Slashdot Mirror

← Back to Stories (view on slashdot.org)

Enemy At The Water Cooler

Posted by samzenpus on from the trust-no-one dept.

Trent Lucier writes "On most networks diagrams I've seen, the internet looks like a cloud. Sometimes it's a fluffy white cloud. Other times it's a dark ominous cloud. Regardless of the artistic style, the depiction usually conveys the mystery and danger of putting your company's network on a global information grid next to a billion users, kind of like those old maps with dragons drawn at strategic places in the ocean. Not surprisingly, corporations spend much time and energy protecting themselves from The Outside World. In Enemy at the Water Cooler, Brian Contos argues that just as many resources should be spent on defending against insider threats. Will this book help you detect the enemies at your water cooler?" Read below for the rest of Trent's review. Enemy at the Water Cooler: True Stories of Insider Threats and Enterprise Security Management author Brian T. Contos pages 302 publisher Syngress Publishing rating 8 reviewer Trent Lucier ISBN 1597491292 summary A thorough introduction to insider threats and the countermeasures that can be used against them

Contos, a Chief Security Officer himself, has written a primer on insider threats and the counter-measures that can be deployed against them. The book is written for a wide audience, so don't expect low-level details about encryption algorithms and security protocols. However, if you have to deal with a large company's IT infrastructure, you may benefit from Contos' descriptions of enterprise security concepts and anecdotes.

According to the book's terminology, an insider is someone who has more privileges than the common person and uses those privileges to abuse the system. It's important to understand the full scope of the term "privileges". In addition to computer privileges, Contos is also talking about physical access to hardware, paperwork, and even other employees that can be exploited in social engineering attacks. Even if a piece of information is useless to the insider, it may be something that a competitor would be willing to buy for the right price.

The early chapters provide background on all the standard attacks that are in the news these days: phishing, denial of service, keylogging, etc... What makes these sections interesting are the statistics that are sprinkled throughout the text. In a survey conducted by CERT examining known attacks, 49% were committed by insiders that were married. This goes against the profile of the insider being someone who has less personal risk (such as a family) at stake. In fact, the prevailing image of the last 30 years depicting a computer criminal as a socially awkward young male has started to become less accurate as organized crime has turned into the biggest threat.

Enemy At The Water Cooler does a great job of putting statistics in context. The book is always careful to mention that the crime statistics represent only the known incidents. Contos often explains why certain numbers matter. Near a chart showing that 59% of discovered crimes were committed by former employees, the author explains that recently fired employees can be highly motivated to commit revenge and still have access to accounts and passwords, which is a dangerous combination.

How does the book propose that businesses deal with threats? At the end of Part I, Contos introduces a technology called Enterprise Security Management (ESM). This is a blanket term used to describe a collection of enterprise-level tools that can perform information analysis, display event feeds, manage policies, and do everything else in the world besides make toast. The remainder of the book constantly mentions this technology, so if you are not interested in learning about ESM, this book may not be for you.

At this point, it should be noted that Brian Contos is the Chief Security Officer of a company that sells ESM products. The book is neutral on which product you should use, although some screenshots show Contos' program for illustrative purposes. I did not feel that the book was biased or trying to sell me something. Regardless of who the author works for, he makes a compelling argument that ESM systems are necessary for big companies that need to manage their IT security.

Case studies comprise Part II of the book. This is the entertaining stuff, and probably the type of thing most people want to read when they pick up a book called Enemy At The Water Cooler. There are 8 main case studies, each running about 5 pages in length. Contos puts the "study" in "case study" as he illustrates how tools (ESM) and training could prevent many of the scenarios he describes. Those expecting light reading in the form of amusing anecdotes about IT security will be disappointed. However, if you're looking for a detailed analysis of insider crime, these chapters provide it.

Many times, greed and hubris are the ultimate undoing of the insider. In one example, a company discovered that their servers were hosting pirated software. Little did the company know that the employee that was asked to clean up the server was actually the one who put the software there to begin with. The insider would have gotten away with it if only he hadn't bragged to a co-worker about how dim-witted his company was.

In other situations, employees can be blackmailed into committing crimes. In the case of a Spanish company, an employee was forced into planting a wireless access point in one of the development labs. The employee had lied about his educational background on his resume, and criminals threatened to expose him if he didn't cooperate by planting the device.

