- Email: [email protected]
Fuelled by fear?
Computer Fraud & Security Bulletin
round-down fraud and, finally, privacy violations. In each of these cases the media performed a useful function in highlighting computer security and forcing management to
November
1989
geographic freedom hackers can enjoy but also had them “rallying round a cause”. “This makes them much more dangerous,” says Parker. “Their goal is to make information free and make computers freely accessible to everyone.”
consider the issue, often for the first time. Now, according to Parker, the task is to predict the next crimoid and to impel management to put security measures in place before the new problem can become rife. What is more, managers will now be able to secure more money for their budgets. A likely contender for the next crimoid is the phantom node in the network. Network paths are not always completely known for an organization and an intruder can use this fact to his or her advantage. What may appear to be a file server could be the equivalent of an unplugged drain where all the information on a system can be drawn off. Look out also for fax graffiti. Already there have been incidents reported of pornography being sent over fax lines.
CHASING THE HACKER
Another perspective on the moral dilemma of hacking has grown out of the cyberpunk. This is no longer just the genre of literature which has developed since Necromancer, it is the name of a new generation of hackers with a new culture of irresponsibility. Their cult magazine was Hackers’ Real@ which has been renamed Mondo 2000 and is produced in Berkeley, California, USA. “They sit in their bedrooms using their Commodores and are the equivalent of the kids who steal hub caps or even cars,” said Parker. Efforts are being made in the USA to counter these developments sometimes by teaching computer ethics. Many believe, however, that morality cannot be taught and that it is a result of upbringing. Nevertheless, Parker said that lecturing to high school teachers was producing results. They were learning not to encourage their brightest pupils to hack now that they realize the damage hacking can cause.
Parker also reported a hacking case which is being investigated by the FBI and Scotland Yard, UK. The hacker routes his calls through other countries including South Africa and the
FUELLED BY FEAR?
The objective is not simply to lock out the hacker, they want him caught!
The response of European businesses to the increasing incidence of computer crime has been a rapid investment in computer security products, according to a recent report published by Frost and Sullivan. Their report predicts a massive jump in system security investment between 1987 and 1993, as managers become more aware of the value and vulnerability of their electronic transactions and databases.
Parker voiced his concern about the moral outlook of hackers. On the one hand the Galactic Hacker Party in Amsterdam, the Netherlands, emphasized not only the
The report also reveals that corporations now create and maintain 50% of their sensitive data on PCs, a potentially massive market for anyone developing access controls for PCs.
USSR to make tracing him or her (or perhaps them) almost impossible. One company is losing f 15 000 per month just in the cost of the calls. Six other companies are known to have been hit. More than 200 days of computer time have been lost over the last few months.
2
01989
Elsevier Science Publishers Ltd
November
Computer Fraud & Security Bulletin
1989
Thomas Guidoboni, attorney for Robert Morris, the ex-Cornell graduate student who has been charged with unleashing the worm that forced Internet to a halt last October. The veil of secrecy may remain over Morris’ whereabouts for many months to come. In July, a New York grand jury charged Morris with a single felony count under the 1986 Computer Fraud and Abuse Act, which makes it illegal to gain unauthorized access to US government computers. Morris is the first person to be charged under this law, but Guidoboni says that he doesn’t know when the matter will come to court. “The judge has not set a trial date, and if he doesn’t set one soon there’s no way the trial can begin until 1990 at the earliest,” said the Washington DC-based attorney. “He’s been released on his own recognizance and is working, and that’s all I can say.” Doug Miiiison 0
Spent in 1987 ($M)
m
Predicted
Spending
on computer
Source:
for 1993 ($M)
secutity products.
Frost and Sullivan.
Interestingly, the survey also claims that many computer crimes are low-tech, despite certain well-publicized cases. Most such
FBI FOCUS ON FRAUD “The US is now experiencing the greatest number of bank failures since the Depression; about one third of these have been estimated to involve fraud,” said William Baker, Assistant Director of the FBI, at the recent International Police Exhibition and Conference (IPEC) in London, UK.
IS MORRIS STILL AT WORK?
Baker’s message was that, in the current computerized and international business world, fraud prevention is impossible for law enforcement agencies to do alone. He outlined the FBI approach which, in addition to the traditional use of media and public response, makes greater use of business and industrial associations.
America’s best known computer virus author may be secretly at work in the computer industry. “He’s working, but I have no comment on what he is doing or where,” said
The Bureau also actively proposes new legislation, when old laws are felt to be inadequate, and maintains a database of fraud information to predict future trends.
crimes require little expert or technical knowledge to implement, but instead often exploit ‘insider’ knowledge of a firms methods and checks.
