for armies of agents and vast
annuities. Only the light of Christian truth and example steadily
shining can lift men up. Mission work among the Cherokees and
others, and for the Sioux at Sisseton and Fort Sully and Santee
agencies in Dakota, where wild Indians are settled on so peaceful
prosperous homes that “a stranger traveling through the country
would not believe that he was on an Indian Reservation,” attest the
complete success of the Congregational, Episcopalian, and
Presbyterian societies. Peoria Bottom, which I visited in 1881, is a
charming village of twenty Christian families, on thrifty homes, the
result of the efforts of the Rev. Thos. L. Riggs. “In proportion to the
aid and means employed no missions since the apostolic age have
been more successful than those to the American Aborigines,”
declares one of these bodies. There have been, however, weak and
disappointing missions.
Such work cannot be inspired from Washington, though it may
supply many of the conditions of it. A purified civil service would do
more for the Indian than for any class in the country. Good agents
would create a morale, like a favoring tide, for the Christian teacher.
The “gist” of the Indian question I believe to be honesty and
capacity in dealing with them. Given these and the rest will work
itself out.
 THE CHINESE.
Rev. W. C. Pond, Superintendent.

HUMBLINGS.
BY REV. W. C. POND.

I had finished the preparation of the last annual report of our

Mission. I had read it at the annual meeting. It was ready for the
printer, and had even been placed in his hands. It was a report
instinct throughout with good cheer. It could not be otherwise. It
recorded the work of a prosperous year. No previous year of our
whole history had approached this one, as to the numbers gathered
into our schools and brought within reach of the invitations of the
Gospel. Perhaps I was in danger of being “exalted above measure.”
And, so, humblings were prepared for me.
It may be the dictate of expediency, but certainly it is not that of
frankness and honesty, to speak to our benefactors only smooth
things. There are shades as well as lights in missionary work. The
tide is not always rising. The sun is not always at noon. And if
possible, those who sustain the work ought to be made able to see
the shadows and to understand the disappointments; ought to be
admitted to acquaintanceship with even the mistakes which we, the
workers, make. Daylight throughout our operations is essential.
Without this, there are bred “bureau distempers,” petty falsities, self-
seekings and the whole brood of faults into which even renewed
natures get sometimes betrayed. One of the chief beauties and
glories of the statements presented this year, both at Portland and at
Cleveland, was their manifest frankness—the pains evidently taken
to set before the people all the facts so far as the opportunity
allowed.
But I am making a long preface. “What humblings have been
prepared for you?” my readers are asking. One of our Chinese
brethren, converted as we believed, and baptised some years ago—a
young man in some respects specially capable and specially
pleasing, who knows the way of life well, and can explain it clearly to
his less instructed countrymen, is found to have been gambling on
(for them) a large scale, and, at first, with rare success. Rumor has
it that not less than $3,000 had flowed from the depleted purses of
his countrymen into his own; but that blind to the fact that the tide
might turn, he had continued his sin until it left him stranded and
wrecked. Inquiry shows this rumor to be founded on facts. We are
made to blush at the congratulations the heathen Chinese have been
proffering over the good-luck of the gambling Christian. We get the
heart-ache as we see how sin breeds sin, how falsehood and
profanity follow in the train of these dishonest gains. The heart-ache
deepens as we see some others of our brethren swept away by
sympathy or friendship, or possibly by some less amiable
consideration into partial complicity with his wrong. It transpires that
with several others as with this brother, there has been a
forgetfulness of the assembling of themselves together, a self-
assertion and self-trust, a disposition to debate but not to pray, a
cooling of brotherly love and Christian zeal, all of which fore-
shadowed like dishonors to be heaped upon the name of Christ,
unless a breath of God’s dear spirit should soon inspire in them a
freshened life.
Thank God, these humblings have not come alone. If the great body
of our Chinese Christians had been insensible to them, if there had
been no movement, or if only a ripple on the surface of an otherwise
stagnant sentiment, I should have been discouraged indeed. But
there was an immediate movement, a deep sense of shame, an
almost too speedy discipline. And now, taking counsel together, we
have undertaken, with the help of God, to withstand more faithfully
those beginnings of evil; to make the first symptoms of coldness and
inattention and wandering the signal for more earnest prayer and for
kindly and cautious, but effective, watch and care.
In connection with this our schools in San Francisco propose to
undertake something more general and more generous in the way of
giving. Certainly the sum total of expenditures made by our Chinese
brethren, in connection with their Christian work, is creditable
already. When we consider their circumstances it is not a little thing
that in this last year their offerings, one way and another, should
reach a total of $2,000. But a scrutiny of the sources from which this
amount had come showed that in some quarters the grace of giving
had not been as generally cultivated or as fruitful in results as it
might have been. And a recovery of lost ground in this regard, an
advance beyond anything heretofore attempted is fully resolved
upon. Plans are being laid, the mutual exhortations have begun, and
it is believed that by the 1st of December they will show us definite
and practical returns. One of the helpers writes me as follows: “Last
night I have been spoken to the scholars and brethren about the
gifts of the money for the missionary work and about the gas that
you are going to put up instead of the oil lamps. They were so
pleased to help. I can hardly know how to tell you how glad they
feel to pay the gas and water bills and to help you pay the rent. I
was surprised that I should receive a large sum of gifts last evening
so soon as when I get through my sayings, and I expect another
sum this evening, because great many have not any money with
them last evening.” This same good spirit seems to pervade all the
schools and I am greatly comforted by it.
Other encouragements are not wanting. Even now I am awaiting in
my study the arrival of five Chinese who, with the approval and
recommendation of our brethren, offer themselves as candidates for
baptism and reception to our Bethany Church. Scarcely a month has
passed without tidings of some one turning to the light and avowing
himself a disciple of Christ. But I have been made specially glad this
month by the news from two of our youngest and smallest schools.
Mrs. Willett, of Santa Cruz, reporting for the first time two of her
pupils as giving evidence of conversion, adds: “I am very hopeful
concerning the spiritual interests of four of my boys. Eight of them
already own and study the New Testament. I give them Bible
instruction two whole evenings each week, and they enjoy it.” And
Miss Fulton, of Berkeley says: “In reporting that two of the pupils
give evidence of conversion, I do not say that they have confessed it
by word; but they attend so regularly to school, and to Sunday
school, listen to all religious instruction so earnestly, and join in the
Lord’s Prayer so heartily, that I feel assured they are earnestly
seeking the truth.”
And so God has mingled encouragements with humblings, and not
suffered us to be swallowed up with overmuch sorrow.
 WASHEE WASHEE.

