- Email: [email protected]
Big hunt for software pirates
Computer Fraud & Security Bulletin
January 1994
returns are central to the IRS of the future, but the agency must give enough thought to systems risks. Most fraudulent electronically filed returns involve the Earned Income Tax Credit.
Stolen cheques cashed In Italy, a gang which specialized in cashing stolen cheques was stopped. It is estimated that the members of the gang have already cashed several hundred million lire. Their method used a pack of approximately 4000 blank cheques from a branch of the Banca Nazionale del Lavoro, which had been raided some time before. and a telephone interception system. The defrauders went to cash cheques in various external banks giving details of the bank where they held their accounts in another town. When the bank clerk contacted the supposed bank of issue to obtain authorization for the release of funds, it was not the voice of the real clerk of that branch who answered, but an accomplice who gave the placet for payment. This 'exchange' was possible because' from SIP's open. public telephone boxes. situated on the roadside, the defrauders were able to apply a deviator to the cables leading to the banks which would have given the authorization; a deviator, once activated, passed all telephone traffic to a mobile phone transmitter. Silvano Ongetta
SOFTWARE PIRACY NEWS Fiat makes settlement with BSA Fiat has bought 30 000 software licences after the premises of La Stampa, an Italian newspaper owned by the company, were raided by the BSA. According to Computer Weekly, the BSA settled out of court, claiming that actions by the Italian Government have aided the
©1994 Elsevier Science Ltd
settlement. The BSA claims that software sales in Italy are up by 150% for the second quarter of 1993 to $60 million. Because of the nature of its settlement with the Fiat Group, the BSA refused to divulge details of what percentage of La Stampa software was pirated, or how much Fiat paid in the settlement.
Japan encouraged to protect software A delegation of US officials and company executives urged Japan to preserve global copyright standards for computer software and avoid widespread reverse engineering, as reported in The Journal of Commerce. It is easy to see why US companies should be concerned as they have 70% of the global packaged software market. Reverse engineering is the process by which manufacturers take a product apart to discover how it works. Presently, reverse engineering is allowed in the USA and Europe under certain conditions, most commonly interoperability when a company wants to write software that links with another company's software and needs to know enough about its code to link the two. It seems that Japanese proposals do not include the same protection to prevent competitors from copying the code of the other program. Apparently, what Japan is considering threatens to undermine the spirit of the US-Japan economic framework agreement. The Americans are most concerned about decompilation, personal software copying and the distribution of tools used to break software protection devices. Japan is considering legislation that would allow companies to decode - or decompile - the software and have free access to its detailed written code. US officials fear this would allow competitors to easily copy and manipulate the code so that it is no longer recognizable but performs in the same way.
Big hunt for software pirates It was the specialist shops and the 'exchange' clubs which paid the price for the
3
Computer Fraud & SecurityBulletin
biggest battle against software piracy ever to be conducted in Italy, with the seizure of 240 000 floppy disks in Florence and the arrest of eight people. Most of all, video games were seized, but also 40 000 floppy disks containing operating systems, database and graphics applications, it has been reported in 1/ Sole 24 Ore. In the last few years, the police force has seized copied software but in small amounts sold on market stalls. This time matters were different with an actual organization which copied and circulated programs on a large scale falling into the net. According to investigators, the network distributed its disks by post and through the myriad of magazines dedicated to videomania (the world of video game fanatics in Italy alone has at least 20 000 clubs). The suspicions of the association of major producers, the BSA, do have foundations: the number of floppy disks seized - "Enough to fill a truck", they say - point to an organization with both financial and computer means. The other piece of good news is that investigators have at their disposal a new and more precise weapon: a law for the protection of software, in force since December 1992. A long-awaited measure and as yet still not often applied, but which is beginning to offer some results. For the Software Publishers Association, the software market rose significantly in the first four months of 1993 compared with last year, more than likely attributable to the users' rush to operate according to the law. Silvano Ongetta
January 1994
by an unauthorized system 'cracker', who obtained high-level access to the system. The system was forced to shut down for three days in late October and other Internet-connected networks may have been affected. The intruder stole the secret passwords of Panix users who were using the service to connect to other networks. The Computer Emergency Response Team logs three to four security breaches every day and this year a 50% increase is expected over the 773 incidents reported last year. As businesses rarely report break-ins, experts estimate that only 15% of breaches are reported to the authorities. Crackers probe for weaknesses in a network's operating system. Once a loophole is found, the news is spread in underground publications, at cracker conventions, and on computer bulletin boards. Specially designed programs that exploit these defects and search for crucial information are distributed in the same way. Security-conscious companies with sensitive information tied to the Internet, usually try to build a 'firewall', a combination of hardware and software measures that make cracking much more difficult. Commercial online services are particularly at risk because they offer gateways to the Internet - essentially doors that open periodically to allow electronic mail to pass both ways. Since the Internet is not closely governed, but rather operated as a loose confederation of its users, security measures are difficult to implement.
DATA PRIVACY NEWS Information security not taken seriously
HACKING NEWS Computer 'cracking' increases It has been reported in the Wall Street Journal that public Access Network Corp, a commercial service known as Panix that sells its customers access to the Internet, was penetrated
4
Breaches of information security may cost UK companies an estimated £1 billion a year, but executives are still not viewing the issue with the seriousness it deserves, according to a Mori poll. The poll, commissioned by the UK Department of Trade and Industry and ICL
©1994 Elsevier Science Ltd
January 1994
returns are central to the IRS of the future, but the agency must give enough thought to systems risks. Most fraudulent electronically filed returns involve the Earned Income Tax Credit.