The final portion of the book discusses further capabilities of ESM. The main point is that ESMs should be able to monitor everything. Contos explains a scenario where an employee pulls financial information from a proprietary system and then uploads it to a P2P network. Most companies do not have the technology to detect such an action. Not that Contos claims technology is the only answer. It is just a tool, and it is useless when not supported by trained employees and policies. At the end of the book, the reader gets information about "soft skill" topics like incident management, hiring processes, and some legal case history regarding insiders.

The book's viewpoint is very top-down with regards to the corporate hierarchy. Executives will no doubt love all the capabilities that Contos claims can be at their fingertips, but individual employees might feel it is slightly Orwellian. Can all this information that the ESM vacuums up be used for evil? The book's implicit answer seems to be "yes", since it is repeatedly made clear that no one can be trusted. But there is never any explicit information given on how the ESM itself can be protected from abuse.

Enemy at the Water Cooler provides a thorough introduction to insider threats and the countermeasures that can be used against them. If you are just interested in stories about insider security crimes, then you may want to pass. (The section on case studies is only about a third of the book's content). However, if you are interested in learning about technology that can help defend against these threats, then this book provides a comprehensive overview.

Trent Lucier is a software engineer. His latest experiment is localhost80.com"

You can purchase Enemy at the Water Cooler: True Stories of Insider Threats and Enterprise Security Management from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

40 of 148 comments (clear)

  1. YOU TOOK THE LAST GLASS OF WATER by Anonymous Coward · · Score: 5, Funny

    you have now made an enemy at the water cooler..

    1. Re:YOU TOOK THE LAST GLASS OF WATER by 3chuck3 · · Score: 2, Interesting

      Actually, I guess I am one of the types of people the book is describing. I see it as in my best interests, as a System/Network/Citrix Admin, to be able to have Unix Root, Windows Full Domain administration.

      It is job security, having management know I have cart-blanch full access to the whole company system, with no big brother security monitoring of my system and internet activities.

      Make it harder for any of the CEO/CFO to let me go because they drove the business into a downturn, I make to much salaries, and see my services unneeded because the Systems are setup, running without errror, and the CEO things they can dump the systems mantainces in the lower paided jr admin.

      IT downturn, lies, never me fooled again.

    2. Re:YOU TOOK THE LAST GLASS OF WATER by Anonymous Coward · · Score: 3, Insightful

      Actually, I guess I am one of the types of people the book is describing.
      Yep, sounds like it. You're the reason the rest of us have to put up with the kinds of onerous security protocols and limitations the book describes. Some people are solution-providers; you're one of the problem-providers.
    3. Re:YOU TOOK THE LAST GLASS OF WATER by eln · · Score: 5, Insightful

      Sure, I guess you could take down their entire system if they fired you. That is, if you're okay with never working in the industry again.

      Your career is heavily dependent on your reputation. If you have a reputation as a rogue who will hold the system hostage in order to make yourself indispensable, you will not be hired elsewhere.

      In any job, your goal should be to make yourself valuable, not indispensable. Indispensable people make management nervous. If you are truly indispensable, then management's primary goal becomes to make you dispensable as soon as possible, even if they like you. It's the old "What if Person X got hit by a bus tomorrow?" dilemma: nobody wants their entire business to be dependent on any one person.

      Beyond that, being indispensable in your current position makes it impossible for you to move up in the company. No one will promote you, because your current position can't be backfilled, since you're the only one who can do it. This is bad for your career.

    4. Re:YOU TOOK THE LAST GLASS OF WATER by StikyPad · · Score: 2, Insightful

      Yeah, but only if it's demonstrable. It's really hard to defend in a case like that, especially if the employee indicates some sort of animosity toward him, which they would be inclined to do if they were the sort of people to hurt you out of spite. Moreover, is it really worth your time and energy to prevent a rival company from hiring an employee you don't like? Like I said, most employers won't mess with it.

      --
      https://www.eff.org/https-everywhere
  2. No more by IflyRC · · Score: 5, Funny

    We removed our water cooler so that this scenario never happens.

    1. Re:No more by tverbeek · · Score: 3, Funny

      Removing the water cooler isn't enough! You need to get rid of drinking fountains, coffee makers, vending machines, shared refrigerators, wet bars... any place where liquid refreshments might be dispensed. For added security, photocopiers, fax machines, and any other equipment which people might stand in line for or loiter nearby, should also be eliminated. In sensitive environments and military installations, elevators should be replaced by single-file escalators. And water cannons should be used on the smokers who assemble outside. (Not just for security, but for their own good.) It's a jungle in here, people!

