- Email: [email protected]
Marketplace
October 7994
Computer Fraud & Security Bulletin
China’s counterfeiters follow closely the trends in the software market. The amount of unauthorized software available on CD-ROM is already staggering. Available are copies of a single title from one publisher through to compendiums of software from several publishers. The choice for China seems to be to chase the short-term profits from selling illegal software or to show that China is a safe place for high-tech investment and technology transfer, and thereby develop a stronger industry in the long-run. In the meantime, the BSA cannot compete with the distributors of illegal software.
MARKETPLACE Sea Change Corp Europe has launcned Janus Firewall Server (Janus), a secure Internet server system which aims to prevent external Internet usersfrom accessing information held on an organization’s internal data network. Janus acts as a transparent gateway providing interoperability between internal and external company networks and interconnecting E-mail links. The system is aimed at organizations requiring interactive dialogue, information and messaging services via the Internet. Janus also guards against sending outgoing-mail messages which carry information about internal network configuration, while providing a restricted set of services for external users. Janus also protects internal networks from unauthorized access. For further information contact John Co&ton on +44 (0)483 456666.
Insight Consulting inc a subsidiary of Software AG has announced the availability of the Fraud, Neutralization and Deterrence (FINDER) Program, a combination of technology and services for identifying and eliminating commercial fraud. FINDER combines the data visualization and analysis features of NETMAP, from Alta Analytics, with investigation methods to speed fraud detection. FINDER is an automated method that extracts data from a company’s database, allowing investigators to analyze data for patterns or relationships that may reveal collusion and other signs of fraud. For further information contact Mia Musolino on + 7 703 39 7 8238.
A new encryption process, CD-Secure, has just been developed by QDilla Ltd. The system works by encrypting the mastering process. A decryption routine, called Unlock, is generated during this process and installed in the target PC. This routine decrypts the data on the CD-ROM in real-time, as the user accesses the information. The Unlock program can be sent to end users on the CD itself, with authorization to access it given to them over the phone: no extra hardware is required. C-Dilla’s systems allows sound, image or video information to be protected. The system allows qualified access as well as preventing theft or copying of information and protecting data in transit. This means that it is possible to qualify access to the database by chosen heading, so that only a preset subject, or types of data, can be extracted from the CD-ROM. For further information contact John Sharman on -1-44(0) 734 266667.
G&A Imaging Ltd have
announced the release of GuardCard for Windows, the security ID and access control system for Microsoft Windows 3.1, Windows for Workgroups and standard PC networks. The system has been designed around the open systems architecture; users are able to build their own custom interfaces, incorporating data entry fields of their choice of language and assembling record search ranges that suit their specific requirements. ForfurtherinformationcontactRay St. Maurice on + 1 8 19 770 9632.
Software Security International Ltd claim that their new security system UniKey System cuts the cost of using hardware-based systems to protect software from piracy and gives developers extra features. The company claims that with their system the developer needs only one device to protect the software through its entire life cycle. If the user was left with the original protection device unchanged this meant that the security system was compromised and upgrades and new releases could be freely copied. When up-dates or new releases are issued or even add-on products are sold, the UniKey hardware can be reconfigured by the developer to incorporate them into the protection system. The unique identity of each UniKey device is used in the reconfiguration process, linking it back to the upgraded software. This
01994
Elsevier Science Ltd
October 1994
Computer Fraud & Security Bulletin
means that the upgraded software will only work with the reconfigured UniKey hardware. Each UniKey can be reconfigured up to IO times. The reconfiguration process is by the exchange of a data string which can be accomplished via the telephone or fax. For further information contact Software Security International L td on +44 (0) 784 430060.
SUSPICIONS SURFACE ABOUT BUGGED SWISS ENCRYPTION UNITS For German about a allegedly
the past several months, the Swiss, and French media have been buzzing fantastic trap door encryption scheme involving Crypt0 AG, one of the world’s
foremost cryptographic companies. Crypt0 AG manufactures encryption hardware for domestic Swiss customers like the Swiss Federal Council as well as for foreign customers in over 120
ANTICIPATING
AN END TO FRAUD Lisa Armstrong
The developers of Sherlock claim the software program can not only detect and prevent bank and credit fraud but it can anticipate it. According to James C. Hope of NeuralTech Inc, Sherlock’s applications include all types of risk management, credit and collection issues, bond analysis, bankruptcy prediction and marketing response predictions. Its most distinguishing quality is its capacity to anticipate fraudulent situations. It can analyze massive amounts of data, identify patterns and determine a probability risk. Fraud risk assessment combines the probability of fraud with the magnitude of the decision to be made, and comes up with a decision as to whether or not the risk should be taken. Hope believes Sherlock can decrease the incidence of bank and credit fraud by 2540%. Sherlock works in two ways: it can identify fraudulent behaviour at point of authorization and it is able to detect patterns of multiple transactions which are correlated with fraud. Accounts can be routinely assessed in order to provide an image of the macroscopic risk potential of a portfolio. Individual transactions can also be analyzed. Sherlock is part of the innovative technology of artificial neural networks. It analyzes data, such as time of day, transaction amount and geographical location, and computes the probability of fraudulent activity.