Stolen cheques cashed In Italy, a gang which specialized in cashing stolen cheques was stopped. It is estimated that the members of the gang have already cashed several hundred million lire. Their method used a pack of approximately 4000 blank cheques from a branch of the Banca Nazionale del Lavoro, which had been raided some time before. and a telephone interception system. The defrauders went to cash cheques in various external banks giving details of the bank where they held their accounts in another town. When the bank clerk contacted the supposed bank of issue to obtain authorization for the release of funds, it was not the voice of the real clerk of that branch who answered, but an accomplice who gave the placet for payment. This 'exchange' was possible because' from SIP's open. public telephone boxes. situated on the roadside, the defrauders were able to apply a deviator to the cables leading to the banks which would have given the authorization; a deviator, once activated, passed all telephone traffic to a mobile phone transmitter. Silvano Ongetta
SOFTWARE PIRACY NEWS Fiat makes settlement with BSA Fiat has bought 30 000 software licences after the premises of La Stampa, an Italian newspaper owned by the company, were raided by the BSA. According to Computer Weekly, the BSA settled out of court, claiming that actions by the Italian Government have aided the
©1994 Elsevier Science Ltd
settlement. The BSA claims that software sales in Italy are up by 150% for the second quarter of 1993 to $60 million. Because of the nature of its settlement with the Fiat Group, the BSA refused to divulge details of what percentage of La Stampa software was pirated, or how much Fiat paid in the settlement.
Japan encouraged to protect software A delegation of US officials and company executives urged Japan to preserve global copyright standards for computer software and avoid widespread reverse engineering, as reported in The Journal of Commerce. It is easy to see why US companies should be concerned as they have 70% of the global packaged software market. Reverse engineering is the process by which manufacturers take a product apart to discover how it works. Presently, reverse engineering is allowed in the USA and Europe under certain conditions, most commonly interoperability when a company wants to write software that links with another company's software and needs to know enough about its code to link the two. It seems that Japanese proposals do not include the same protection to prevent competitors from copying the code of the other program. Apparently, what Japan is considering threatens to undermine the spirit of the US-Japan economic framework agreement. The Americans are most concerned about decompilation, personal software copying and the distribution of tools used to break software protection devices. Japan is considering legislation that would allow companies to decode - or decompile - the software and have free access to its detailed written code. US officials fear this would allow competitors to easily copy and manipulate the code so that it is no longer recognizable but performs in the same way.
Big hunt for software pirates It was the specialist shops and the 'exchange' clubs which paid the price for the
3
Computer Fraud & SecurityBulletin
biggest battle against software piracy ever to be conducted in Italy, with the seizure of 240 000 floppy disks in Florence and the arrest of eight people. Most of all, video games were seized, but also 40 000 floppy disks containing operating systems, database and graphics applications, it has been reported in 1/ Sole 24 Ore. In the last few years, the police force has seized copied software but in small amounts sold on market stalls. This time matters were different with an actual organization which copied and circulated programs on a large scale falling into the net. According to investigators, the network distributed its disks by post and through the myriad of magazines dedicated to videomania (the world of video game fanatics in Italy alone has at least 20 000 clubs). The suspicions of the association of major producers, the BSA, do have foundations: the number of floppy disks seized - "Enough to fill a truck", they say - point to an organization with both financial and computer means. The other piece of good news is that investigators have at their disposal a new and more precise weapon: a law for the protection of software, in force since December 1992. A long-awaited measure and as yet still not often applied, but which is beginning to offer some results. For the Software Publishers Association, the software market rose significantly in the first four months of 1993 compared with last year, more than likely attributable to the users' rush to operate according to the law. Silvano Ongetta
January 1994
by an unauthorized system 'cracker', who obtained high-level access to the system. The system was forced to shut down for three days in late October and other Internet-connected networks may have been affected. The intruder stole the secret passwords of Panix users who were using the service to connect to other networks. The Computer Emergency Response Team logs three to four security breaches every day and this year a 50% increase is expected over the 773 incidents reported last year. As businesses rarely report break-ins, experts estimate that only 15% of breaches are reported to the authorities. Crackers probe for weaknesses in a network's operating system. Once a loophole is found, the news is spread in underground publications, at cracker conventions, and on computer bulletin boards. Specially designed programs that exploit these defects and search for crucial information are distributed in the same way. Security-conscious companies with sensitive information tied to the Internet, usually try to build a 'firewall', a combination of hardware and software measures that make cracking much more difficult. Commercial online services are particularly at risk because they offer gateways to the Internet - essentially doors that open periodically to allow electronic mail to pass both ways. Since the Internet is not closely governed, but rather operated as a loose confederation of its users, security measures are difficult to implement.
DATA PRIVACY NEWS Information security not taken seriously
HACKING NEWS Computer 'cracking' increases It has been reported in the Wall Street Journal that public Access Network Corp, a commercial service known as Panix that sells its customers access to the Internet, was penetrated
4
Breaches of information security may cost UK companies an estimated £1 billion a year, but executives are still not viewing the issue with the seriousness it deserves, according to a Mori poll. The poll, commissioned by the UK Department of Trade and Industry and ICL
©1994 Elsevier Science Ltd