- Email: [email protected]
Internet users furious over SingTel's computer security probe
Security Views/Dr. Bill Hancock
$2 billion, and that revenues continued to grow to an estimated $3.1 billion in 1998. Moreover, IDC expects the market to reach $4.2 billion in 1999 and $7.4 billion by 2002. Anti-virus software will be the largest security software market by 2002, with revenues of $3 billion.
US Nuclear Labs Find Counterespionage Difficult The heads of top US nuclear laboratories defended their security efforts during an early May session of a Senate panel investigating the theft of top-secret US nuclear data. “I acknowledge that an extremely serious compromise of the security of classified nuclear weapons information has occurred at my institution”, John Browne, director of the Los Alamos National Laboratory, told the Senate Energy Committee. A Chinese-American scientist at the Los Alamos lab in New Mexico, Wen Ho Lee, was fired in March on suspicion of leaking nuclear secrets to China. Lee has not been charged and his lawyers maintain his innocence. The spying is believed to have occurred in the mid1980s but it was not suspected until 1995 when US researchers analyzing Chinese nuclear test results found striking similarities to most advanced W-88 miniature warhead of the United States. Senators on the panel expressed outrage over the security lapses by the Department of Energy’s nuclear labs. Committee Chairman Frank Murkowski, a Republican from Alaska, waved a floppy disk at the lab directors and said he was shocked that any lab employee could copy sensitive nuclear data from lab computers onto the disk and walk right out with it. “The Department of Energy is not adequately protecting our interests”, Murkowski said. Sen. Pete Domenici, a Republican from New Mexico, said there had been too “many times when lapses and omissions” kept the lab’s authorities from cracking down on Lee’s suspected espionage. But policing the labs is no easy matter and curtailing foreign scientists’ access to labs is not the answer, one
288
director insisted. “Ironically, the more serious espionage threat is that of the trusted insider who betrays his country’s secrets”, said Paul Robinson, director of Sandia National Laboratories. “We need to put more resources into counterintelligence aimed at the insider threat”, Robinson said. But last month in another congressional hearing on the alleged Chinese espionage, Notra Trulock, former acting deputy director at the Energy Department’s Intelligence Office, said the department repeatedly issued warnings about Chinese moves to national laboratories by the spring of 1996. “I must tell you that our warnings were ignored, they were minimized and occasionally even ridiculed, especially by laboratory officials”. Trulock said. Browne defended his lab’s reaction to the security threat, saying the lab was working closely with the Energy Department to develop and implement improved systems in an effort to avoid future problems of this sort. “However, to maintain a high level of security against the changing threats, we will have to continue making improvements”, Browne said.
Internet Users Furious Over SingTel’s Computer Security Probe Internet users are furious after Singapore Telecom’s Internet service provider, SingNet, scanned its customers’ computers in a recent anti-hacking operation without telling them about it. The city-state’s online Internet forums were packed with angry outbursts on the topic Monday, after media reports recently revealed the probe. “Hacking into my computer is housebreaking . ..You should be charged just like anybody”, a user with the screen alias ‘Moremann’ wrote in an open message to SingNet, posted to the popular ‘soc.cul.singapore’ forum. Other outraged users compared the scan to unnecessary surgery. Many threatened to cancel their SingNet accounts. SingNet, which ran the check with the help of law enforcement officials, insisted that it had not invaded users’ privacy. The company said it had merely checked users’ accounts for so-called ‘Trojan horse’
Computers & Security, Vol. 18, No. 4
programs that make computers more vulnerable to hackers. But SingTel twice apologized for its actions, through the media and mass E-mails to its 200 000 subscribers. It also suspended the security check. “We apologize unreservedly if we have caused you any undue alarm and also regret not having informed you before we embarked on our virus scanning”, Multimedia chief Paul Chong Singapore Telecom wrote in the E-mail apology. “Please be assured that we only had your best interests at heart when conducting the exercise”, Chong said. In an earlier report, a SingNet official likened the scan to “a policeman patrolling in cyberspace, checking if the ‘windows’ in your computer system are open.” But many Internet users rejected the analogy. “Can someone tell me ifit’s all right to peep into others’windows and, when caught, say it’s for the occupants’ sake?” an Internet user with the code name ‘Allstars’ wrote in soc.cul.singapore. SingNet has insisted that there was no invasion of privacy, as the scan could not read personal information but could only detect loopholes that could be used by hackers. The Telecommunications Authority of Singapore, which tightly regulates the industry, said SingNet had not violated any rules or regulations. SingNet’s operation came to light recently after 21year-old law student Anne Lee told police that her computer’s anti-hacking program had detected an invader. A check traced the probe to the city-state’s Home Affairs Ministry, which oversees law enforcement in Singapore and was helping SingNet with the security check.The check followed last month’s highly publicized arrests of two Singapore teenagers suspected of hacking into 17 SingNet customers’ accounts.
