- Email: [email protected]
Japanese government acts on hacker attacks
March 2000 ISSN 1361-3723
“72% had suffered financial loss because of security breaches while only 32% reported the matter” see page 14
Editor: Sandy Nichol American Editor: CHARLES CRESSON WOOD Baseline Software, Sausalito, California, USA Australasian Editor: BILL J. CAELLI Queensland University of Technology, Australia European Editor: KEN WONG Insight Consulting, London, UK Editorial Advisors: Chris Amery, UK; Jan Eloff, South Africa; Hans Gliss, Germany; David Herson, UK; Les Lawrence, New South Wales, Australia; P.Kraaibeek, Germany; Wayne Madsen, Virginia, USA; Belden Menkus, Tennessee, USA; Bill Murray, Connecticut, USA; Silvano Ongetta, Italy; Donn B. Parker, California, USA; Peter Sommer, UK; Mark Tantam, UK; Peter Thingsted, Denmark; Hank Wolfe, New Zealand. Correspondents: Frank Rees, Melbourne, Australia; John Sterlicchi, California, USA; Paul Gannon, Brussels, Belgium. Editoral Office: Elsevier Advanced Technology, PO Box 150 Kidlington, Oxford OX5 1AS, UK Tel: +44-(0)1865-843645 Fax: +44-(0)1865-843971 E-mail: [email protected] Subscription Price for one year: (12 issues) US$617/1215NLG/£375 including first class airmail delivery subject to our prevailing exchange rate Price valid to end of 2000 Subscription Enquiries: Orders and Payments: For customers residing in the Americas (North, South and Central America) Elsevier Science Customer Support Department PO Box 945, New York NY 10010 USA Tel: (+1) 212-633-3730 [Toll free number for North American customers: 1888-4ES-INFO (437-4636)] Fax: (+1) 212-633-3680 E-mail: [email protected] For customers in the rest of the World: Elsevier Science Customer Support Department PO Box 211, 1000 AE Amsterdam, The Netherlands Tel: (+31) 20-3853757 Fax: (+31) 20-4853432 E-mail: [email protected] To order from our Web Site: Http://www.elsevier.nl/locate/compfraud
Publishers of Network Security Computers & Security Computer Fraud & Security Computer Law & Security Report Information Security Technical Report
Japanese government acts on hacker attacks Computer systems at Japan’s Science and Technology Agency (JSTA) have recently suffered two hacker attacks — only days after Japanese officials had determined to bring the country’s computer systems up to US security standards by 2003. Using the name ‘Br p00 hackerz’, the hackers replaced the JSTA home page with obscene messages insulting the Japanese. This was the first successful hacking of a Japanese government computer system to be reported. Forty-eight hours after the first attack, the site was attacked again by an intruder using the name ‘ch1n4’. Several hours later yet another hacker, ‘Miracle’, also breached defences at the Management and Co-ordination Agency’s Statistics Bureau. The hackers, in both of these cases, placed messages attacking Japan over the 1937 Nanjing massacre, and added a link to adult sites. In addition, important data, including the population census, was erased from the Statistics Bureau site. A spokesperson from the Japanese government said that an extensive investigation would be conducted, and that the government might ask for help from the US, which was more advanced in dealing with such incidents. In response to these unauthorized entries, a
government council on information security has decided to create a special organization aimed at preventing a recurrence of such attacks. Although the new organization does not yet have a name, it is expected that participants will include the JSTA, the Management and Coordination Agency, the Ministry of Posts and Telecommunications, the Ministry of International Trade and Industry and the National Police Agency. The Ministry of Posts and Telecommunications has established a committee of industry bodies that will investigate the attacks against ISP sites and compile administrative and technical counter measures. The result of the investigation and suggested changes to the running and operation of the sites will be submitted to the ministry. The association will also examine technologies for tracking down hackers. The ministry will use the report and list of counter measures as the basis of a revised network security/reliability standard.