BY JOAQUIN MILLER.

Brown John he bends above his tub

In cellar, alley, anywhere
Where dirt is found, why John is there;
And rub and rub and rub and rub.
The hoodlum hisses in his ear:
“Git out of here, you yeller scrub!”
He is at work, he cannot hear;
He smiles that smile that knows no fear;
And rub and rub and rub and rub,
He calmly keeps on washing.

The politicians bawl and crow

To every idle chiv. and blood,
And hurl their two hands full of mud:
“The dirty Chinaman must go!”
But John still bends above his tub,
And rub and rub and rub and rub;
He wrestles in his snowy suds
These dirty politicians’ duds;
He calmly keeps on washing.

“Git out o’ here! ye haythin, git!

Me Frinch ancisthors fought an’ blid
Fur this same freedom, so they did,
An’ I’ll presarve it, ye can bit!
Phwat honest man can boss a town?
Or burn anither Pittsburgh down?
Or beg? Or sthrike? Or labor shirk
Phwile yez are here an’ want ter work?
Git out, I say! ye haythin git!”
And Silver Jimmy shied a brick
That should have made that heathen sick;
But John, he kept on washing.

Then mighty Congress shook with fear

At this queer, silent little man,
And cried as only Congress can:
“Stop washing and git out of here!”
The small brown man, he ceased to rub,
And raised his little shaven head
Above the steaming, sudsy tub,
And unto this great Congress said,
Straightforward, business-like, and true:
“Two bittee dozen washee you!”
Then calmly went on washing.

