- Email: [email protected]
China arrests first online bank robbers
Network Security
November
China arrests first online bank robbers Simple lessons are the hardest to learn Over a period of two weeks in September, a hacker or hackers searched undetected heavy-equipment through maker Caterpillar’s network. According to a report in PCWeek, the break-in had nothing to do with sophisticated hacker techniques, but relied on an out of date administrator’s account that was never deleted and poor password protection. The unknown hacker was able to spend a total of 24 hours over the two-week period searching through servers and workstations at six of the company’s sites. Entry was gained through an outdated administrator’s account and a dial-up server. It is unlikely the hacker would have been able to gain access to the network had managers thought to disable the account. The company also failed to make sure that all the servers had passwords which were difficult to crack. The Caterpillar attacks are under investigation by the FBI, specialists from security PricewaterhouseCoopers and an internal security team. The hacker accessed and altered several workstations and servers as well as accessing root privileges on several Unix servers as a result of the weak passwords. Log files and system clocks were changed to hide the intrusion, and investigators believe password files were copied so the hacker could return in the future.
2
In the first case of its kind to come out of China, officials have arrested suspected online bank robbers. Two brothers had allegedly hacked into a bank network system and stolen 260 000 yuan ($31 000). The crime was reported in the eastern province of Jiangsu, according to the 6efiing Youfb Dai/y newspaper. One of the perpetrators was an accountant at the Zhenjiang Industrial and Commercial Bank working on the bank’s computer network. He and his brother broke through the ceiling of a rural branch of the bank and placed a remote control access into a computer terminal. They were then able to create false accounts and then electronically wire 720 000 yuan ($86 000) into false bank accounts and then withdrew 260 000 yuan from different branches of the bank. They were caught a month later after police had traced the number of a pager account which had been closed on the night of the robbery. The newspaper report said that China’s computer networks have been attacked by over 200 hackers in the past couple of years and attributes this to the growth of the Internet.
Roy Szweda
Untrusted Scripted Paste in Internet Explorer 4.01 The ‘Untrusted Scripted Paste’ problem Involves a vulnerability in Microsoft’s Internet Explorer that could allow a malicious hacker to circumvent certain Internet Explorer security safeguards (CERT Bulletin VB-98.12). This
7 998
vulnerability makes it possible for a malicious Web site operator to read the contents of a file on the user’s computer if the hacker knows the exact name and path of the targeted file. This could be exploited to allow someone to view the contents of a file on a network provided the direct path name is known to the hacker. The problem arises because a script is able to use the Document ExecCommand function to paste a filename into the file upload intrinsic control, which should only be possible by explicit user action. Consequently, a subsequent form submission could send the file to a remote Web site without the user’s knowledge if the user has disabled the default warning that is displayed when submitting unencrypted forms, The vulnerable software versions are: Microsoft Internet Explorer 4.01 and 4.01 SPl on Windows NT 4.0 and Windows 95; Microsoft Windows 98, with integrated Internet Explorer; and Microsoft Internet Explorer 4.01 for Windows 3.1 and Windows NT 3.51. This problem could also affect software that uses HTML functionality provided by Internet Explorer. Microsoft strongly recommends that users that have affected software installed on their systems should download and install the patch available from http:// www.Microsoft.com/ie/securityl paste.htm as soon as possible. Also, there are additional actions that can be taken to ensure safe computing. If the user has disabled the default warning that is displayed when submitting unencrypted forms, re-enabling this feature can provide additional protection. Users who cannot apply the patch immediately can disable Active
0 1998 Elsevier Science Ltd
November
China arrests first online bank robbers Simple lessons are the hardest to learn Over a period of two weeks in September, a hacker or hackers searched undetected heavy-equipment through maker Caterpillar’s network. According to a report in PCWeek, the break-in had nothing to do with sophisticated hacker techniques, but relied on an out of date administrator’s account that was never deleted and poor password protection. The unknown hacker was able to spend a total of 24 hours over the two-week period searching through servers and workstations at six of the company’s sites. Entry was gained through an outdated administrator’s account and a dial-up server. It is unlikely the hacker would have been able to gain access to the network had managers thought to disable the account. The company also failed to make sure that all the servers had passwords which were difficult to crack. The Caterpillar attacks are under investigation by the FBI, specialists from security PricewaterhouseCoopers and an internal security team. The hacker accessed and altered several workstations and servers as well as accessing root privileges on several Unix servers as a result of the weak passwords. Log files and system clocks were changed to hide the intrusion, and investigators believe password files were copied so the hacker could return in the future.
2
In the first case of its kind to come out of China, officials have arrested suspected online bank robbers. Two brothers had allegedly hacked into a bank network system and stolen 260 000 yuan ($31 000). The crime was reported in the eastern province of Jiangsu, according to the 6efiing Youfb Dai/y newspaper. One of the perpetrators was an accountant at the Zhenjiang Industrial and Commercial Bank working on the bank’s computer network. He and his brother broke through the ceiling of a rural branch of the bank and placed a remote control access into a computer terminal. They were then able to create false accounts and then electronically wire 720 000 yuan ($86 000) into false bank accounts and then withdrew 260 000 yuan from different branches of the bank. They were caught a month later after police had traced the number of a pager account which had been closed on the night of the robbery. The newspaper report said that China’s computer networks have been attacked by over 200 hackers in the past couple of years and attributes this to the growth of the Internet.
Roy Szweda
Untrusted Scripted Paste in Internet Explorer 4.01 The ‘Untrusted Scripted Paste’ problem Involves a vulnerability in Microsoft’s Internet Explorer that could allow a malicious hacker to circumvent certain Internet Explorer security safeguards (CERT Bulletin VB-98.12). This
7 998
vulnerability makes it possible for a malicious Web site operator to read the contents of a file on the user’s computer if the hacker knows the exact name and path of the targeted file. This could be exploited to allow someone to view the contents of a file on a network provided the direct path name is known to the hacker. The problem arises because a script is able to use the Document ExecCommand function to paste a filename into the file upload intrinsic control, which should only be possible by explicit user action. Consequently, a subsequent form submission could send the file to a remote Web site without the user’s knowledge if the user has disabled the default warning that is displayed when submitting unencrypted forms, The vulnerable software versions are: Microsoft Internet Explorer 4.01 and 4.01 SPl on Windows NT 4.0 and Windows 95; Microsoft Windows 98, with integrated Internet Explorer; and Microsoft Internet Explorer 4.01 for Windows 3.1 and Windows NT 3.51. This problem could also affect software that uses HTML functionality provided by Internet Explorer. Microsoft strongly recommends that users that have affected software installed on their systems should download and install the patch available from http:// www.Microsoft.com/ie/securityl paste.htm as soon as possible. Also, there are additional actions that can be taken to ensure safe computing. If the user has disabled the default warning that is displayed when submitting unencrypted forms, re-enabling this feature can provide additional protection. Users who cannot apply the patch immediately can disable Active
0 1998 Elsevier Science Ltd