- Email: [email protected]
Security takes centre stage at Internet conference
June 1995
Network Security
Church puts freedom of Internet on trial Brian
Riggs
Having left the Church in 1982, former Scientology minister Dennis Erlich has been using a Los Angeles electronic bulletin board service (BBS) to post invective commentary on the Church and its teachings, As part of his criticism, Erlich has repeatedly drawn from copyrighted material owned by the Church of Scientology. Additionally, some of the posted Church teachings not intended for public dissemination and considered trade secrets. The Church of Scientology was formed by L. Ron Hubbard in 1954 and has been promulgated through his much publicized book “Dianetics”. In a preliminary hearing in late February, the BBS and the provider that gives it Internet access - San Jose, California-based Netcom On-Line Communications Services Inc. - were determined not to be responsible for carrying what US courts may determine to be illegal information, The same hearing issued a temporary restraining order against Erlich, prohibiting him from posting material until the case is brought to court. Despite the court’s decision not to try the Internet providers, the Church intends to refile against them. “A means of control should exist whereby access operators and their organizations are held responsible for what is posted on the Internet”, said Helena Korbin, attorney for the Church. However, this is not the commonly accepted wisdom, according to Kathleen Kells, director of the US-based non-profit organization Computer Professionals for Social Responsibility. “We hold that the service carrier should
10
also not be held responsible” if its services are used illegally, she said. “This is a case where technology has gone ahead of the legal system”, Kells continued. An unusual lawsuit involving an electronic bulletin board, a disgruntled minister, and secret religious teachings promises to put the free-wheeling exchange of information available on the Internet to the test. The Church of Scientology, based in Los Angeles, California, has filed a law suit against a ministerial malcontent and the online services that allowed him to post confidential and copyrighted material without its permission.
Judge says hacker deserves more time Chris Bucholtz A judge has rejected a hacker’s secret plea bargain and complained that federal guidelines do not provide a long enough sentence for his actions. US District Judge Manuel Real said that Kevin Lee Poulsen deserved more prison time than the 14 years current law allows after Poulsen pleaded guilty to seven counts of wire fraud, conspiracy and intercepting wire communications, “Legal and law enforcement people are tired of seeing hackers serving light sentences, coming out of jail and becoming heroes in the media”, said John Pescatore, research director for security services at IDC Government. “They’re handed job offers and fame, and the law enforcement people think it’s sending the message that crime pays.” Real rejected the plea bargain brokered by US District
Attorneys and Poulsen’s lawyers and a sentencing hearing occurred on April 10th. Details of the plea bargain were not disclosed, but Poulsen’s attorneys said they were hoping for a sentence close to the four years Poulsen has already served. Real said he was most upset by Poulsen’s attempt to discover the names of undercover businesses operated by the FBI. Poulsen also used stolen codes to invade an Army network, eavesdrop on the phone calls of his former girlfriend and tap into conversations of the Pacific Bell security officials who were investigating him. Poulsen’s arrest in 1991 came after nearly two years on the run When he was arrested, he was wanted for taking control of the phone lines of two Los Angeles radio stations to win a Porsche sports car and a vacation. Poulsen also faces as much as 85 years for separate charges of espionage. After his initial arrest, a classified 1987 Air Force document containing orders for Army paratroops was found in a locker Poulsen had rented, along with stolen phone equipment. Poulsen is the first hacker charged with espionage.
Security takes centre stage at Internet conference Chris Bucholtz Despite the exponential growth of the Internet, most financial institutions have been slow in embracing the technology because of the risk of online crime. “Banking On the Internet: Opportunity or Threat”, a conference in New York City at the end of March addressed some of the fears. Sponsored by the International Bank Study
01995 Elsevier Science Ltd
June 1995
Center, the meeting featured nine speakers - four of whom spoke on security topics. “Members of the banking community are very concerned about exposure to the risk of online crime and fraud”, said Thorn Santiago, executive director of the IBSC. “And they should be. Right now, there really is no secure way of making transactions on the Internet.” But to ignore the Internet as a tool because the security mechanisms are not yet in place would be a severe mistake, said Robert Gold, moderator of the conference and CEO of Transaction Information Systems, a consulting company that specializes in visual and client/server technology for financial firms, “Bankers are a fairly conservative lot”, Gold said, “and with regard to the Internet, this could make them dangerously slow to respond to the rapid changes in technology.” Gold said that there are about 70 worldwide web sites operated by financial institutions. A few of these conduct credit card transactions naked over the Net, but most are tools for public relations and advertising. Gold thinks that these banks have the correct approach. “Banks need to get in the game and learn it little by little”, he said. “They need to open their minds but be conservative, and to stay in pace with the technology.” Gold foresees the Internet as an important sales tool in a banking industry that must battle non-bank competitors that offer financial services. But for now, security is the “meat and potatoes” issue of Internet banking.
