- Email: [email protected]
Dutch police form specialized fraud squad
January 199 7
Computer Fraud & Security Bulletin
so far distrlbuted 11 000 copies of anti-virus software.
between RCMP inspections in departments is now projected at seven or eight years. This is clearly unsatisfactory.”
Viruses
are also no respecters
of rank.
Witness the experience of the Hongkong Government’s Information Service which
Senior departmental
managers have also
recently distributed to the press floppy disks containing copies of the annual address to the Legislative Council by the Governor, Sir David
not lived up to their responsibilities in keeping a tight rein on security, Dye claimed. Only two of the 13 departments audited had the necessary framework in place to conduct a security review.
Wilson. When data processors at the newspaper offices tried to convert We file formats, they began to notice some strange effects. it appears the the disks had been infected by the Marijuana
Even the RCMP was cited for poor security in its massive Canadian Police information Centre (CPIC). Dye reported that there are no passwords or ID numbers needed to get into the
virus, which displays the message ‘Your PC is now Stoned!‘, on the screen.
CPIC.
in the US, the Department of Commerce has formed an anti-virus consortium which will operate out of the National instituteof Standards & Technology section of the DoC. The consortium has backing from leading computer manufacturers, and will conduct research on known viruses and provide users with informationon how to combat the problem.
Canadian Government criticized over computer security The Canadian Auditor General, Ken Dye, has sharply criticized the Canadian Federal Government for its “negligent”attitude towards computer security and disaster planning. Dye’s auditors reviewed the security systems of 13 departments and agencies, and found that many security tffreats have already made themselves felt. In the first quarter of 1990, there were 21 reported incidents of different viruses affecting several hundred government computers, and the RCMP have so far recorded 11 incidents of illegal access to federal computers.
The government spent over C$400 million last year in buying new computer hardware and now has over 80 000 computers in use, roughly one for every three public servants. But over the same period, the RCMP has only hired one extra inspector to monitor computer security. “They’re simply not prepared,” said Dye. “I think they are leaving themselves wide open. The interval
4
Dutch police form specialized fraud squad The Netherlands has set up a specialist team of detectives to combat the increasing incidence of computer fraud. The team consists of 18 detectives, split into three regional groups based in Amsterdam, the Hague and Nijmegen. They will be giving specialized help to local forces investigating computer-related crimes, in particular those involving fraud and hacking. The pilot scheme will run for 18 months and will cost the Minister of Justice Dfl 13 million (about $8.5 million). This is in addition to the Dfl 360 000 already being spent to train detectives in different operating systems, programming languages and specialized computer investigation techniques. However Frederik van Gulik, the officer in charge of the Nijmegen office, has already said that the scheme is understaffed, given the scale of the problem. The Dutch police also want changes in the law to allow them to tap data communication. A practice which is currently outlawed by Dutch judges. Police in the Netherlands recently succeeded in exposing a major fraud involving claims for EC agricultural import and export subsidies. A business selling agricultural equipment hacked into the Dutch customs system, and examined programmes which dealt
01991
Elsevier Science Publishers Ltd
January
Computer Fraud 8 Security Bulletin
199 1
wlth substdy appllcatlons. By avoldlng the type of subsidy which is given manual inspection, they were able to set up a long running fraud.