      --
      http://alternatives.rzero.com/
    2. Re:No more by qwijibo · · Score: 3, Funny

      Cube farms are a secondary location where many of these attacks can be perpetrated. The only solution is to make each person work in a separate office. For added security, it would be best if each person connected to the network from a different location, unknown to most of the other people. Mandatory full time telecommuting is the only viable solution to combat these security risks.

    3. Re:No more by dario · · Score: 2, Funny

      I always wondered how much damage a competitor could do by sending someone with a cold onto the premises, and having them infect as many vectors as possible such as the handles on the watercooler, doorknobs, keypads, vending machines, etc. It would be enough to get a few people sick to spread the cold throughout the company, and force everyone to stay home for a day or two. If this happened around a deadline... oy.

    4. Re:No more by ConceptJunkie · · Score: 2, Funny

      Just send them a shipment of smallpox blankets.

      Uh oh, I think that joke may have gotten me on a terrorist watch list.

      --
      You are in a maze of twisty little passages, all alike.
  3. WAIT!!! by matr0x_x · · Score: 5, Funny

    I'm confused here - is he talking about protecting my corporations network from myself?

    --
    LINUX ONLINE POKER: Linux Poker
  4. Visio by spacemky · · Score: 5, Funny

    Does anyone have Visio stencils of those ominous dragons? I'd love to replace my Internet clouds with these.

    --
    640YB ought to be enough for anybody.
  5. Update on the link by Anonymous Coward · · Score: 4, Informative

    I have no idea why Slashdot linked to B & N here, when Amazon has it considerably cheaper (see the "Used and new from..." listings).

    1. Re:Update on the link by gavri · · Score: 3, Informative

      http://slashdot.org/book.review.guidelines.shtml
      Speaking of links, please do not include links in your reviews to online bookstores. Slashdot has an linking arrangement with Barnes & Noble; that's why when bn.com carries a particular book, you'll see a link to it at the bottom of the review.

    2. Re:Update on the link by budcub · · Score: 2, Insightful

      I have no idea why Slashdot linked to B & N here, when Amazon has it considerably cheaper

      Slashdot used to link to Amazon for books, but they took a lot of criticism for it because Amazon had patented the "one-click". Now they link to Barnes & Noble and people criticise them for not linking to Amazon any more. I guess if you're Slashdot you just can't win.

  6. Problems. by jellomizer · · Score: 4, Interesting

    While internal security is important but the priority should always be towards protecting your self from external attacks. Internal security problems can be minimized because there is a smaller group of suspects. As well as good hiring practices can reduce it a bit more. Next is the Cost/Benefit of putting the effort into internal security. First there is the cost of designing and implementing then there is the cost of maintaining it and keeping the employees useful. If Employee X needs to put in a request to access some data and it takes a couple of hours to do so that is a time of loss productivity.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    1. Re:Problems. by Belial6 · · Score: 4, Insightful

      You are right. The reason we are all running PCs on our desktop instead of terminals hooked to the mainframe is because of this. People were finding that they could be far more productive with a crappy (in comparison to the mainframe) C64 or Apple II than they could with the million dollar mainframe. So, they just circumvented the corporate computers by dropping a PC on their desktop. Eventually corporations had to start supporting the PCs because when they were faced with the dramatic drop in productivity from removing the PC, or the cost of supporting PCs, the choice was obvious.

      I would also caution against restricting the individuals PC desktop too much. This can very quickly lead to employees looking for ways to circumvent your security, and create threats that you don't know about. Sometimes this even means making sure the employees computers properly play CDs, and can access entertainments sites on the internet. The best and the brightest often look for the most enjoyable work environment. Being able to listen to their music while working, or taking a short break to see if there will be a new episode of BSG this week could mean the difference between getting someone that is adequate at their job, and getting someone that is great. It could also mean the difference between an employee that dreads coming to work, and someone that looks forward to it.

  7. I was waiting for this to get mentioned by TubeSteak · · Score: 2, Interesting

    Executives will no doubt love all the capabilities that Contos claims can be at their fingertips, but individual employees might feel it is slightly Orwellian. Can all this information that the ESM vacuums up be used for evil? The book's implicit answer seems to be "yes", since it is repeatedly made clear that no one can be trusted.
    And that's a problem created by solving the infosec problem.