01994
Elsevier Science Ltd
countries around the world. There have been allegations that the foreign customers have included Libya, Syria, Iraq and Iran. On 18 March 1992, Hans Buehler, a Swiss marketing representative for Crypt0 AG, a Steinhausen, Switzerland-based cryptographic firm, was arrested in Teheran by Iranian police and charged with espionage. A deal with Iran had resulted in several trips by Buehler to Teheran. Upon his arrest, Iran demanded a $1 million bail bond from Crypt0 AG as a ransom for Buehler’s release. After spending nine months in solitary confinement, Buehlerwas released by his Iranian jailers in January 1993, after Crypt0 AG paid the ransom to Iran. Shortly after Buehler’s return to Switzerland he was abruptly fired by Crypt0 AG. To add insult to injury, Crypt0 demanded that he repay them the $1 million (about 6 million Swiss francs). Buehler has recently told his story in a new book entitled Verschiiisselt (Ciphered) which was published by Werd Verlag of Zurich in March 1994. Buehler claims that Crypt0 AG is not owned by Swiss nationals but by the German Federal Intelligence Service (BND) via a post box company in Vaduz, Liechtenstein, called the Establishment European Trading Company. Furthermore, Buehler claims that German and American crypt0 specialists from the German Cipher Bureau [Zentrastelle fur Chiffrierwesen (ZfCH)] in Bad Godesburg and the National Security Agency (NSA) in Fort Meade, Maryland, USA, have been manipulating Crypt0 AG encryption units for at least the past 15 years. There is additional speculation that NSA has been planting trojan horses in Crypt0 AG
5
Computer Fraud & Security Bulletin
China’s counterfeiters follow closely the trends in the software market. The amount of unauthorized software available on CD-ROM is already staggering. Available are copies of a single title from one publisher through to compendiums of software from several publishers. The choice for China seems to be to chase the short-term profits from selling illegal software or to show that China is a safe place for high-tech investment and technology transfer, and thereby develop a stronger industry in the long-run. In the meantime, the BSA cannot compete with the distributors of illegal software.
MARKETPLACE Sea Change Corp Europe has launcned Janus Firewall Server (Janus), a secure Internet server system which aims to prevent external Internet usersfrom accessing information held on an organization’s internal data network. Janus acts as a transparent gateway providing interoperability between internal and external company networks and interconnecting E-mail links. The system is aimed at organizations requiring interactive dialogue, information and messaging services via the Internet. Janus also guards against sending outgoing-mail messages which carry information about internal network configuration, while providing a restricted set of services for external users. Janus also protects internal networks from unauthorized access. For further information contact John Co&ton on +44 (0)483 456666.
Insight Consulting inc a subsidiary of Software AG has announced the availability of the Fraud, Neutralization and Deterrence (FINDER) Program, a combination of technology and services for identifying and eliminating commercial fraud. FINDER combines the data visualization and analysis features of NETMAP, from Alta Analytics, with investigation methods to speed fraud detection. FINDER is an automated method that extracts data from a company’s database, allowing investigators to analyze data for patterns or relationships that may reveal collusion and other signs of fraud. For further information contact Mia Musolino on + 7 703 39 7 8238.
A new encryption process, CD-Secure, has just been developed by QDilla Ltd. The system works by encrypting the mastering process. A decryption routine, called Unlock, is generated during this process and installed in the target PC. This routine decrypts the data on the CD-ROM in real-time, as the user accesses the information. The Unlock program can be sent to end users on the CD itself, with authorization to access it given to them over the phone: no extra hardware is required. C-Dilla’s systems allows sound, image or video information to be protected. The system allows qualified access as well as preventing theft or copying of information and protecting data in transit. This means that it is possible to qualify access to the database by chosen heading, so that only a preset subject, or types of data, can be extracted from the CD-ROM. For further information contact John Sharman on -1-44(0) 734 266667.