Computerized army inventory ‘leaks’ weaponry worldwide It appears that the US Army’s worldwide computerized inventory control system has been leaking weapons and explosives for years. The losses due to theft alone just since 1984 amount to tens of millions of dollars of explosives and weapons. At issue are such things as grenades, anti-aircraft shells, land mines, howitzer rounds, cluster and fragmentation bombs, bullets, and anti-tank rockets. Large quantities of the latter, which are capable of piercing armour and blowing up buildings and military tanks, have been discovered since 1984 in Philadelphia, New York City, and Detroit. In addition, US Army explosives losses have included tons of such things as military TNT and the plastic explosive C4, which sometimes is called the terrorist’s favourite. Four ounces of C4, which costs the US Government $1.20, is sufficient to destroy an airliner. The US Army computerized inventory accounting records are reportedly in such a state that it does not know the full extent or value of its losses of weapons and explosives. In many instances the materials have been stolen by US soldiers or local civilian employees and have been sold to international drug dealers, hate groups, mercenaries, and terrorists. Between 1984 and 1990 weapons and explosives stolen from the US Army were responsible for the deaths of 13 people, the wounding of 165 individuals, and some $1.6 million in damage. Be/den Menkus
Australian police force discover missing software Australian detectives have been embarrassed by the discovery of deception
01991
Elsevier Science Publishers Ltd
wlthin their own ranks, according to a recent report in Computer Weekly. Police in Queensland had asked ICL if it could supply high security database software which could rapidly search records of such things as bank accounts, vehicle registration, newspaper articles and letters. ICL replied that it had exactly the right package - Indepol, costing about f200 000 and that the Queensland police were already licensed users of the software, much to the surprise of the police. After an extensive search, detectives found the lndepol software in its original packaging in a basement under the former Brisbane police headquarters. It had been lying there unused for five years. ICL has commented that the software, “Is in need of an upgrade”, and is considering supplying the latest version to the police at no extra cost. Police minister Terence Mackenroth says he is, “Astounded and appalled” that the software has, “sat rotting away in a basement”. He suspects that it could have been hidden by corrupt insiders who did not want the force doing extensive intelligence gathering. Various senior police officers and government officials in Australia have been asked whether they were involved in the purchase of the lndepol system. All have denied any knowledge of it.
Marketplace California-based Demax Software has launched The Demav Security Policy Guide, which provides DEC users with a methodology for assessing any VAX/VMS site for its security levels, and for producing a framework to build and maintain a consistent security policy. Free copies of this 40 page guide are available from Demax on +l 800 283 3629. Datashield has announced that it is incorporating expert system techniques in its Disaster Plan/90 software. DP/90 is a PC-based contingency planning module which provides a knowledge base of expert information. It takes users through the different stages of creating a
Computer Fraud & Security Bulletin
so far distrlbuted 11 000 copies of anti-virus software.
between RCMP inspections in departments is now projected at seven or eight years. This is clearly unsatisfactory.”
Viruses
are also no respecters
of rank.
Witness the experience of the Hongkong Government’s Information Service which
Senior departmental
managers have also
recently distributed to the press floppy disks containing copies of the annual address to the Legislative Council by the Governor, Sir David
not lived up to their responsibilities in keeping a tight rein on security, Dye claimed. Only two of the 13 departments audited had the necessary framework in place to conduct a security review.
Wilson. When data processors at the newspaper offices tried to convert We file formats, they began to notice some strange effects. it appears the the disks had been infected by the Marijuana
Even the RCMP was cited for poor security in its massive Canadian Police information Centre (CPIC). Dye reported that there are no passwords or ID numbers needed to get into the
virus, which displays the message ‘Your PC is now Stoned!‘, on the screen.
CPIC.
in the US, the Department of Commerce has formed an anti-virus consortium which will operate out of the National instituteof Standards & Technology section of the DoC. The consortium has backing from leading computer manufacturers, and will conduct research on known viruses and provide users with informationon how to combat the problem.
Canadian Government criticized over computer security The Canadian Auditor General, Ken Dye, has sharply criticized the Canadian Federal Government for its “negligent”attitude towards computer security and disaster planning. Dye’s auditors reviewed the security systems of 13 departments and agencies, and found that many security tffreats have already made themselves felt. In the first quarter of 1990, there were 21 reported incidents of different viruses affecting several hundred government computers, and the RCMP have so far recorded 11 incidents of illegal access to federal computers.
