- Email: [email protected]
After the revolution
-6-
one-fingered and somewhat inebriated typist on unheaded paper. The newsletter does not suggest major revolutionary zeal or gross covert activity; many of the so-called members and supporters are shown by name and address, unusual for a covert group! Good insight
Not malicious
Screening
What is clear is that Crank has a very good insight into the operating systems of various computers. The bulletin states "at present we have about 20 members from the computer industry and students at schools and colleges etc. We are trying to get ourselves organized and have just started this monthly newsletter which carries information on computers to which we have access. Currently these number about thirty which we access via Date1 and networks and include IBM 360 and 370, ICL 1900 and 2900, CDC 6600 and 7600, Honeywell Sigma, HP2000, PDP 11 and DEC 10 and 20 and which are situated in Universities and in private companies. We also have access to some computers in the USA via a couple of networks". The newsletter continues "maybe you have read the articles in Computing some time ago on the subject of security of the DEC system 10. This computer is in fact our speciality since we were all brought up on it. For the past five years we have constantly been finding bugs in the TOPS 10 operating system which allow any user to access any file on the system including the protected accounting/password files. We have managed to obtain copies of these files from several installations including universities and companies including a large time sharing service in London whose "security has never been broken". Finally it states "One point I should stress is that we do not try anything malicious - we don't delete files etc., on those machines we get into. In fact we can be regarded as your friendly neighbourhood pirating association." Subversion from within is a controllable problem and it could be argued that computer users should take greater care in recruiting and motivating their e.d.p. staff. A new company has been created in the UK, covering e.d.p. operations in Europe, to assist employers in screening staff for sensitive data processing jobs. Job applicants are thoroughly screened for honesty and political and financial stability using advanced research techniques. For obvious reasons, the company does not advertise but further details can be obtained by contacting the editorial offices.
AFTER THE REVOLUTION
Little has been heard of computer crime in communist countries. Research by the Tavistock Institute and others suggests that in planned or controlled economies, people seek out and exploit a It is believed that under totalitarian hidden 'black' economy. regimes, crime and secondary economies run high.
Gang of three
Now,
in Vilnius, Lithuania, USSR, three women, including a cashier, working in a factory making electronic calculators have been imprisoned for between eight and fifteen years for defrauding their state employer of $140 000. Their scheme involved adding fictitious people to the payroll, claiming wages for them and then covering payroll cheques with their cashier co-consipirator: a simple input fraud.
COMPUTEB14'~~~&SECDBlTYBDLtgIlIQVol2 Nolo
E lse~!er
Sequoia
SA, Lausanne,
Swtzerland
-7-
US unfreezes Iranian funds?
A book keeping error credited an Iranian student's bank account in Rockville, Maryland with funds he was not entitled to. Noticing the error and not being slow to come forward, the student visited the bank on a Friday afternoon and made a substantial withdrawal. By Sunday, he had run short of cash and called on a friendly automatic teller machine (ATM) and withdrew a further $200. A second error worked in his favour. The control in the ATM system, which prevents the withdrawal of more than $200 in one day, was not working and the Iranian visisted other ATMs and just about drained them dry. Over the weekend he benefitted to the tune of $63 000. The Iranian was subsequently arrested and repaid the money: presumably from his student grant.
CONTINGENCY PLANNING TAKEN TOO FAR?
Comprehensive list
One of our readers wrote to complain about the incredible lengths his employer is going to to plan for contingencies. So far, plans have been prepared for: aircraft crashes: floods;
fires: air conditioning failure; electrical black outs and brown outs; strikes, pickets, protests and occupations; fraud; privacy infringements and the public relations aspects relating thereto; terrorism; emergency evacuations;
4'etanother
and now, he is being asked to write up how his employer should deal with the collapse of it major hardware vendor. Has it all gone too far? In our experience, companies are badly prepared for emergencies and over-reaction is not a common security problem. However, when an emergency occurs and a contingency plan is called upon, it may be too rigid to deal with the emergency.
Cmunents welcomed
THINGS BETTER
GO ON COKE
In coming editions we will look at contingency planning in depth and we would welcome comments from readers on their experience.
Four former employees of Coca Cola in Miami stand to appear before Dade County Circuit Court on a series of fraud and theft charges. The indictment alleges that Mike Jiminez, Chris Ienco and Mike Torres, who had worked in the company's computer department, colluded with a truck driver to defraud their employer of more than $500 000. The first symptom of the fraud was discovered in 1978 as part of a
LXscrepancies come to routine audit. Discrepancies in Coke's order entry and customer light billing routines came to light. Also noticed were significant variations in the truck driver's routing schedules. But before the audit could be finalised a fire broke out destroying print-outs and other records.