    Employees like to feel trusted. The kinds of security measures that will really protect your information are the kinds of security measures that will create a semi-oppressive environment.

    I guess that's something that has to be balanced: the effects of your security implementation on morale/productivity vs the cost of a possible breach
    --
    [Fuck Beta]
    o0t!
  8. Insiders only 20% of threat by Anonymous Coward · · Score: 5, Interesting

    Not quite. Only around 20% of registered, reported attacks come from an insider threat, and of those, only 10% are from IT. You can find this at a Jan 23rd posting on CERT about insider threats.

    http://www.cert.org/

      Therefore, implying that the insider threat looms as large as others is highly divisive and misleading. Further, you can take concrete steps to reduce the risk of an insider threat, while you cannot have that level of impact in threat reduction (vulnerability and asset risk reduction, yes, but not threat) for the rest of the world.

    - musides

    1. Re:Insiders only 20% of threat by SamShazaam · · Score: 2, Insightful

      The same report that you quote states (page 8) that 74% of those insider attacks are successful to one degree or another. This is highly significant considering most security is located at the network perimeter.

  9. Wine by len_p · · Score: 3, Funny

    In France they have a different approach. At lunch everybody takes a glass of wine and it's considered normal. Should replace the watter with wine and it will drastically reduce security threats :) Len

    1. Re:Wine by arethuza · · Score: 2, Informative
      I thought France was supposed to have a very high GDP-per-capita-per-hour figure:

      List of countries by GDP (PPP) per capita per hour

  10. Nice Review by steveit_is · · Score: 2, Insightful

    I'm definitely going to be purchasing this book, as we've recently had an 'incident' and in the health care field these kinds of things could mean jail time for me as the person responsible for security thanks to HIPAA.

  11. Re:jumping ship by eneville · · Score: 2, Funny

    Windows Vista Forum the above, runs on php. that doesn't say much for vista does it!! like doesnt it come with a webserver?
    --
    Why UNIX?
  12. More spinoffs of the terrorist threat by Excelcia · · Score: 2, Insightful

    It really sounds to me like this is just a continuing tune on the terrorist theme. Watch out, you aren't safe anywhere, you can't tell who might be out to get you, no one is excluded from suspicion.

    My assertion is that looking behind you all the time and treating everyone as a potential threat causes more damage than the problems it supposedly avoids. If the patriot act is the cure, I'd rather have the disease, thank-you. The same goes in the office.

    1. Re:More spinoffs of the terrorist threat by ScentCone · · Score: 2, Insightful

      It really sounds to me like this is just a continuing tune on the terrorist theme.

      If you've dealt with a company that had an inside bad guy ship out a dumped database containing all of that company's customer's credit card numbers and personal data, you'd probably feel a little differently. Just like you'd probably feel differently if a family member had been on one of those trains in Madrid, or in a nightclub in Bali, or in one of those embassies in Africa, or in the WTC, or taking a flight that ended in a Pennsylvania field, or if you left your legs behind in a vegetable market because you're the wrong flavor of some religion. Insider IT damage doesn't usually result in bloody deaths, but it can bankrupt companies, ruin careers, destroy retirement accounts, and worse.

      Out of curiosity, would you get on a plane run by an airline that advertised its total trust of all passengers, and thus an easier boarding process that doesn't involve security? Would you leave your wallet sitting on your cubicle desk at work? Would you care if your HR department left its doors (and files/data), including your personal info, wide open... and just trusted that no one in the company would ever mis-use it?

      --
      Don't disappoint your bird dog. Go to the range.
    2. Re:More spinoffs of the terrorist threat by Excelcia · · Score: 2, Interesting

      DO you want to go through metal detectors to go to work? Do you want your coworkers talking to the corporate security department if you happen to browse to a web site for a packet sniffer program on your break? A certain amount of vulnerability is the price a free society pays for freedom.

      It's truly ironic that here in Canada, where far fewer personal freedoms are directly enshrined in our constitution, I today enjoy more personal liberty and freedom from state interferance than those in the United States.

      When the Communications Decency Act was signed into law, every major intelligence and law enforcement agency in the United States went into a hiring binge to try and internet and tellecommunications expertise. They were wringing their hands in glee at the chance to make anyone having an internet connection and a bottle of beer grounds for a wiretap. What the government couldn't pull off with that act, they had handed to them on a silver platter with the Patriot Act.

