news privacy in favour of security, Hynds says: "we are not actually asking for any additional capacity here. It's no different to real world surveillance Any intrusive investigation has to be justified as 'proportionate and necessary', in line with the European Convention on Human Rights". "It is, admittedly a more complex environment, especially in the sense that we would be placing certain strains on the industry if we insisted on data being retained for a very long time. "We are very keen to work with industry. Right from the start we have said that we are not going to do this on our own. We need to work in partnership."
Fraud Roundup
New fraud database to thwart rising fraud A new real-time Fraud Investigation database (FIND) is being planned to replace the previous paper-based fraud tracking system. Fraud in the UK has soared during the first half of 2002, already overtaking the £224 million total for 2001. The new database, being launched by Cifas will be accessed by all the major banks, credit card companies and asset finance organizations among others. The system is due to go live in 2003. Peter Hurst, chief executive of Cifas said “Fraud is a multi-million pound industry, however , it doesn’t just affect large banking and investment corporations, but every type of business and
individual. The only way we can stamp this out is to get all of the parties involved, from the police to our members and the victims, to share information about these crimes.” The CIFAS service will, for the first time, allow members to identify past and present trends, as all of the information will be stored centrally.
Frauds rise with tougher economic climate The total value of fraud cases for the first six months of 2002 increased by two and a half times to £256 million compared to the previous six months (£111 million) of 2001 according to figures from KPMG Forensics. David Alexander, Fraud Investigation Partner at KPMG told Computer Fraud & Security that tough economic conditions mean that any irregularities in finance become more noticeable. Often fraud will be viewed as an operating cost in an organization as management do not consider it to merit the cost of investigation said Alexander but when money is scarce, these finance drains become more pressing. There were large increases in the value of the Financial (Banking) fraud category, which increased from £11.3 million (the second half of 2001) to £51.8 million in 2002. This included three banking cases, which involved the use of bogus financial instruments. One of these cases, with sums at risk of £21
million, was a plot organized from Nigeria to defraud UK banks using false bankers drafts drawn on Nigerian oil companies. Commercial fraud in the UK witnessed 12 cases coming to court this year, each amounting to an average value of £1.8 million. According to Alexander, this represents a fraction of the fraud that occurs. He asserts that the chances of disclosure for the fraudster are slim, and this means that the chances of the case making it to court and eventual prosecution are even more remote. Alexander indicates that there are many factors that can result in fraud. The threat of redundancy can escalate the likelihood. Other pressures that could lead to individuals committing fraud are personal problems, such as gambling. It is also worth noting that higher management in positions of power are more likely to have increased opportunties to conduct discrepancies. Alexander also emphasized that computers play a significant role in all frauds investigated by KPMG and there is no new fraud, just different tools to commit it. “New technology makes existing fraud easier and more often than not fraudsters are one step ahead of the game”.
Spam Roundup
ISC2 victim of slander in targeted email hoax ISC2, the accreditation company that offers the esteemed CISSP information security certifications has
been portrayed as antisemetic in a stream of emails that are configured to appear as if they originate from an ISC2 employee. An Australian candidate who failed the CISSP accreditation exam is believed to be the source of the spam. The emails were initially unexceptional detailing ISC2 policy but they recently progressed to containing racist content. The latest email subject title is “Sept 11, the reason for last years attack on WTC” and contains racist content against Jews. The author of the hoax has spoofed the email address of the ISC2 Webmaster, Wilfred L. Camilleri, so it appears as if he is the sender. ADL, the Anti-Defamation League has supported ISC2 in the confirmation that the email does not originate from ISC2. The “Sept 11” email seems to have been purposely sent to Jewish institutions and Synagogues to create the illusion that ISC2 is anti-semetic. ISC2 has posted a notice stating that email from their company can be confirmed as genuine because it is PGP signed.
Hacking roundup
E-commerce site used as tester for credit cards Spitfire Ventures, an online novelty vendor received 140 000 credit card submissions within the space of 20 minutes on 12 September. Spitfire normally gets around five to 30 transactions per day. 62 477 transactions were authorized at $5.07 each 3