COMPUTEB~~@ID&SECUEITT~
Vol2 No 10
c’Elsev~er
Sequoia
SA. Lausanne,
Switzerland
one-fingered and somewhat inebriated typist on unheaded paper. The newsletter does not suggest major revolutionary zeal or gross covert activity; many of the so-called members and supporters are shown by name and address, unusual for a covert group! Good insight
Not malicious
Screening
What is clear is that Crank has a very good insight into the operating systems of various computers. The bulletin states "at present we have about 20 members from the computer industry and students at schools and colleges etc. We are trying to get ourselves organized and have just started this monthly newsletter which carries information on computers to which we have access. Currently these number about thirty which we access via Date1 and networks and include IBM 360 and 370, ICL 1900 and 2900, CDC 6600 and 7600, Honeywell Sigma, HP2000, PDP 11 and DEC 10 and 20 and which are situated in Universities and in private companies. We also have access to some computers in the USA via a couple of networks". The newsletter continues "maybe you have read the articles in Computing some time ago on the subject of security of the DEC system 10. This computer is in fact our speciality since we were all brought up on it. For the past five years we have constantly been finding bugs in the TOPS 10 operating system which allow any user to access any file on the system including the protected accounting/password files. We have managed to obtain copies of these files from several installations including universities and companies including a large time sharing service in London whose "security has never been broken". Finally it states "One point I should stress is that we do not try anything malicious - we don't delete files etc., on those machines we get into. In fact we can be regarded as your friendly neighbourhood pirating association." Subversion from within is a controllable problem and it could be argued that computer users should take greater care in recruiting and motivating their e.d.p. staff. A new company has been created in the UK, covering e.d.p. operations in Europe, to assist employers in screening staff for sensitive data processing jobs. Job applicants are thoroughly screened for honesty and political and financial stability using advanced research techniques. For obvious reasons, the company does not advertise but further details can be obtained by contacting the editorial offices.
AFTER THE REVOLUTION
Little has been heard of computer crime in communist countries. Research by the Tavistock Institute and others suggests that in planned or controlled economies, people seek out and exploit a It is believed that under totalitarian hidden 'black' economy. regimes, crime and secondary economies run high.
Gang of three
Now,
in Vilnius, Lithuania, USSR, three women, including a cashier, working in a factory making electronic calculators have been imprisoned for between eight and fifteen years for defrauding their state employer of $140 000. Their scheme involved adding fictitious people to the payroll, claiming wages for them and then covering payroll cheques with their cashier co-consipirator: a simple input fraud.
COMPUTEB14'~~~&SECDBlTYBDLtgIlIQVol2 Nolo
E lse~!er
Sequoia
SA, Lausanne,
Swtzerland
-7-
US unfreezes Iranian funds?
A book keeping error credited an Iranian student's bank account in Rockville, Maryland with funds he was not entitled to. Noticing the error and not being slow to come forward, the student visited the bank on a Friday afternoon and made a substantial withdrawal. By Sunday, he had run short of cash and called on a friendly automatic teller machine (ATM) and withdrew a further $200. A second error worked in his favour. The control in the ATM system, which prevents the withdrawal of more than $200 in one day, was not working and the Iranian visisted other ATMs and just about drained them dry. Over the weekend he benefitted to the tune of $63 000. The Iranian was subsequently arrested and repaid the money: presumably from his student grant.
CONTINGENCY PLANNING TAKEN TOO FAR?
Comprehensive list
One of our readers wrote to complain about the incredible lengths his employer is going to to plan for contingencies. So far, plans have been prepared for: aircraft crashes: floods;
fires: air conditioning failure; electrical black outs and brown outs; strikes, pickets, protests and occupations; fraud; privacy infringements and the public relations aspects relating thereto; terrorism; emergency evacuations;
4'etanother
and now, he is being asked to write up how his employer should deal with the collapse of it major hardware vendor. Has it all gone too far? In our experience, companies are badly prepared for emergencies and over-reaction is not a common security problem. However, when an emergency occurs and a contingency plan is called upon, it may be too rigid to deal with the emergency.
Cmunents welcomed
THINGS BETTER
GO ON COKE
In coming editions we will look at contingency planning in depth and we would welcome comments from readers on their experience.
Four former employees of Coca Cola in Miami stand to appear before Dade County Circuit Court on a series of fraud and theft charges. The indictment alleges that Mike Jiminez, Chris Ienco and Mike Torres, who had worked in the company's computer department, colluded with a truck driver to defraud their employer of more than $500 000. The first symptom of the fraud was discovered in 1978 as part of a
LXscrepancies come to routine audit. Discrepancies in Coke's order entry and customer light billing routines came to light. Also noticed were significant variations in the truck driver's routing schedules. But before the audit could be finalised a fire broke out destroying print-outs and other records.
COMPUTEB~~@ID&SECUEITT~
Vol2 No 10
c’Elsev~er
Sequoia
SA. Lausanne,
Switzerland