01989
Elsevier Science Publishers Ltd
round-down fraud and, finally, privacy violations. In each of these cases the media performed a useful function in highlighting computer security and forcing management to
November
1989
geographic freedom hackers can enjoy but also had them “rallying round a cause”. “This makes them much more dangerous,” says Parker. “Their goal is to make information free and make computers freely accessible to everyone.”
consider the issue, often for the first time. Now, according to Parker, the task is to predict the next crimoid and to impel management to put security measures in place before the new problem can become rife. What is more, managers will now be able to secure more money for their budgets. A likely contender for the next crimoid is the phantom node in the network. Network paths are not always completely known for an organization and an intruder can use this fact to his or her advantage. What may appear to be a file server could be the equivalent of an unplugged drain where all the information on a system can be drawn off. Look out also for fax graffiti. Already there have been incidents reported of pornography being sent over fax lines.
CHASING THE HACKER
Another perspective on the moral dilemma of hacking has grown out of the cyberpunk. This is no longer just the genre of literature which has developed since Necromancer, it is the name of a new generation of hackers with a new culture of irresponsibility. Their cult magazine was Hackers’ Real@ which has been renamed Mondo 2000 and is produced in Berkeley, California, USA. “They sit in their bedrooms using their Commodores and are the equivalent of the kids who steal hub caps or even cars,” said Parker. Efforts are being made in the USA to counter these developments sometimes by teaching computer ethics. Many believe, however, that morality cannot be taught and that it is a result of upbringing. Nevertheless, Parker said that lecturing to high school teachers was producing results. They were learning not to encourage their brightest pupils to hack now that they realize the damage hacking can cause.
Parker also reported a hacking case which is being investigated by the FBI and Scotland Yard, UK. The hacker routes his calls through other countries including South Africa and the
FUELLED BY FEAR?
The objective is not simply to lock out the hacker, they want him caught!
The response of European businesses to the increasing incidence of computer crime has been a rapid investment in computer security products, according to a recent report published by Frost and Sullivan. Their report predicts a massive jump in system security investment between 1987 and 1993, as managers become more aware of the value and vulnerability of their electronic transactions and databases.
Parker voiced his concern about the moral outlook of hackers. On the one hand the Galactic Hacker Party in Amsterdam, the Netherlands, emphasized not only the
The report also reveals that corporations now create and maintain 50% of their sensitive data on PCs, a potentially massive market for anyone developing access controls for PCs.
USSR to make tracing him or her (or perhaps them) almost impossible. One company is losing f 15 000 per month just in the cost of the calls. Six other companies are known to have been hit. More than 200 days of computer time have been lost over the last few months.
2
01989
Elsevier Science Publishers Ltd
November
Computer Fraud & Security Bulletin
1989
Thomas Guidoboni, attorney for Robert Morris, the ex-Cornell graduate student who has been charged with unleashing the worm that forced Internet to a halt last October. The veil of secrecy may remain over Morris’ whereabouts for many months to come. In July, a New York grand jury charged Morris with a single felony count under the 1986 Computer Fraud and Abuse Act, which makes it illegal to gain unauthorized access to US government computers. Morris is the first person to be charged under this law, but Guidoboni says that he doesn’t know when the matter will come to court. “The judge has not set a trial date, and if he doesn’t set one soon there’s no way the trial can begin until 1990 at the earliest,” said the Washington DC-based attorney. “He’s been released on his own recognizance and is working, and that’s all I can say.” Doug Miiiison 0
Spent in 1987 ($M)
m
Predicted
Spending
on computer
Source:
for 1993 ($M)
secutity products.
Frost and Sullivan.
Interestingly, the survey also claims that many computer crimes are low-tech, despite certain well-publicized cases. Most such
FBI FOCUS ON FRAUD “The US is now experiencing the greatest number of bank failures since the Depression; about one third of these have been estimated to involve fraud,” said William Baker, Assistant Director of the FBI, at the recent International Police Exhibition and Conference (IPEC) in London, UK.
IS MORRIS STILL AT WORK?
Baker’s message was that, in the current computerized and international business world, fraud prevention is impossible for law enforcement agencies to do alone. He outlined the FBI approach which, in addition to the traditional use of media and public response, makes greater use of business and industrial associations.
America’s best known computer virus author may be secretly at work in the computer industry. “He’s working, but I have no comment on what he is doing or where,” said
The Bureau also actively proposes new legislation, when old laws are felt to be inadequate, and maintains a database of fraud information to predict future trends.
crimes require little expert or technical knowledge to implement, but instead often exploit ‘insider’ knowledge of a firms methods and checks.
01989
Elsevier Science Publishers Ltd