      There is a push towards far more state control in your country, and it frightens the hell out of me that my country is on the receiving end of very significant pressure to do the same thing. Not just in the area of security, but in all areas. Wiretap "sharing", copyright controls, and an armed border are just a few things on the agenda. At stake - billions of dollars in arguably ilegal trade tarrifs if we don't tow the line. My government may cave in. I don't want to have 10% of our population imprisoned like yours.

      In short, I don't want your fear mongering in my country, and books like this only serve to advance that agenda.

  13. About that cloud by biglig2 · · Score: 3, Insightful

    Nothing sinsister about it, I'm afraid. The cloud is used because it does not matter how the internet works, only that you put packets in one place with the right address, and they come out at that address. How they got there, we neither know or care. Hence the cloud, not because there is mystery, but because maybe it's fiber, maybe copper, maybe SDSL, or Frame Relay, maybe it's satellite, maybe it goes via Hamburg, maybe via London, we don't care because it doeesn't matter.

    --
    ~~~~~ BigLig2? You mean there's another one of me?
  14. Re:Oblig by Chyeld · · Score: 2, Funny

    Dude, I'm in your water cooler, stealing your secrets!

  15. Self-Generating Problem by G4from128k · · Score: 2, Interesting

    I wonder how many companies, in an attempt to defuse "the enemy at the water-cooler", have treated employees with such contempt that they have created even more and more aggressive internal enemies. The more companies treat their employees as adversaries, the more adversaries they create.

    Yes, companies should take prudent steps to oversee the security of their networks and systems. But I suspect they need to do more to enlist the aid of the allies at the water-cooler and in creating a positive work environment than in draconian control measures.

    --
    Two wrongs don't make a right, but three lefts do.
  16. Re:snitch networks? by IflyRC · · Score: 4, Funny

    otherwise known as "HR".

  17. Re:jumping ship by tverbeek · · Score: 3, Informative

    It may surprise you to learn that PHP can be run on a Windows system using Microsoft's IIS as its web server.

    --
    http://alternatives.rzero.com/
  18. Every Few Months by 99BottlesOfBeerInMyF · · Score: 5, Insightful

    Every few months someone writes and article or publishes something talking about how insider threats are the largest avenue for security breaches. Usually, they are trying to sell some new "spy on your employees" device. My company even makes a device that tracks employee internet usage and finds abnormalities. We have one deployed internally and anyone can look at it to see what other people have been doing. Sometimes we'll make fun of someone for being the most frequent visitor to Slashdot this month, or some-such. That said, we have deployed an incredibly effective system for stopping insider threats. Such a system used to be commonplace in many companies, but has since fallen into disuse due to modern business strategies and short-term money saving concerns. This fabulous system is called, "beer in the fridge."

    By spending a small amount of money to keep the kitchen fridge stocked with free beer for all employees, the company has cheaply bought all our loyalty. Sure we could perform extensive audits and spend time spying on potential insider threats and implement physical security to stop people from bringing in portable drives they could use to steal our customer databases, but really the beer is a lot cheaper. It has added benefits too. If an employee is gets a job offer elsewhere they often ask about the free beer situation. I think it is worth about 20K of salary in most people's comparisons. If people are moving on, they stay in touch with people here and recommend us to work for and to buy products and services from. People give lots of notice and will stay on to finish a project or train someone else. People are a lot more likely to stay late or come in on the weekends to work on something because of the free beer.

    Yes, the fabulous "beer in the fridge" system has many advantages.

    Treat employees well, like people instead of mercenaries. Be their friend as well as their boss. If they can't come in some day because they have something come up, or an old friend comes into town, let them take a day off. Make sure people don't fear they will be fired because management needs better numbers for the year. Make sure they know they are valued as employees and people. Take them out to lunch now and again or order a pizza, or get free donuts. Well treated people almost never betray their employer and tend to treat their boss well in return. This isn't rocket science.

  19. Re:Danger! Danger Will Robinson!! by Fred_A · · Score: 2, Funny

    Isn't that exactly what they'd want us to believe ?

    --

    May contain traces of nut.
    Made from the freshest electrons.
  20. re:YOU TOOK THE LAST BIT OF DIGNITY by PopeRatzo · · Score: 5, Insightful

    You're the reason the rest of us have to put up with the kinds of onerous security protocols and limitations the book describes.
    No, the reason we have to put up with "the kinds of onerous security protocols..." is that corporations have lost all sense of loyalty to their employees.

