- Email: [email protected]
Mystery ‘virus’ bugged budget
Computers & Security, 14 (1995) 117-l 21
Abstracts of Recent Articles and Literature Helen Collinson
Mystery ‘virus’ bugged budget,jon&zon Ferguson.A computer virus in the federal budget almost brought catastrophe to the computer systems of Canada’s banks, investment dealers and accounting firms. The bug was detected in the electronic version of the budget less than an hour before 5200 diskettes were to be shipped out to the major financial institutions on budget day. The Royal Canadian Mounted Police (RCMP) and government officials are investigating how the virus found its way onto the master budget disks. The finance department had screened the disk twice and found no evidence of a virus. At 6 am on budget day, the department handed over the master disks to mediaLand to make the 5200 duplicates that were to be transported across the country at 7 am. As a last-minute precaution, mediaLand used an advanced anti-virus scanner to check the department’s master disk. It was at this point that the virus was detected. The virus found in the master budget disks attacks the crucial ‘boot sectors’. From there it destroys the file allocations tables (FATS), that computer operators use to locate and access the various files in the FATS. The virus moves around the FAT table so that the computer doesn’t know where it is. It then could begin breaking up the files. Toronto Star, ,Zilarch 2 I, 1995. Motorola, MOBIUS pact aims at halting hackers. Two Canadian companies are thinking ahead to the day when users of the information superhighway will need protection from ‘bandits’. Motorola Canada Ltd Advanced Radiodata Research Centre and MOBIUS Encryption Technologies have joined forces to design
0167-4048/95/$9.50
0 1995, Elsevier Science Ltd
the software and hardware modules needed for a wireless information security solution. “The ultimate goal is to provide information security that extends from Motorola’s wireless DataTAC communication devices all the way to the desktop computer,” said Philip Deck, president of MOBIUS. Toronto Stnr, Mad1 14, 199.5. Hacker alerts Intuit to problems with its US tax filing system, Jim Carlton. In the UniGed States, a hacker notified Menlo Park, Califo;nia-based Intuit that he had hacked into an Intuit database containing hundreds of electronically filed tax returns. The hacker, reported to be a computer scientist whose identity Intuit would not reveal, who could peruse through as many tax returns as he wanted and even alter some, chosr instead to inform Intuit of the security weakness. The company immediately plugged the gap by closing access to the tax return databank. The breach affected only returns filed via Intuit’s MacInTax program on Macintosh computers. The breach was possible despite rigorous tests carried out by Intuit. The hacker discovered Intuit’s problem after he devis,ed his own method for transferring his MacInTax return ti-om his computer to Intuit’s host computer. MacInTax users are supposed to follow directions on their progr,lm for sending a return by modem lines to the main computer in Green Bay, Wisconsin.The hacker did so by extracting a password and login identification hidden in MacInTax for Intuit troubleshooting. Once he had the password and login the hacker used a separate software program to tap into a databank where he could view up to 300 returns which were filed in temporary storage pending
117
Abstracts of Recent Articles and Literature Helen Collinson
Mystery ‘virus’ bugged budget,jon&zon Ferguson.A computer virus in the federal budget almost brought catastrophe to the computer systems of Canada’s banks, investment dealers and accounting firms. The bug was detected in the electronic version of the budget less than an hour before 5200 diskettes were to be shipped out to the major financial institutions on budget day. The Royal Canadian Mounted Police (RCMP) and government officials are investigating how the virus found its way onto the master budget disks. The finance department had screened the disk twice and found no evidence of a virus. At 6 am on budget day, the department handed over the master disks to mediaLand to make the 5200 duplicates that were to be transported across the country at 7 am. As a last-minute precaution, mediaLand used an advanced anti-virus scanner to check the department’s master disk. It was at this point that the virus was detected. The virus found in the master budget disks attacks the crucial ‘boot sectors’. From there it destroys the file allocations tables (FATS), that computer operators use to locate and access the various files in the FATS. The virus moves around the FAT table so that the computer doesn’t know where it is. It then could begin breaking up the files. Toronto Star, ,Zilarch 2 I, 1995. Motorola, MOBIUS pact aims at halting hackers. Two Canadian companies are thinking ahead to the day when users of the information superhighway will need protection from ‘bandits’. Motorola Canada Ltd Advanced Radiodata Research Centre and MOBIUS Encryption Technologies have joined forces to design
0167-4048/95/$9.50
0 1995, Elsevier Science Ltd
the software and hardware modules needed for a wireless information security solution. “The ultimate goal is to provide information security that extends from Motorola’s wireless DataTAC communication devices all the way to the desktop computer,” said Philip Deck, president of MOBIUS. Toronto Stnr, Mad1 14, 199.5. Hacker alerts Intuit to problems with its US tax filing system, Jim Carlton. In the UniGed States, a hacker notified Menlo Park, Califo;nia-based Intuit that he had hacked into an Intuit database containing hundreds of electronically filed tax returns. The hacker, reported to be a computer scientist whose identity Intuit would not reveal, who could peruse through as many tax returns as he wanted and even alter some, chosr instead to inform Intuit of the security weakness. The company immediately plugged the gap by closing access to the tax return databank. The breach affected only returns filed via Intuit’s MacInTax program on Macintosh computers. The breach was possible despite rigorous tests carried out by Intuit. The hacker discovered Intuit’s problem after he devis,ed his own method for transferring his MacInTax return ti-om his computer to Intuit’s host computer. MacInTax users are supposed to follow directions on their progr,lm for sending a return by modem lines to the main computer in Green Bay, Wisconsin.The hacker did so by extracting a password and login identification hidden in MacInTax for Intuit troubleshooting. Once he had the password and login the hacker used a separate software program to tap into a databank where he could view up to 300 returns which were filed in temporary storage pending
117