01995 Elsevier Science Ltd
Network Security
“It’s not just a matter of somebody getting in and stealing $500”. said Gold. “Imagine if another country could get access to your database, and decided to electronically destabilize your banking system. We need those firewalls and a standard of security before we can fully utilize the Internet.”
Banking on the Internet Tom Kaneshige Wells Fargo Bank, a major bank in the United States and second largest in the state of California, announced it is offering personal financial services over the Internet and believes it has the security aspects covered I According to Wells Fargo spokesperson Lorna Doubet, this is part of Wells Fargo’s goal to provide total electronic banking on the Internet. Currently, customers can perform electronic transactions using the Prodigy online service and direct dial in, but may only access account information over the Net. Although Wells Fargo hopes limited transaction capability on the Internet can be made available later this year, “there will have to be more robust security systems”, says Doubet. “That’s pretty aggressive”, says Hans Von Braun, security analyst for Creative Strategies in San Francisco. “Electronic commerce is very dangerous on the Internet - it’s full of holes.” Wells Fargo Bank, in partnership with Netscape Communications in California, uses encryption technology to safeguard their customers who access account balances and transaction records, After calling Wells Fargo and
answering questions to confirm identity, customers obtain a password that can unlock the Internet. If the password is incorrectly input three times, customers have to repeat the process and obtain a new password. Citing additional firewalls of security, Doubet says, “Customer names, passwords and the last four digits on your account never appear on screen.” Von Braun disagrees. “Just because it’s not on the screen doesn’t mean they [techno-hackers] can’t capture the signal”, he says, adding, “another problem is that there needs to be two encryption tokens [ways of verifying identity]“, citing that the ATM method has two being in possession of the ATM card and knowing the secret code. Despite the risks, the public is becoming more comfortable with electronic commerce on the Internet. In a survey conducted earlier this year by International Data Corporation, research showed that 19% of the people surveyed would be willing to give their credit card number over the Internet with the current encryption technology, “Response has been higher than expected, the first two weeks is what we thought would be in the first three months”, says Doubet.
US war games fought Chris Bucholtz US defence and intelligence agencies are routinely staging war games with a unique twist: the targets are components in the US electronic infrastructure, The latest exercise, which began 3rd June, was based on the scenario of an electronic
11
Network Security
Church puts freedom of Internet on trial Brian
Riggs
Having left the Church in 1982, former Scientology minister Dennis Erlich has been using a Los Angeles electronic bulletin board service (BBS) to post invective commentary on the Church and its teachings, As part of his criticism, Erlich has repeatedly drawn from copyrighted material owned by the Church of Scientology. Additionally, some of the posted Church teachings not intended for public dissemination and considered trade secrets. The Church of Scientology was formed by L. Ron Hubbard in 1954 and has been promulgated through his much publicized book “Dianetics”. In a preliminary hearing in late February, the BBS and the provider that gives it Internet access - San Jose, California-based Netcom On-Line Communications Services Inc. - were determined not to be responsible for carrying what US courts may determine to be illegal information, The same hearing issued a temporary restraining order against Erlich, prohibiting him from posting material until the case is brought to court. Despite the court’s decision not to try the Internet providers, the Church intends to refile against them. “A means of control should exist whereby access operators and their organizations are held responsible for what is posted on the Internet”, said Helena Korbin, attorney for the Church. However, this is not the commonly accepted wisdom, according to Kathleen Kells, director of the US-based non-profit organization Computer Professionals for Social Responsibility. “We hold that the service carrier should
10
also not be held responsible” if its services are used illegally, she said. “This is a case where technology has gone ahead of the legal system”, Kells continued. An unusual lawsuit involving an electronic bulletin board, a disgruntled minister, and secret religious teachings promises to put the free-wheeling exchange of information available on the Internet to the test. The Church of Scientology, based in Los Angeles, California, has filed a law suit against a ministerial malcontent and the online services that allowed him to post confidential and copyrighted material without its permission.