Oh! honest, faithful little John,

If you will lay aside your duds
And take a sea of soap and suds
And wash out dirty Washington;
If you will be the Hercules
To cleanse our stables clean of these
That all such follies fatten on,
There’s fifty million souls to-day
To bid you welcome, bid you stay
And calmly keep on washing.
—The Independent.
 CHILDREN’S PAGE.

THE LITTLE DINING-ROOM.

BY MRS. T. N. CHASE.

Often just before breakfast I hear a tripping step in our hall, then a
light tap at the door, and our little John exclaims, “You’re ’vited,
mamma.” As I answer the knock, happy Hennie’s voice rings out the
welcome words, “You and Mr. Chase are invited to breakfast in the
little dining-room.” Now, as the “big dining-room” is filled with about
150 students and teachers, and as board is eight dollars per month,
the little dining room offers the most quiet, to say nothing of the
superior variety and quality of the food.
Well, now, there has of late been rapidly growing what some of us
staid teachers think is an industrial craze. I suppose any day the girls
at the North may have to give up one of their studies for the old-
fashioned patchwork. Oh! I don’t mean old-fashioned. Isn’t it funny
that old-fashioned things are the newest-fashioned things? I
suppose, too, any day our grandmother’s beautiful samplers may
again take their æsthetic places in the schoolroom to teach “marking
stitch” from “sure enough” antique letters, and the boys may march
into a recitation room, where they will learn to drive nails and shoe
pegs. Well, this is a great question, and none but a parent can be
more interested than the faithful teacher that the best methods
should be used in developing their precious charge.
About two years ago the matron of Atlanta University selected two
little dormitory rooms that opened into each other, and turned them
into dining-room and kitchen. An old Stewart cook stove used in the
big kitchen long ago, before the range was a necessity, was a large
part of the little kitchen’s outfit. The clothes press was easily
changed to cupboard, and an old flower stand was made into a tidy
closet for pots and kettles. In the dining-room the floor was stained
in alternate strips of dark and light color; a fly screen put in the
window, a few pictures and a rough shelf covered with a pretty
lambrequin brightened the walls; and, best of all, while this
revolution was going on, an old friend happened to drop in, on her
way to Florida. She was so delighted with the matron’s idea that she
filled the China closet of the little dining-room with such pretty
things that the dainty tea table at once put on airs in its new home.
Well, in these two little rooms the two highest classes of girls are
honored with practice in household arts, with the matron for their
teacher. At first gatherings in the little dining-room were quite rare.
The birthdays of the senior class were celebrated there, and guests
sometimes entertained, but the girls are so proud of their
housekeeping that now they are allowed all the practice they have
time for. Absent graduates must remember the room with pleasure,
as they send beautiful bouquets for the table. The senior girls take
turns in being responsible for the breakfasts and teas, and in
presiding at table. In addition to the two girls who preside, there is
room for about a third of the teachers. So, as we cannot all go, there
can be no general invitations, but each visit there has all the charm
of a special invitation out to breakfast or tea. But the best of it all is
the encouragement it gives the girls to practice the too often
neglected art of good cooking.
So now you see why we are proud of the little dining-room, and why
Hennie trips through the halls so merrily as she carries from door to
door the coveted invitation.
RECEIPTS FOR NOVEMBER, 1882.

MAINE, $71.05.
Farmington. Cong. Ch. and Soc. $26.19
Foxcroft. Mrs. D. Blanchard 5.00
Machias. Mrs. C. F. Stone, two bbls. of C., for Lady
Missionary, Wilmington, N.C.
North Bridgton. Cong. Ch. and Soc. 5.00
South Paris. W. D. B., for Tillotson C. and N. Inst.
(Building) 1.00
Waterville. For Tillotson C. and N. Inst. (Building) 0.10
Woolwich. Cong. Ch., 11.50; “Family Gift,” 2;
J. P. T., 1; T. M., 1. 15.50
York. First Cong. Ch. and Soc. 18.26

NEW HAMPSHIRE, $260.49.

