- Email: [email protected]
EC launches survey on national data security laws
December
1993
Computer Fraud & Security Bulletin
they refuse to reveal these figures”, he said. He explained how easy it is for hackers to combine stolen numbers with information found on discarded transaction slips to gain access to
ABS vulnerable to unauthorized computer access
people’s accounts.
National Audit Office, the computers of the Australian Bureau of Statistics (ABS) are vulnerable to unauthorized access. The report, tabled earlier this year in Federal Parliament, said
Data shows that 85% of computer
crime is
committed by employees inside companies who are stealing money and data from their own employers. Schwartau said, “Companies and governments must be prepared to invest in security technology for their computers. If they don’t, they’re prime victims for computer warriors”.
According
EC launches survey on national data security laws The European Community has commissioned a survey into the problems and benefits of working with national data protection laws. The EC is carrying out the survey to gauge EC citizens’ and organizations’ experiences in dealing with their national data protection laws, with the intention of using the results to assess its own draft Directive. The draft Directive is based on current laws and has been criticized as being costly, burdensome and bureaucratic and as imposing an impractical legal regime. The EC hopes to discover through the survey whether organizations and individuals face similar problems at a national level. The survey is being carried out by Privacy Laws and Business, the international data protection service on behalf of Directorate General XIII of the EC. Anyone interested in obtaining further details or participating in the survey should contact: Stewart Dresner, Privacy Laws and Business, Roxeth House, Shaftesbury Avenue, Harrow, HA2 OPZ, UK tel: +44 (0)81 423 1300; fax: +44 (0)8 1423 4536.
01993
Elsevier Science Publishers
Ltd
by the Australian
that any breach in the security of politically sensitive information, i.e. balance of payments, would be very difficult to trace as the ABS had 10 times as many staff with untraceable access to data as any other government department. While
DATA PRIVACY NEWS
to a report
the
ABS
computers
cannot
be
accessed from outside ABS premises, the Bureau fails to meet the high standards of security that could reasonably be expected to surround commercially and politically sensitive information, notes the report. The National Audit Office is particularly critical of the Bureau’s password protection regime, where in some cases the passwords were 10 years old and used by everybody. But the most reprehensible aspect of the Bureau’s computer security - or lack of it - was the number of persons with privileged access for unlimited and untraceable access to the system. It is understood that the ABS has accepted the criticisms and will act to implement the recommendations of the Australian National Audit Office.
Frank Rees
HACKING NEWS Hacker fraud foiled The Wall Street Journal reports that the Russian central bank has prevented hackers from stealing $57 million. The thieves accessed the bank’s computer and tried to transfer money into commercial bank accounts, however, the bank spotted the time-consuming process. Theft is made easier because the bank has not yet fully automated its interbank transfer system from its outdated telegraph system. For this year alone,
3
1993
Computer Fraud & Security Bulletin
they refuse to reveal these figures”, he said. He explained how easy it is for hackers to combine stolen numbers with information found on discarded transaction slips to gain access to
ABS vulnerable to unauthorized computer access
people’s accounts.
National Audit Office, the computers of the Australian Bureau of Statistics (ABS) are vulnerable to unauthorized access. The report, tabled earlier this year in Federal Parliament, said
Data shows that 85% of computer
crime is
committed by employees inside companies who are stealing money and data from their own employers. Schwartau said, “Companies and governments must be prepared to invest in security technology for their computers. If they don’t, they’re prime victims for computer warriors”.
According
EC launches survey on national data security laws The European Community has commissioned a survey into the problems and benefits of working with national data protection laws. The EC is carrying out the survey to gauge EC citizens’ and organizations’ experiences in dealing with their national data protection laws, with the intention of using the results to assess its own draft Directive. The draft Directive is based on current laws and has been criticized as being costly, burdensome and bureaucratic and as imposing an impractical legal regime. The EC hopes to discover through the survey whether organizations and individuals face similar problems at a national level. The survey is being carried out by Privacy Laws and Business, the international data protection service on behalf of Directorate General XIII of the EC. Anyone interested in obtaining further details or participating in the survey should contact: Stewart Dresner, Privacy Laws and Business, Roxeth House, Shaftesbury Avenue, Harrow, HA2 OPZ, UK tel: +44 (0)81 423 1300; fax: +44 (0)8 1423 4536.
01993
Elsevier Science Publishers
Ltd
by the Australian
that any breach in the security of politically sensitive information, i.e. balance of payments, would be very difficult to trace as the ABS had 10 times as many staff with untraceable access to data as any other government department. While
DATA PRIVACY NEWS
to a report
the
ABS
computers
cannot
be
accessed from outside ABS premises, the Bureau fails to meet the high standards of security that could reasonably be expected to surround commercially and politically sensitive information, notes the report. The National Audit Office is particularly critical of the Bureau’s password protection regime, where in some cases the passwords were 10 years old and used by everybody. But the most reprehensible aspect of the Bureau’s computer security - or lack of it - was the number of persons with privileged access for unlimited and untraceable access to the system. It is understood that the ABS has accepted the criticisms and will act to implement the recommendations of the Australian National Audit Office.
Frank Rees
HACKING NEWS Hacker fraud foiled The Wall Street Journal reports that the Russian central bank has prevented hackers from stealing $57 million. The thieves accessed the bank’s computer and tried to transfer money into commercial bank accounts, however, the bank spotted the time-consuming process. Theft is made easier because the bank has not yet fully automated its interbank transfer system from its outdated telegraph system. For this year alone,
3