Contents Hacking News Japanese government acts on hacker attacks 1
Virus News Virus attacks cost more than $12 billion in 1999 Taiwan prepared for electronics warfare
2 2
Market News Security is overlooked when outsourcing Web site design Italy to introduce legally binding digital signature UK companies leave security to chance
2 3 3
Product News Encrypt and authenticate E-mail Avoid the cost of fraud
3 3
Reports New dot.com bank has security problems 4 Microsoft Windows 2000 patch 4 Mitnick out of prison tries to justify actions 5
Product Review McAfee Office 2000 Pro: McAfee Utilities
6
Web Review If you haven’t read the book…
7
Tales From The Crypt The Changing Face of International Cryptography Policy: Part 10 — SOG-IS and the EU Infosec Programme 8
Features One View of the 21st Century Trading on Air
10 14
Information Warfare Crackers and Phreakers Conduct Better Coherent Knowledge-based Operations Than Most Companies 16
ShockwaveWriter The Criminal Justice Systems Today 18
Events
20
“72% had suffered financial loss because of security breaches while only 32% reported the matter” see page 14
Editor: Sandy Nichol American Editor: CHARLES CRESSON WOOD Baseline Software, Sausalito, California, USA Australasian Editor: BILL J. CAELLI Queensland University of Technology, Australia European Editor: KEN WONG Insight Consulting, London, UK Editorial Advisors: Chris Amery, UK; Jan Eloff, South Africa; Hans Gliss, Germany; David Herson, UK; Les Lawrence, New South Wales, Australia; P.Kraaibeek, Germany; Wayne Madsen, Virginia, USA; Belden Menkus, Tennessee, USA; Bill Murray, Connecticut, USA; Silvano Ongetta, Italy; Donn B. Parker, California, USA; Peter Sommer, UK; Mark Tantam, UK; Peter Thingsted, Denmark; Hank Wolfe, New Zealand. Correspondents: Frank Rees, Melbourne, Australia; John Sterlicchi, California, USA; Paul Gannon, Brussels, Belgium. Editoral Office: Elsevier Advanced Technology, PO Box 150 Kidlington, Oxford OX5 1AS, UK Tel: +44-(0)1865-843645 Fax: +44-(0)1865-843971 E-mail: [email protected] Subscription Price for one year: (12 issues) US$617/1215NLG/£375 including first class airmail delivery subject to our prevailing exchange rate Price valid to end of 2000 Subscription Enquiries: Orders and Payments: For customers residing in the Americas (North, South and Central America) Elsevier Science Customer Support Department PO Box 945, New York NY 10010 USA Tel: (+1) 212-633-3730 [Toll free number for North American customers: 1888-4ES-INFO (437-4636)] Fax: (+1) 212-633-3680 E-mail: [email protected] For customers in the rest of the World: Elsevier Science Customer Support Department PO Box 211, 1000 AE Amsterdam, The Netherlands Tel: (+31) 20-3853757 Fax: (+31) 20-4853432 E-mail: [email protected] To order from our Web Site: Http://www.elsevier.nl/locate/compfraud
Publishers of Network Security Computers & Security Computer Fraud & Security Computer Law & Security Report Information Security Technical Report
Japanese government acts on hacker attacks Computer systems at Japan’s Science and Technology Agency (JSTA) have recently suffered two hacker attacks — only days after Japanese officials had determined to bring the country’s computer systems up to US security standards by 2003. Using the name ‘Br p00 hackerz’, the hackers replaced the JSTA home page with obscene messages insulting the Japanese. This was the first successful hacking of a Japanese government computer system to be reported. Forty-eight hours after the first attack, the site was attacked again by an intruder using the name ‘ch1n4’. Several hours later yet another hacker, ‘Miracle’, also breached defences at the Management and Co-ordination Agency’s Statistics Bureau. The hackers, in both of these cases, placed messages attacking Japan over the 1937 Nanjing massacre, and added a link to adult sites. In addition, important data, including the population census, was erased from the Statistics Bureau site. A spokesperson from the Japanese government said that an extensive investigation would be conducted, and that the government might ask for help from the US, which was more advanced in dealing with such incidents. In response to these unauthorized entries, a
government council on information security has decided to create a special organization aimed at preventing a recurrence of such attacks. Although the new organization does not yet have a name, it is expected that participants will include the JSTA, the Management and Coordination Agency, the Ministry of Posts and Telecommunications, the Ministry of International Trade and Industry and the National Police Agency. The Ministry of Posts and Telecommunications has established a committee of industry bodies that will investigate the attacks against ISP sites and compile administrative and technical counter measures. The result of the investigation and suggested changes to the running and operation of the sites will be submitted to the ministry. The association will also examine technologies for tracking down hackers. The ministry will use the report and list of counter measures as the basis of a revised network security/reliability standard.
Contents Hacking News Japanese government acts on hacker attacks 1
Virus News Virus attacks cost more than $12 billion in 1999 Taiwan prepared for electronics warfare
2 2
Market News Security is overlooked when outsourcing Web site design Italy to introduce legally binding digital signature UK companies leave security to chance
2 3 3
Product News Encrypt and authenticate E-mail Avoid the cost of fraud
3 3
Reports New dot.com bank has security problems 4 Microsoft Windows 2000 patch 4 Mitnick out of prison tries to justify actions 5
Product Review McAfee Office 2000 Pro: McAfee Utilities
6
Web Review If you haven’t read the book…
7
Tales From The Crypt The Changing Face of International Cryptography Policy: Part 10 — SOG-IS and the EU Infosec Programme 8
Features One View of the 21st Century Trading on Air
10 14
Information Warfare Crackers and Phreakers Conduct Better Coherent Knowledge-based Operations Than Most Companies 16
ShockwaveWriter The Criminal Justice Systems Today 18
Events
20