Amherst. Mr. and Mrs. Melendy, 25; Ladies’ Union
Miss’y Soc., 25, for Student Aid, Straight U. 50.00
Amherst. Cong. Ch., 10.98; Miss L. W. B., 50c. 11.48
Auburn. Cong. Ch. and Soc. 12.00
Boscawen. Mrs. E. G. W., for Student Aid, Fisk U. 1.00
Chester. Mrs. Mary E. Hidden 10.00
Dover. First Cong. Ch., for Student Aid, Atlanta U. 40.00
Dunbarton. Cong. Ch. and Soc. 12.00
East Jaffrey. Cong. Ch. and Soc. 21.05
Francestown. Joseph Kingsbury 30.00
Kensington. “Friend,” for Wilmington, N.C. 2.50
Lyme. Cong. Ch. and Soc. 8.00
Manchester. First Cong. Ch. and Soc. 27.46
New Ipswich. Cong. Sab. Sch., for Student Aid,
Atlanta U. 25.00
Short Falls. J. W. C. 1.00
Temple. Mrs. W. K. 1.00
—— “Friends” 8.00

VERMONT, $479.14.
Barton Landing and Brownington. Cong. Ch. and
Soc. 22.56
Bellows Falls. Vermont Farm Machine Co.,
Champion Creamery, Val. 52, Swing Churn, Val.
12. for Atlanta U. Danville. Sab. Sch. Cong. Ch. 10.00
Grand Isle. Mrs. Rev. Chas. Fay 5.00
Plainfield. Cong. Ch. and Soc. 5.75
Randolph. First Cong. Ch. and Soc. 4.00
Rochester. Cong Ch. and Soc. 20.00
Rutland. Mrs. J. B. Paige, for Freight 1.20
Salisbury. Cong. Ch. and Soc. 17.44
Saint Johnsbury. “Colored Man” 2.00
Wallingford. Miss L. H. A. 0.50
West Randolph. Susan E. Albin and Sarah J.
Washburn 7.00
Woodstock. First Cong. Ch. and Soc. 39.26
Worcester. Cong. Ch. 4.43
———
$139.14
LEGACIES.
Bratleborough. Estate of Mrs. H. M. Linsley, by
C. F. Thompson 70.00
Cabot. Estate of Fanny Putnam, by Rev. H. A.
Russell 50.00
Chelsea. Estate of Dea. Samuel Douglass, by
Edward Douglass, Ex. 220.00
———
$479.14

