The ULTIMATE insider attack

What's the ultimate inside attacker? Your own security consultant who has the keys to the kingdom. And that is exactly what happened to a few companies who used John Schiefer as a security consultant.

John Schiefer plead guilty to running a 250,000+ node botnet and using those bots to instigate attacks on the Internet. John "worked by day as an information security consultant but was a well-known 'botmaster' among the underground network of hackers skilled in 'botnet attacks'" (not sure why they put quotes around "botnet attacks" - crap, now I'm doing it...). Now I have heard and read stats that say insider attacks make up anywhere from 50% to 70% of today's cyber attacks. Whether or not that statistic is true, it only takes one such incident from someone with this type of power to make up for discrepancy.

Some people will say this is a nice argument for separation of duties, and I agree with that. However, people with this type of access are hard to stop. I don't see any details on how he was caught. I would like to see that story, though it may not come out anytime soon since people are so hesitiant to give out breach details.