VPNs Build Momentum For the construction firm of Black &Veatch, the principal benefit of using IBM Global Network’s virtual private network (VPN) service for remote access can be simply stated: no more $200 overseas phone bills from foreign hotels.
“In some countries, hotels charge $5 to $6 per minute, so we could get a bill for $200 for a single night”, when engineers dialed home to check E-mail or to access financial or product information, says Jim Baird, inanager of networked systems at Black tci Veatch Solutions Group, the information technolo‘gy arm of the Kansas City, Mo.-based construction and engineering firm. Engineers can now make a local call to an IBM Global Network point of presence pretty much anywhere they travel overseas. They can then logon dnd communicate with corporate systems over the carrier’s 11’ backbone. The cost: 5 to 12 cents per minute. Better still,“We don’t have to pay the cost of caring lfor] and feeding a bunch of modems or remote access servers around the globe”, Baird says. “We’re paying a carrier to extend the boundaries of our IP network.” Black & Veatch is far from alone in perceiving the VPN’s potential as a remote access vehicle. “Interest in VPNs is very high because of the potential cost savings” , says Cherry-Rose Anderson, a research analyst at Gartner Group Inc. “Nearly 100% of the enterprises I talk to on a regular basis about remote access are looking at the role VPNs could play in their enterprise.” According to industry watchers, Black &Veatch, along with a handful of other bleeding-edge firms, is at least a couple of years ahead of the rest of corporate America when it comes to implementingVPNs. The basicVPN concept is to create a virtually private connection over a shared IP-based network medium: either the Internet or a service provider’s IP backbone. That’s accomplished by IP addressing -- which sets up a point-to-point flow between, say, a remote PC and a corporate VPN server - and by security mechanisms like user authentication and encryption.VPN cost cavings over a traditional remote access server or modem banks and dial-up lines range from 30% to 70X, depending on the type ofVPN equipment and service implementation used and where users are located, says Eric Zines, a senior consultant at Telrchoice Inc., a Dallas research firm.
289
$2 billion, and that revenues continued to grow to an estimated $3.1 billion in 1998. Moreover, IDC expects the market to reach $4.2 billion in 1999 and $7.4 billion by 2002. Anti-virus software will be the largest security software market by 2002, with revenues of $3 billion.
US Nuclear Labs Find Counterespionage Difficult The heads of top US nuclear laboratories defended their security efforts during an early May session of a Senate panel investigating the theft of top-secret US nuclear data. “I acknowledge that an extremely serious compromise of the security of classified nuclear weapons information has occurred at my institution”, John Browne, director of the Los Alamos National Laboratory, told the Senate Energy Committee. A Chinese-American scientist at the Los Alamos lab in New Mexico, Wen Ho Lee, was fired in March on suspicion of leaking nuclear secrets to China. Lee has not been charged and his lawyers maintain his innocence. The spying is believed to have occurred in the mid1980s but it was not suspected until 1995 when US researchers analyzing Chinese nuclear test results found striking similarities to most advanced W-88 miniature warhead of the United States. Senators on the panel expressed outrage over the security lapses by the Department of Energy’s nuclear labs. Committee Chairman Frank Murkowski, a Republican from Alaska, waved a floppy disk at the lab directors and said he was shocked that any lab employee could copy sensitive nuclear data from lab computers onto the disk and walk right out with it. “The Department of Energy is not adequately protecting our interests”, Murkowski said. Sen. Pete Domenici, a Republican from New Mexico, said there had been too “many times when lapses and omissions” kept the lab’s authorities from cracking down on Lee’s suspected espionage. But policing the labs is no easy matter and curtailing foreign scientists’ access to labs is not the answer, one
288
director insisted. “Ironically, the more serious espionage threat is that of the trusted insider who betrays his country’s secrets”, said Paul Robinson, director of Sandia National Laboratories. “We need to put more resources into counterintelligence aimed at the insider threat”, Robinson said. But last month in another congressional hearing on the alleged Chinese espionage, Notra Trulock, former acting deputy director at the Energy Department’s Intelligence Office, said the department repeatedly issued warnings about Chinese moves to national laboratories by the spring of 1996. “I must tell you that our warnings were ignored, they were minimized and occasionally even ridiculed, especially by laboratory officials”. Trulock said. Browne defended his lab’s reaction to the security threat, saying the lab was working closely with the Energy Department to develop and implement improved systems in an effort to avoid future problems of this sort. “However, to maintain a high level of security against the changing threats, we will have to continue making improvements”, Browne said.