MASSACHUSETTS, $2,447.79.
Alston. H. R. 1.00
Amesbury. Cong. Ch. 16.28
Amesbury and Salisbury. Union Evan. Ch. and
Soc. 16.60
Amherst. First Cong. Ch. 25.00
Andover. Ladies’ Union Home M. Soc. (70 of
which for Student Aid Talladega C.) 73.75
Andover. G. W. W. Dove, for Student Aid,
Atlanta U. 50.00
Auburndale. Mrs. Lathrop, Bundle of Papers.
Boston. Mrs. E. P. Eayrs, 5; Mrs. L. R. H. 50c 5.50
Bridgewater. Central Sq. Ch. and Soc. 24.62
Brimfield. Second Cong. Ch. and Soc. 10.63
Brimfield. Ladies Charitable Union of Second
Cong. Ch., Bbl. of C. and 2, for freight, for
McIntosh, Ga. 2.00
Brockton. “A Friend” 20.00
Canton. E. R. E. 0.50
Chelsea. Central Ch. and Soc. 21.19; Third
Cong. Ch. and Soc. 8.35. 29.54
Chelsea. Arthur C. Stone, for Student Aid,
Atlanta U., and to const. himself L. M. 30.00
Chelsea. Ladies Union Home M. Band, 20, for
Lady Missionary, Chattanooga, Tenn., also 5
Boxes Papers, etc., for General work 20.00
Chicopee. J. T. C. 0.51
Clinton. “A Friend” 100.00
Conway. D. L., for Tillotson C. & N. Inst.
(Building) 1.00
Dana. Cong. Ch. and Soc. 3.00
Dedham. First Cong. Ch. and Soc. 167.00
Dorchester. Mrs. R. W. Prouty, 5; Sab. Sch. of
Second Ch. (ad’l), 1.70; Miss E. T., 60c. 7.30
Fitchburgh. Cal. Cong. Ch. and Soc. 204.98
Florence. Florence Cong. Ch. 20.77
Gilbertville. Sab. Sch. of Cong. Ch., for Student
Aid, Fisk U. 50.00
Greenfield. T. H. 0.50
Hatfield. Cong. Ch. and Soc. 67.50
Hawley. H. S., for Tillotson C. & N. Inst.
(Building) 1.00
Haverhill. Mrs. Mary B. Jones 10.00
Holden. Cong. Ch. and Soc. 10.00
Holliston. “E. A.,” for Student Aid, Fisk U. 1.00
Ipswich. First Cong. Ch. and Soc., Bbl. of C.,
Val. 32.
Jamaica Plain. Central. Cong. Ch., in part 343.29
Marblehead. First Cong. Ch. and Soc. 90.00
Marshfield. Ladies’ Benev. Soc. of First Cong.
Ch., Two Bbls. of C., Val. 88.
Mattapoisett. A. C. 1.00
Matfield. Mrs. S. D. Shaw (1.50 of which for
John Brown Steamer) 2.00
Merrimac. John K. Sargent 2.00
Natick. Cong. Ch. and Soc. 40.00
Newburyport. North Cong. Ch. and Soc., 27.33;
Prospect St. Ch. and Soc., 25. 52.33
Newton. Freedmen’s Aid Soc., Books, etc., for
Library, Macon, Ga.
Northampton. “A Friend” 98.00
North Leominster. Cong. Ch. of Christ, 13; Mrs.
S. F. Houghton, 5. 18.00
Norton. Trin. Cong. Ch. and Soc. 17.93
Oxford. Ladies’ Miss’y Soc., for Lady Missionary,
Savannah, Ga. 20.00
Oxford. Woman’s Mission Soc., Bbl of C.
Pawtucketville. J. M. H. 0.50
Randolph. Cong. Ch. and Soc. (10 of which
from Sab. Sch.) 105.25
Rockport. Cong. Ch. and Soc. 35.42
Rockport. “A Lady,” for Tillotson C. & N. Inst.
(Land.) 1.00
Royalston. Ladies of First Ch., Bbl. of C., Val.
45, for Talladega C.
Shelburne. Ladies Sew. Circle of First Cong.
Ch., Bundle of C., for Tougaloo U.
Shirley Village. Cong. Ch. and Soc. 6.32
South Abington. Cong. Ch. and Soc. 75.00
Southampton. Cong. Ch. 38.46
Southbridge, Globe Village. Ev. Free Ch. and
Soc. 35.00
Southborough. Sab. Sch. of Pilgrim Evan. Ch.,
for John Brown Steamer 30.00
South Deerfield. Cong. Ch. and Soc. 9.81
Sutton. “A Friend,” for Student Aid, Atlanta U. 5.00
Templeton. Sab. Sch. of Cong. Ch. 10.00
Townsend. Ladies Benev. Soc., Bbl of C., Val.
20.75.
Waltham. Cong. Ch. and Soc. 26.00
Westborough. Ladies’ Freedmen’s Soc., Bbl. of
C. and 1, for Freight 1.00
West Medford. Henry Newcomb 2.00
West Medway. “Friends,” for Student Aid, Fisk
U. 10.00
Worcester. Plymouth Cong. Ch. and Soc., 74.50;
Salem St. Cong. Ch., 75; Samuel R.
Heywood, 32, to const. Frank E. Heywood
L. M.; “E. C. C.” 20. 201.50
——. “A Friend,” for Tillotson C. & N. Inst.
(Building) 1.00
————-
$2,247.79
LEGACIES.
Athol. Estate of J. Sumner Parmenter, (60 of
which to const. Mrs. J. S. Parmenter and Mrs.
F. S. Parmenter, L. Ms.), by F. S. Parmenter,
Ex. 160.00
Sandwich. Estate of Tryphosa French by
Fletcher Clark, Ex. 100.00
————-
$2,447.79