Judge says hacker deserves more time Chris Bucholtz A judge has rejected a hacker’s secret plea bargain and complained that federal guidelines do not provide a long enough sentence for his actions. US District Judge Manuel Real said that Kevin Lee Poulsen deserved more prison time than the 14 years current law allows after Poulsen pleaded guilty to seven counts of wire fraud, conspiracy and intercepting wire communications, “Legal and law enforcement people are tired of seeing hackers serving light sentences, coming out of jail and becoming heroes in the media”, said John Pescatore, research director for security services at IDC Government. “They’re handed job offers and fame, and the law enforcement people think it’s sending the message that crime pays.” Real rejected the plea bargain brokered by US District
Attorneys and Poulsen’s lawyers and a sentencing hearing occurred on April 10th. Details of the plea bargain were not disclosed, but Poulsen’s attorneys said they were hoping for a sentence close to the four years Poulsen has already served. Real said he was most upset by Poulsen’s attempt to discover the names of undercover businesses operated by the FBI. Poulsen also used stolen codes to invade an Army network, eavesdrop on the phone calls of his former girlfriend and tap into conversations of the Pacific Bell security officials who were investigating him. Poulsen’s arrest in 1991 came after nearly two years on the run When he was arrested, he was wanted for taking control of the phone lines of two Los Angeles radio stations to win a Porsche sports car and a vacation. Poulsen also faces as much as 85 years for separate charges of espionage. After his initial arrest, a classified 1987 Air Force document containing orders for Army paratroops was found in a locker Poulsen had rented, along with stolen phone equipment. Poulsen is the first hacker charged with espionage.
Security takes centre stage at Internet conference Chris Bucholtz Despite the exponential growth of the Internet, most financial institutions have been slow in embracing the technology because of the risk of online crime. “Banking On the Internet: Opportunity or Threat”, a conference in New York City at the end of March addressed some of the fears. Sponsored by the International Bank Study
01995 Elsevier Science Ltd
June 1995
Center, the meeting featured nine speakers - four of whom spoke on security topics. “Members of the banking community are very concerned about exposure to the risk of online crime and fraud”, said Thorn Santiago, executive director of the IBSC. “And they should be. Right now, there really is no secure way of making transactions on the Internet.” But to ignore the Internet as a tool because the security mechanisms are not yet in place would be a severe mistake, said Robert Gold, moderator of the conference and CEO of Transaction Information Systems, a consulting company that specializes in visual and client/server technology for financial firms, “Bankers are a fairly conservative lot”, Gold said, “and with regard to the Internet, this could make them dangerously slow to respond to the rapid changes in technology.” Gold said that there are about 70 worldwide web sites operated by financial institutions. A few of these conduct credit card transactions naked over the Net, but most are tools for public relations and advertising. Gold thinks that these banks have the correct approach. “Banks need to get in the game and learn it little by little”, he said. “They need to open their minds but be conservative, and to stay in pace with the technology.” Gold foresees the Internet as an important sales tool in a banking industry that must battle non-bank competitors that offer financial services. But for now, security is the “meat and potatoes” issue of Internet banking.
01995 Elsevier Science Ltd
Network Security
“It’s not just a matter of somebody getting in and stealing $500”. said Gold. “Imagine if another country could get access to your database, and decided to electronically destabilize your banking system. We need those firewalls and a standard of security before we can fully utilize the Internet.”
Banking on the Internet Tom Kaneshige Wells Fargo Bank, a major bank in the United States and second largest in the state of California, announced it is offering personal financial services over the Internet and believes it has the security aspects covered I According to Wells Fargo spokesperson Lorna Doubet, this is part of Wells Fargo’s goal to provide total electronic banking on the Internet. Currently, customers can perform electronic transactions using the Prodigy online service and direct dial in, but may only access account information over the Net. Although Wells Fargo hopes limited transaction capability on the Internet can be made available later this year, “there will have to be more robust security systems”, says Doubet. “That’s pretty aggressive”, says Hans Von Braun, security analyst for Creative Strategies in San Francisco. “Electronic commerce is very dangerous on the Internet - it’s full of holes.” Wells Fargo Bank, in partnership with Netscape Communications in California, uses encryption technology to safeguard their customers who access account balances and transaction records, After calling Wells Fargo and
answering questions to confirm identity, customers obtain a password that can unlock the Internet. If the password is incorrectly input three times, customers have to repeat the process and obtain a new password. Citing additional firewalls of security, Doubet says, “Customer names, passwords and the last four digits on your account never appear on screen.” Von Braun disagrees. “Just because it’s not on the screen doesn’t mean they [techno-hackers] can’t capture the signal”, he says, adding, “another problem is that there needs to be two encryption tokens [ways of verifying identity]“, citing that the ATM method has two being in possession of the ATM card and knowing the secret code. Despite the risks, the public is becoming more comfortable with electronic commerce on the Internet. In a survey conducted earlier this year by International Data Corporation, research showed that 19% of the people surveyed would be willing to give their credit card number over the Internet with the current encryption technology, “Response has been higher than expected, the first two weeks is what we thought would be in the first three months”, says Doubet.
US war games fought Chris Bucholtz US defence and intelligence agencies are routinely staging war games with a unique twist: the targets are components in the US electronic infrastructure, The latest exercise, which began 3rd June, was based on the scenario of an electronic
11