G&A Imaging Ltd have
announced the release of GuardCard for Windows, the security ID and access control system for Microsoft Windows 3.1, Windows for Workgroups and standard PC networks. The system has been designed around the open systems architecture; users are able to build their own custom interfaces, incorporating data entry fields of their choice of language and assembling record search ranges that suit their specific requirements. ForfurtherinformationcontactRay St. Maurice on + 1 8 19 770 9632.
Software Security International Ltd claim that their new security system UniKey System cuts the cost of using hardware-based systems to protect software from piracy and gives developers extra features. The company claims that with their system the developer needs only one device to protect the software through its entire life cycle. If the user was left with the original protection device unchanged this meant that the security system was compromised and upgrades and new releases could be freely copied. When up-dates or new releases are issued or even add-on products are sold, the UniKey hardware can be reconfigured by the developer to incorporate them into the protection system. The unique identity of each UniKey device is used in the reconfiguration process, linking it back to the upgraded software. This
01994
Elsevier Science Ltd
October 1994
Computer Fraud & Security Bulletin
means that the upgraded software will only work with the reconfigured UniKey hardware. Each UniKey can be reconfigured up to IO times. The reconfiguration process is by the exchange of a data string which can be accomplished via the telephone or fax. For further information contact Software Security International L td on +44 (0) 784 430060.
SUSPICIONS SURFACE ABOUT BUGGED SWISS ENCRYPTION UNITS For German about a allegedly
the past several months, the Swiss, and French media have been buzzing fantastic trap door encryption scheme involving Crypt0 AG, one of the world’s
foremost cryptographic companies. Crypt0 AG manufactures encryption hardware for domestic Swiss customers like the Swiss Federal Council as well as for foreign customers in over 120
ANTICIPATING
AN END TO FRAUD Lisa Armstrong
The developers of Sherlock claim the software program can not only detect and prevent bank and credit fraud but it can anticipate it. According to James C. Hope of NeuralTech Inc, Sherlock’s applications include all types of risk management, credit and collection issues, bond analysis, bankruptcy prediction and marketing response predictions. Its most distinguishing quality is its capacity to anticipate fraudulent situations. It can analyze massive amounts of data, identify patterns and determine a probability risk. Fraud risk assessment combines the probability of fraud with the magnitude of the decision to be made, and comes up with a decision as to whether or not the risk should be taken. Hope believes Sherlock can decrease the incidence of bank and credit fraud by 2540%. Sherlock works in two ways: it can identify fraudulent behaviour at point of authorization and it is able to detect patterns of multiple transactions which are correlated with fraud. Accounts can be routinely assessed in order to provide an image of the macroscopic risk potential of a portfolio. Individual transactions can also be analyzed. Sherlock is part of the innovative technology of artificial neural networks. It analyzes data, such as time of day, transaction amount and geographical location, and computes the probability of fraudulent activity.
01994
Elsevier Science Ltd
countries around the world. There have been allegations that the foreign customers have included Libya, Syria, Iraq and Iran. On 18 March 1992, Hans Buehler, a Swiss marketing representative for Crypt0 AG, a Steinhausen, Switzerland-based cryptographic firm, was arrested in Teheran by Iranian police and charged with espionage. A deal with Iran had resulted in several trips by Buehler to Teheran. Upon his arrest, Iran demanded a $1 million bail bond from Crypt0 AG as a ransom for Buehler’s release. After spending nine months in solitary confinement, Buehlerwas released by his Iranian jailers in January 1993, after Crypt0 AG paid the ransom to Iran. Shortly after Buehler’s return to Switzerland he was abruptly fired by Crypt0 AG. To add insult to injury, Crypt0 demanded that he repay them the $1 million (about 6 million Swiss francs). Buehler has recently told his story in a new book entitled Verschiiisselt (Ciphered) which was published by Werd Verlag of Zurich in March 1994. Buehler claims that Crypt0 AG is not owned by Swiss nationals but by the German Federal Intelligence Service (BND) via a post box company in Vaduz, Liechtenstein, called the Establishment European Trading Company. Furthermore, Buehler claims that German and American crypt0 specialists from the German Cipher Bureau [Zentrastelle fur Chiffrierwesen (ZfCH)] in Bad Godesburg and the National Security Agency (NSA) in Fort Meade, Maryland, USA, have been manipulating Crypt0 AG encryption units for at least the past 15 years. There is additional speculation that NSA has been planting trojan horses in Crypt0 AG
5