Vol 7. No 4. Page 4. MISCELLANEOUS BANK CASES
The Italian Police are chasing after an anonymous crook who robbed a Bank in Rome of over E500 000. The skill level required to pull off the scam suggests that the perpetrator must have been a computer expert. It is rumoured that he was able to access and change computerised authority tables and payment messages awaiting transmission. In New York, Robert Munoz, a civil rights activist and Chairman of the National Association of Hispanic Civil Rights, has been charged with attacking more than 70 Citibank cash machines with the magic weapon, superglue. The District Attorney for Manhattan brought charges of first degree grand larceny and second degree mischief. It is not known whether they will stick! Mr Munoz was motivated by Citibank's refusal to make grants to an area in the Bronx where NAHCR was based. According to the DA, Mr Munoz "attempted to instill fear in certain representatives at Citibank that he would damage property if his grant was not forthcoming". ATMs were also the victims of an attack by Guy Aseltine, a 23 year old Syracuse man. Mr Aseltine was accused along with one Jeffrey Woodward of bombing a Moneymatic ATM operated by the Marine Midland Bank at Chenango Plaza, Syracuse.
Accuacd uQ bambing
In sentencing Mr Aseltine, the Judge called him amoral and suggested that he was beyond reform. "He is dedicated to the proposition that it is easier to steal other peoples' money than to earn his own" said the Judge. This basic truth, incredible to honest people, is overwhelmingly obvious to any self-respecting member of the criminal fraternity. After the bomb attack, which did not open the ATM (possibly because it was already superglued!), Aseltine was covered in splinters of glass matching that from the scene of the crime. Thus his guilt was clear cut. In Dallas a number of residents who were forced at gunpoint to make ATM withdrawals are angry because the bank will not reimburse them for their losses. In a couple of cases, the robber called at the homes of women, raped them and then forced them to accompany him to the bank where under threat of further violence they were forced to withdraw funds from an ATM. One woman questioned why the banks could not have a duress button on all ATMs. This seems a good point to consider. The robber has not been identified.
BRITISH HACKED
HACKERS OFF
It's all a question of national pride. When the British press reports that "US Hacker shows Brits How its Done", the disgrace is simply too much. Attention has been focused on US hackers simply because their telephone system makes the perpetrators easy to trace. The Brits are much smarter, don't get caught, don't get the publicity but don't get the credit either. British hacking is flourishing. For the past 12 months, one of our researchers has infiltrated the inner sanctums of British Hacking and he reckons they are really @1985 Elsevier Science Publishers B.V. (Information & Business Division). Amsterdam. /84 / $0.00 + 2.20 No part of this publication may be reproduced. stored in a retrieval system, or transmitted by any form or by any means. electronic, mechanical. photocopying, recording or otherwise, without the prior permission of the publishers. (Readers in the U.S.A. - please see special regulations listed on back cover).
Vol 7. No 4. Page 5. smart. It takes real skill to climb into the Prestel account of HRH Prince Philip and to send messages from his account signed off as "HRH Hacker". Similarly when have the Yanks disrupted a television program like the British hackers did? Viewers may recall the famous BBC TV live demonstration of computer security when in real time the hackers filled up the screens of millions of British viewers with a mad hacker's poem.
Sqnemacy
And what did the US hacker do when he was flown across to the UK He simply got into a public bulletin board and found a few dial port numbers. Big deal, say the UK hackers, most of whom have full listings of the UADs on the PSS, Sercnet and other carriers. Dial ports are for the birds.
06 Blritihsh all expenses paid by the Daily Star?
ha&ma
Next month, the Bulletin will publish the result of our British hacking survey. Although US hackers are not ahead, American users seem to take In the UK there are very few users who security more seriously. protect their dialup lines with call back or filter out devices. In fact we are not aware of any device of these types in use in the One major hope for the future is UK. We wait to be contradicted. the keyed access erasable programmable read only chip (KEYPROM) being produced at low cost by Intel. Keyproms always work in pairs. The keyprom can be programmed to hold a password, lines of operating systems code (bootstrap loader etc) and it is slotted in to the computer to be protected. Much like a conventional lock it can be master keyed to operate with different partner keyproms. A partner keyprom is slotted into the authorised remote terminal. When access is required, one of the keyproms generates a 32 bit random binary number which is encrypted by a 64 bit key and sent down the line to its partner along with the random number in plain text. The receiving keyprom encrypts the random number and checks it aganst the encrypted signal from the sender. If the two encrypted numbers agree operations are reversed. If this double handshake agrees, the locks on the keyproms will be opened and operations are allowed to continue. It is reckoned that it would take a hacker 45 million years to break the codes by trial and error. Using an electron microscope to read the logic gates would be almost impossible.
BANK OF ENGLAND SECURITY GUIDELINES
Quite why the Bank of England and its accountants Deliotte Haskins and Sells decided to hold a press conference to announce the release of its guide "Security and Control in Computer and Telecommunication Systems" remains a mystery. While waiting for the conference to begin, attendees were issued with a 3 part report marked - ironically for a public release "Confidential". When the meeting began, Bank of England representatives introduced Geoffrey Smart, the main author of the report and Deliotte's partner specialising in computer security and audit. It was explained that the guide had been issued to all of Britain's banks and Licensed Deposit Takers. It was intended to draw the attention of managers who generally were 'not expert" to the hazards in computer systems and the steps that should be taken to reduce them. 0 1985 Elsevier Science Publishers No part of this
publication
B.V. (Information
may be reproduced.
stored
& Business
Division), Amsterdam.
in a retrieval
system,
or transmitted
means. electronic. mechanical. photocopying. recording or otherwise, without [Readers in the U.S.A. please see special regulations listed on back cover).
the prior
/&I / $0.~
+ 2.20
by any term permission
or by any
of the publishers