- Email: [email protected]
Recombinant virus protects network
Computer Fraud & Security Bulletin
10 UK companies
warning
supply of illegal software. information
April 1994
them to cease the
It has also demanded
about how many copies have been
about the agency’s potential to violate the privacy of Canadians. Parliament
The
CSE
is accountable
through the defence minister, but the
sold and plans to seek damages for lost licence
report implies that he is unaware
fees. A spokesperson
latest projects.
are investigating supplying
for the company said, “We
counterfeit
software.”
The
supplied
software
number
of PCs and
pre-loaded has evidence
illegal
majority
copies
of
of illegally
seems to have come from a
Windows
of the CSE’s
product, and dealers
PCs after installing
application
notebooks
shipped
and MS-DOS.
with
Microsoft
that the accompanying
disks and
Warning message against security risks The Financial Canada
Post reports that in Ontario,
guidelines
have
been
introduced
manuals are being bundled and sold separately.
protect E-mail users from corporate
They
disgruntled
have
already
identified
a source
of
counterfeit
software in the UK and were granted
permission
by the courts to raid the premises.
They discovered
to
‘helpful documentation’
original source of the counterfeit
as to the
software.
Users
employees
and external
hackers.
to security
breaches
may be exposed
when they send or receive E-mail
passwords
to
espionage,
messages
are stolen
because
and computer
hackers access private data or former employees abuse the system. It is hoped that the guidelines will encourage
WAN/LAN NEWS
developing
may still exist after the files are deleted and these can be accessed
spy agency is secretly
devices that can monitor and identify
voices carried through the air by phone, fax and radio
signals,
The
Establishment Canadian specializes Since
Communications
the
CSE
has
awarded
machines
that
can quickly
words and phrases from the millions CSE
monitors
three
every
isolate
key
of signals
day. The CSE awarded
Centre de Recherche lnformatique de Montreal a contract to develop a ‘speaker identification system’, which can pick up voices from the electronic
trail. E-mail
could
be eavesdropped
E-mail for sensitive
on and avoid
purposes
using
in the same way
cellular phone users have done.
Security
contracts worth $1 .l million to a Montreal firm to make
like an electronic
users should be made aware that their messages
(CSE) is a secret branch of the
Security Intelligence Service that in gathering signals intelligence.
1989,
could result in
disaster. In some E-mail systems backup copies
to a report in the MontrealGazette,
an elite wing of Canada’s
to develop policies on
that failing to set up procedures
Canadian agency monitors phone and fax According
businesses
E-mail use to minimize the problem. The Canadian Government has warned companies
haze and identify them.
Recombinant
virus protects network
A number of ‘vaccines’ have been developed to prevent virus attack. According to the Nikkei Weekly, a group from the Tokyo developed
an attenuated
rather than damaging.
virus
Institute
has
that is useful
It is hoped that the new
‘virus’ will be able to travel through the computers on a network, collect information, spot glitches and report back to the network manager. The recombinant virus has already been injected into a campus network of 150 computers and the
The CSE is supposed to provide the Federal Government with foreign intelligence, but
group hopes to test it in WIDE, a large network linking government, academic and private
parliamentarians
research laboratories
2
have
often
voiced
concerns
in Japan. The virus is a type
01994
Elsevier Science Ltd
Computer
April 1994
of worm
which
potential,
given restricted
beneficial
was stripped
program
programmed
of its disruptive
movement
instructions.
and some It can
be
to perform a variety of tasks such
as entering the nearest computer to warn it when a trouble spot has been found. It can also be told to monitor the flow of information and to notify
the
network
on the network
manager
of any
problems that arise. To protect the privacy of the information
the virus can be constructed
so that
it can only monitor certain types of information. is also
possible
to incorporate
It
identification
codes which restrict the routes the virus can take.