Internet Users Furious Over SingTel’s Computer Security Probe Internet users are furious after Singapore Telecom’s Internet service provider, SingNet, scanned its customers’ computers in a recent anti-hacking operation without telling them about it. The city-state’s online Internet forums were packed with angry outbursts on the topic Monday, after media reports recently revealed the probe. “Hacking into my computer is housebreaking . ..You should be charged just like anybody”, a user with the screen alias ‘Moremann’ wrote in an open message to SingNet, posted to the popular ‘soc.cul.singapore’ forum. Other outraged users compared the scan to unnecessary surgery. Many threatened to cancel their SingNet accounts. SingNet, which ran the check with the help of law enforcement officials, insisted that it had not invaded users’ privacy. The company said it had merely checked users’ accounts for so-called ‘Trojan horse’
Computers & Security, Vol. 18, No. 4
programs that make computers more vulnerable to hackers. But SingTel twice apologized for its actions, through the media and mass E-mails to its 200 000 subscribers. It also suspended the security check. “We apologize unreservedly if we have caused you any undue alarm and also regret not having informed you before we embarked on our virus scanning”, Multimedia chief Paul Chong Singapore Telecom wrote in the E-mail apology. “Please be assured that we only had your best interests at heart when conducting the exercise”, Chong said. In an earlier report, a SingNet official likened the scan to “a policeman patrolling in cyberspace, checking if the ‘windows’ in your computer system are open.” But many Internet users rejected the analogy. “Can someone tell me ifit’s all right to peep into others’windows and, when caught, say it’s for the occupants’ sake?” an Internet user with the code name ‘Allstars’ wrote in soc.cul.singapore. SingNet has insisted that there was no invasion of privacy, as the scan could not read personal information but could only detect loopholes that could be used by hackers. The Telecommunications Authority of Singapore, which tightly regulates the industry, said SingNet had not violated any rules or regulations. SingNet’s operation came to light recently after 21year-old law student Anne Lee told police that her computer’s anti-hacking program had detected an invader. A check traced the probe to the city-state’s Home Affairs Ministry, which oversees law enforcement in Singapore and was helping SingNet with the security check.The check followed last month’s highly publicized arrests of two Singapore teenagers suspected of hacking into 17 SingNet customers’ accounts.
VPNs Build Momentum For the construction firm of Black &Veatch, the principal benefit of using IBM Global Network’s virtual private network (VPN) service for remote access can be simply stated: no more $200 overseas phone bills from foreign hotels.
“In some countries, hotels charge $5 to $6 per minute, so we could get a bill for $200 for a single night”, when engineers dialed home to check E-mail or to access financial or product information, says Jim Baird, inanager of networked systems at Black tci Veatch Solutions Group, the information technolo‘gy arm of the Kansas City, Mo.-based construction and engineering firm. Engineers can now make a local call to an IBM Global Network point of presence pretty much anywhere they travel overseas. They can then logon dnd communicate with corporate systems over the carrier’s 11’ backbone. The cost: 5 to 12 cents per minute. Better still,“We don’t have to pay the cost of caring lfor] and feeding a bunch of modems or remote access servers around the globe”, Baird says. “We’re paying a carrier to extend the boundaries of our IP network.” Black & Veatch is far from alone in perceiving the VPN’s potential as a remote access vehicle. “Interest in VPNs is very high because of the potential cost savings” , says Cherry-Rose Anderson, a research analyst at Gartner Group Inc. “Nearly 100% of the enterprises I talk to on a regular basis about remote access are looking at the role VPNs could play in their enterprise.” According to industry watchers, Black &Veatch, along with a handful of other bleeding-edge firms, is at least a couple of years ahead of the rest of corporate America when it comes to implementingVPNs. The basicVPN concept is to create a virtually private connection over a shared IP-based network medium: either the Internet or a service provider’s IP backbone. That’s accomplished by IP addressing -- which sets up a point-to-point flow between, say, a remote PC and a corporate VPN server - and by security mechanisms like user authentication and encryption.VPN cost cavings over a traditional remote access server or modem banks and dial-up lines range from 30% to 70X, depending on the type ofVPN equipment and service implementation used and where users are located, says Eric Zines, a senior consultant at Telrchoice Inc., a Dallas research firm.
289