    My father, three of his brothers and their father all worked for the same company for all their working life. They were well taken care of and they returned that loyalty several times over in the course of their careers.

    Today, companies are more concerned with cutting another 10,000 employees so their stock price will jump a few cents for a couple of weeks than creating a relationship of trust and security with their employees. Benefits are cut, unions are fought, jobs shipped overseas and life is generally made as miserable as possible for the people who sweat blood on the shop floor. Meanwhile, the differential between what the CEO makes compared to the average employee has gone from 20 to 1 to 20,000 to 1.

    I'm not surprised that corporations find themselves loathed by their employees and having to exert effort and money trying to protect themselves from their own people. What surprises me is that we don't see more all-out sabotage by disgruntled employees.

    It's not coincidental that the period of enormous growth and prosperity of the few decades after World War II happened to also be a period of improving conditions, organization and influence for the workers. A period when labor unions were considered a crucial part of the economic system. Those unions were the only reason the US had such a strong and deep middle class from 1950 until their demise began at the hands of that doddering tool of the Right-Wing Rich, Ronald Reagan, who, if God is just, is burning in Hell.
    --
    You are welcome on my lawn.
  21. Why even think about technological solutions? by Beryllium+Sphere(tm) · · Score: 4, Insightful

    Banks have been aware of insider threats for centuries. They have a battle-tested set of policies and procedures such as separation of duties to control the threats. Banks have been able to stay in business for a long time before ESM became available.

    Banks have also gone out of business due to the insider threat people seem afraid to discuss. There's an old saying, "The best way to rob a bank is to own one". Crooked senior management stole one Sagan (billions and billions) of dollars during the 1980s US savings and loan disaster. Sometimes the thefts are even considered legal, as when a CEO walks away from a ruined company with a hundred million in "performance bonuses". How is ESM going to protect against Ken Lay, who did more damage than any random thousand "disgruntled former employees"? (*)

    Banking procedures, such as requiring people to take vacations, have the other advantage that they don't risk violating privacy laws. In some countries you may not be allowed to spy on your workers to the extent you can in others.

    (*) Who disgruntled them, anyway?

  22. My name is Milton Waddams by Stanistani · · Score: 4, Funny

    >Will this book help you detect the enemies at your water cooler?

    No. I will have to find out myself who took my red stapler.

    *walks off muttering*

    --
    You can't talk about Wikipedia's flaws on Wikipedia
  23. different goals by misanthrope101 · · Score: 4, Insightful
    The goal used to be to make money. Now the goal is to make as much money as possible. Though those seem like similar goals, in reality they aren't. Before, as long as you were making money then you could, with a good conscience, treat your employees well. Now, no matter how much money you're making, you still can't treat your employees well and feel good about it, because every cent spent on human decency is a cent of profit squandered. Also, many companies of old felt that they had a responsibility to their workers, whereas now workers are viewed as an expense, like paper clips or toilet paper. This attitude makes for a hotter stock price, but a worse quality of life for everyone who works there.

    Also, CEO pay has skyrocketed in comparison to worker pay, and no company that pays hundreds of millions of dollars to departing executives can also afford to be loyal and supportive to the workers. In the corporate culture of today, executives are seen as the movers and shakers, the visionaries who create the value, while the workers are seen as expenses.

  24. Re:YOU TOOK THE LAST BIT OF DIGNITY by teh_chrizzle · · Score: 3, Informative

    I'm not surprised that corporations find themselves loathed by their employees and having to exert effort and money trying to protect themselves from their own people. What surprises me is that we don't see more all-out sabotage by disgruntled employees.

    it happens all the time... but i'll bet it doesn't often make the papers.

    the word sabotage comes from the french word "sabot" which is a kind of wooden shoe or clog. during the industrial revolution, angry workers would kick the machines they worked on or throw the shoes into them, resulting in a "clog" in the output.

    in the intelligence community, disgruntled soldiers and public servants make some if the best moles or double agents. in government, many whistleblowers act not out of a sense of duty or responsability but as a means of exacting revenge.

    --
    sarcasm:
    -noun
    1. harsh or bitter derision or irony.
  25. Re:NOT Oblig by Crunchie+Frog · · Score: 2, Funny

    I am an obligatory old joke you insensitive clod!

    --
    --- Never attribute to malice that which can be adequately explained by stupidity