The government spent over C$400 million last year in buying new computer hardware and now has over 80 000 computers in use, roughly one for every three public servants. But over the same period, the RCMP has only hired one extra inspector to monitor computer security. “They’re simply not prepared,” said Dye. “I think they are leaving themselves wide open. The interval
4
Dutch police form specialized fraud squad The Netherlands has set up a specialist team of detectives to combat the increasing incidence of computer fraud. The team consists of 18 detectives, split into three regional groups based in Amsterdam, the Hague and Nijmegen. They will be giving specialized help to local forces investigating computer-related crimes, in particular those involving fraud and hacking. The pilot scheme will run for 18 months and will cost the Minister of Justice Dfl 13 million (about $8.5 million). This is in addition to the Dfl 360 000 already being spent to train detectives in different operating systems, programming languages and specialized computer investigation techniques. However Frederik van Gulik, the officer in charge of the Nijmegen office, has already said that the scheme is understaffed, given the scale of the problem. The Dutch police also want changes in the law to allow them to tap data communication. A practice which is currently outlawed by Dutch judges. Police in the Netherlands recently succeeded in exposing a major fraud involving claims for EC agricultural import and export subsidies. A business selling agricultural equipment hacked into the Dutch customs system, and examined programmes which dealt
01991
Elsevier Science Publishers Ltd
January
Computer Fraud 8 Security Bulletin
199 1
wlth substdy appllcatlons. By avoldlng the type of subsidy which is given manual inspection, they were able to set up a long running fraud.
Computerized army inventory ‘leaks’ weaponry worldwide It appears that the US Army’s worldwide computerized inventory control system has been leaking weapons and explosives for years. The losses due to theft alone just since 1984 amount to tens of millions of dollars of explosives and weapons. At issue are such things as grenades, anti-aircraft shells, land mines, howitzer rounds, cluster and fragmentation bombs, bullets, and anti-tank rockets. Large quantities of the latter, which are capable of piercing armour and blowing up buildings and military tanks, have been discovered since 1984 in Philadelphia, New York City, and Detroit. In addition, US Army explosives losses have included tons of such things as military TNT and the plastic explosive C4, which sometimes is called the terrorist’s favourite. Four ounces of C4, which costs the US Government $1.20, is sufficient to destroy an airliner. The US Army computerized inventory accounting records are reportedly in such a state that it does not know the full extent or value of its losses of weapons and explosives. In many instances the materials have been stolen by US soldiers or local civilian employees and have been sold to international drug dealers, hate groups, mercenaries, and terrorists. Between 1984 and 1990 weapons and explosives stolen from the US Army were responsible for the deaths of 13 people, the wounding of 165 individuals, and some $1.6 million in damage. Be/den Menkus
Australian police force discover missing software Australian detectives have been embarrassed by the discovery of deception
01991
Elsevier Science Publishers Ltd
wlthin their own ranks, according to a recent report in Computer Weekly. Police in Queensland had asked ICL if it could supply high security database software which could rapidly search records of such things as bank accounts, vehicle registration, newspaper articles and letters. ICL replied that it had exactly the right package - Indepol, costing about f200 000 and that the Queensland police were already licensed users of the software, much to the surprise of the police. After an extensive search, detectives found the lndepol software in its original packaging in a basement under the former Brisbane police headquarters. It had been lying there unused for five years. ICL has commented that the software, “Is in need of an upgrade”, and is considering supplying the latest version to the police at no extra cost. Police minister Terence Mackenroth says he is, “Astounded and appalled” that the software has, “sat rotting away in a basement”. He suspects that it could have been hidden by corrupt insiders who did not want the force doing extensive intelligence gathering. Various senior police officers and government officials in Australia have been asked whether they were involved in the purchase of the lndepol system. All have denied any knowledge of it.
Marketplace California-based Demax Software has launched The Demav Security Policy Guide, which provides DEC users with a methodology for assessing any VAX/VMS site for its security levels, and for producing a framework to build and maintain a consistent security policy. Free copies of this 40 page guide are available from Demax on +l 800 283 3629. Datashield has announced that it is incorporating expert system techniques in its Disaster Plan/90 software. DP/90 is a PC-based contingency planning module which provides a knowledge base of expert information. It takes users through the different stages of creating a