Fraud & Security Bulletin
Several research institutes in the USA consider Italy to be the ‘father’ of about 30 virus families, whilst in July to August 1993 alone, our home-grown hackers appear to have written 318 new viruses, fortunately not all of which have been diffused. In Italy there are some new trends, compared with the past. In the southern
regions,
generally tended not to feel any significant from the epidemics,
a greater incidence
was noted in the spring, especially Invisible
which impact
of cases
the virus “The
Man”, which appears to be the fruit of a
student’s thesis in computer science. Today, this virus is responsible
for 6% of infections
the entire country and its diffusion
found in
is constantly
increasing.
VIRUS NEWS Silvano Ongetta
Italy -
Virus diffusion
Between January and December 1993, 641 cases of infected PCs were discovered from a total of 3776, in a sample from over 300 companies in the fields of industry, banking and insurance, and from public offices and small private companies. Projections and statistics give rise to the hypothesis that there have been nearly 1000 cases of viral infections in the year just ended. The field of industry is the most vulnerable, with some companies experiencing infection in up to 50% of their PCs. The banks, on the other hand, are much better equipped, where 70% use anti-virus software, the number of intercepted cases is high and widespread diffusion is low, which proves the validity of the anti-virus protection adopted. In the Italian banking system, where only considering those companies linked to the SecrityNet circuit more than 40 000 anti-virus programs have been installed, the time taken to solve a virus infection has been reduced by 10 times compared with 1991, but the organizational commitment has been noteworthy. Today, all software is checked, whether it is imported or exchanged within the company.
01994
Elsevier Science Ltd
FRAUD NEWS IRS faces increasing
fraud
In an attempt to cut down on the amount of paperwork, the IRS has found itself facing increasing amounts of fraud. According to the New York Times, more than 25 000 fraudulent electronic returns were detected in the first 10 months of 1993. Last year electronic filing accounted for 12 million returns, slightly more than 1O%, a figure expected to rise to more than two-thirds by the year 2001. The IRS estimates its loss from electronic fraud alone at tens of millions of dollars a year. It is believed that the IRS only detects 25% of the fraud taking place with electronic filing. It is recommended that the IRS does more to check the backgrounds of preparers and others authorized to transmit returns, including using the National Crime Information Centre’s database. Pressure is rising to bring electronic fraud under control in the USA by September, or there could be a freeze on electronic filing.
3
10 UK companies
warning
supply of illegal software. information
April 1994
them to cease the
It has also demanded
about how many copies have been
about the agency’s potential to violate the privacy of Canadians. Parliament
The
CSE
is accountable
through the defence minister, but the
sold and plans to seek damages for lost licence
report implies that he is unaware
fees. A spokesperson
latest projects.
are investigating supplying
for the company said, “We
counterfeit
software.”
The
supplied
software
number
of PCs and
pre-loaded has evidence
illegal
majority
copies
of
of illegally
seems to have come from a
Windows
of the CSE’s
product, and dealers
PCs after installing
application
notebooks
shipped
and MS-DOS.
with
Microsoft
that the accompanying
disks and
Warning message against security risks The Financial Canada
Post reports that in Ontario,
guidelines
have
been
introduced
manuals are being bundled and sold separately.
protect E-mail users from corporate
They
disgruntled
have
already
identified
a source
of
counterfeit
software in the UK and were granted
permission
by the courts to raid the premises.
They discovered
to
‘helpful documentation’
original source of the counterfeit
as to the
software.
Users
employees
and external
hackers.
to security
breaches
may be exposed
when they send or receive E-mail
passwords
to
espionage,
messages
are stolen
because
and computer
hackers access private data or former employees abuse the system. It is hoped that the guidelines will encourage
WAN/LAN NEWS
developing
may still exist after the files are deleted and these can be accessed
spy agency is secretly
devices that can monitor and identify
voices carried through the air by phone, fax and radio
signals,
The
Establishment Canadian specializes Since
Communications
the
CSE
has
awarded
machines
that
can quickly
words and phrases from the millions CSE
monitors
three
every
isolate
key
of signals
day. The CSE awarded
Centre de Recherche lnformatique de Montreal a contract to develop a ‘speaker identification system’, which can pick up voices from the electronic
trail. E-mail
could
be eavesdropped
E-mail for sensitive
on and avoid
purposes
using
in the same way
cellular phone users have done.