CONNECTICUT, $3,614.73.
Bethlehem. Sab. Sch. of Cong. Ch., for Tillotson
C. & N. Inst. 10.00
Bridgeport. “Cash,” for Tillotson C. & N. Inst.
(Building) 5.00
Buckingham. Cong. Ch. and Soc. 2.39
Canterbury. Westminster Cong. Ch. 9.50
Durham. Ladies’ Miss’y Soc. of North Cong. Ch.,
for Student Aid, Talladega C. 13.00
East Avon. Cong. Ch. 62.30
East Hampton. Cong. Ch. 27.33
Granby. First Cong. Ch. 11.30
Hartford. Pearl St. Cong. Ch. and Soc. 95.20
Hebron. Jasper Porter 10.00
Higganum. Cong. Ch. 16.00
Hockanum. South Cong. Ch. (5 of which from
Mrs. E. M. Roberts) 13.00
Mansfield. B. F. K. 0.51
Meriden. First Cong. Ch., to const. N. L.
Bradley, J. C. Twichell, Geo. Atkinson, Geo. E
Savage, Edward C. Allen, J. P. Parker, Mrs. F. A.
Otis, F. J. Wheeler, S. C. Pierson and A. H.
Gardner L. Ms. 300.00
Milford. Sab. Sch. of Cong. Ch., for Student Aid,
Tillotson C. & N. Inst. and to const. Albert
Nettleton L. M. 30.00
Naugatuck. Cong. Ch., 105.80; Andrew Hills, 25 130.80
New Canaan. Cong. Ch. and Soc. 25.00
New Haven. Amos Townsend 10.00
New Haven. Sab. Sch. of Ch. of the Redeemer,
for John Brown Steamer 10.00
New Preston. “Mrs. B. A.,” for Lady Missionary,
Raleigh, N.C. 10.00
Orange. Sab. Sch. of Cong. Ch., for Tillotson C.
& N. Inst. (Building) 10.00
Plainville. Sab. Sch. of Cong. Ch., for Tillotson
C. & N. Inst. (Land) 2.00
Plymouth. Cong. Ch. 55.00
Portland. First Cong. Ch. 7.49
Stamford. Cong. Ch. 47.30
Stratford. Cong. Ch. 25.00
Thomaston. Cong. Ch. 56.72
Torrington. Young Ladies’ Benev. Soc., Bbl. of
C., val. 50, and 4, for Freight, for Talladega
C. 4.00
Washington. “Z.” for Indian M. 1.00
Willimantic. I. E. S. 1.00
Winchester. Cong. Ch. 8.89
Woodbury. North Cong. Ch. 23.00
————-
$1,032.73
LEGACIES.
Ellington. Estate of Maria Pitkin, by Edwin
Talcott, Ex. 2,200.00
New Haven. Estate of Mrs. Phebe Browning, by
Henry E. Pardee, Ex. 382.00
————-
$3,614.73

NEW YORK, $10,861.41.

Albany. Clinton Sq. Bible Sch., for Needmore
Chapel, Talladega, Ala. 25.00
Albany. H. A. Homes 3.00
Brasher Falls. Elijah Wood, 15; Eliza A. Bell, 2 17.00
Brooklyn. Tompkins Av. Cong. Ch. 216.15
Brooklyn. Sab. Sch. of Central Cong. Ch., for
Missionaries at Fernandina, Fla., and Ladies’
Island, S.C. 175.00
Champion. Cong. Ch. 8.30
Welcome to Our Bookstore - The Ultimate Destination for Book Lovers
Are you passionate about books and eager to explore new worlds of
knowledge? At our website, we offer a vast collection of books that
cater to every interest and age group. From classic literature to
specialized publications, self-help books, and children’s stories, we
have it all! Each book is a gateway to new adventures, helping you
expand your knowledge and nourish your soul
Experience Convenient and Enjoyable Book Shopping Our website is more
than just an online bookstore—it’s a bridge connecting readers to the
timeless values of culture and wisdom. With a sleek and user-friendly
interface and a smart search system, you can find your favorite books
quickly and easily. Enjoy special promotions, fast home delivery, and
a seamless shopping experience that saves you time and enhances your
love for reading.
Let us accompany you on the journey of exploring knowledge and
personal growth!

ebookgate.com