Security
contracts worth $1 .l million to a Montreal firm to make
like an electronic
users should be made aware that their messages
(CSE) is a secret branch of the
Security Intelligence Service that in gathering signals intelligence.
1989,
could result in
disaster. In some E-mail systems backup copies
to a report in the MontrealGazette,
an elite wing of Canada’s
to develop policies on
that failing to set up procedures
Canadian agency monitors phone and fax According
businesses
E-mail use to minimize the problem. The Canadian Government has warned companies
haze and identify them.
Recombinant
virus protects network
A number of ‘vaccines’ have been developed to prevent virus attack. According to the Nikkei Weekly, a group from the Tokyo developed
an attenuated
rather than damaging.
virus
Institute
has
that is useful
It is hoped that the new
‘virus’ will be able to travel through the computers on a network, collect information, spot glitches and report back to the network manager. The recombinant virus has already been injected into a campus network of 150 computers and the
The CSE is supposed to provide the Federal Government with foreign intelligence, but
group hopes to test it in WIDE, a large network linking government, academic and private
parliamentarians
research laboratories
2
have
often
voiced
concerns
in Japan. The virus is a type
01994
Elsevier Science Ltd
Computer
April 1994
of worm
which
potential,
given restricted
beneficial
was stripped
program
programmed
of its disruptive
movement
instructions.
and some It can
be
to perform a variety of tasks such
as entering the nearest computer to warn it when a trouble spot has been found. It can also be told to monitor the flow of information and to notify
the
network
on the network
manager
of any
problems that arise. To protect the privacy of the information
the virus can be constructed
so that
it can only monitor certain types of information. is also
possible
to incorporate
It
identification
codes which restrict the routes the virus can take.
Fraud & Security Bulletin
Several research institutes in the USA consider Italy to be the ‘father’ of about 30 virus families, whilst in July to August 1993 alone, our home-grown hackers appear to have written 318 new viruses, fortunately not all of which have been diffused. In Italy there are some new trends, compared with the past. In the southern
regions,
generally tended not to feel any significant from the epidemics,
a greater incidence
was noted in the spring, especially Invisible
which impact
of cases
the virus “The
Man”, which appears to be the fruit of a
student’s thesis in computer science. Today, this virus is responsible
for 6% of infections
the entire country and its diffusion
found in
is constantly
increasing.
VIRUS NEWS Silvano Ongetta
Italy -
Virus diffusion
Between January and December 1993, 641 cases of infected PCs were discovered from a total of 3776, in a sample from over 300 companies in the fields of industry, banking and insurance, and from public offices and small private companies. Projections and statistics give rise to the hypothesis that there have been nearly 1000 cases of viral infections in the year just ended. The field of industry is the most vulnerable, with some companies experiencing infection in up to 50% of their PCs. The banks, on the other hand, are much better equipped, where 70% use anti-virus software, the number of intercepted cases is high and widespread diffusion is low, which proves the validity of the anti-virus protection adopted. In the Italian banking system, where only considering those companies linked to the SecrityNet circuit more than 40 000 anti-virus programs have been installed, the time taken to solve a virus infection has been reduced by 10 times compared with 1991, but the organizational commitment has been noteworthy. Today, all software is checked, whether it is imported or exchanged within the company.
01994
Elsevier Science Ltd
FRAUD NEWS IRS faces increasing
fraud
In an attempt to cut down on the amount of paperwork, the IRS has found itself facing increasing amounts of fraud. According to the New York Times, more than 25 000 fraudulent electronic returns were detected in the first 10 months of 1993. Last year electronic filing accounted for 12 million returns, slightly more than 1O%, a figure expected to rise to more than two-thirds by the year 2001. The IRS estimates its loss from electronic fraud alone at tens of millions of dollars a year. It is believed that the IRS only detects 25% of the fraud taking place with electronic filing. It is recommended that the IRS does more to check the backgrounds of preparers and others authorized to transmit returns, including using the National Crime Information Centre’s database. Pressure is rising to bring electronic fraud under control in the USA by September, or there could be a freeze on electronic filing.
3