- Email: [email protected]
The first national computer security conference
65
Conference Report
The First National Computer Security Conference The First National Computer Security Conference was held in Nottingham, United Kingdom, on October 29th and 30th, 1984. It was sponsored jointly by Elsevier International Bulletins (U.K.) and the National Computing Center and was designed to encourage the widest possible discussion and exchange of opinion, bringing together keynote speakers and seminar discussion groups on a wide ranging program. Some 200 people attended this two-day conference coming from the United Kingdom, Ireland, Italy, Spain, Denmark, Norway, Sweden, Nigeria, the Netherlands and the United States. There were ten featured presentations by speakers from the United Kingdom, Sweden and the United States. There were eight discussion groups which ran concurrently with the featured presentations. The featured presentations and discussion groups were well organized and executed thanks to the efforts of Ron L. Brown and Roger Doswell of the NCC (Manchester), and Tony Powell and Andrew Carey of Elsevier International Bulletins (Oxford) and their supporting staffs.
Summary of the Presentations This report contains a summary of the featured presentations as well as a brief biographical sketch of each speaker.
Computer
Bruce Goldstein (U.S.A.) is a Senior Security Consultant with CGA Software Products Group (Homdel NJ, U.S.A.) and founder of the International Association for Computer Crime Investigators, having served as the Executive Director until November, 1984. He has degrees in criminal justice and police science and has spent over 20 years in managerial, investigative, instructional and consulting positions.
Summary Computer crime is a typical example of a technological crime that utilizes the very nature of the technology to conceal the criminal act. Computer crime has no season or special time that it is committed but in fact has become in the annals of criminology the most interesting crime to study. The talk revealed some of the things peculiar and particular about computer related crime and computer criminals. In a series of slides, Mr. Goldstein presented the recommended procedures to follow upon discovery that such a crime has been committed and suggestions about policies and procedures to adopt in such instances. The essential points are highlighted in the accompanying visuals. Exposures
North-Holland Computers & Security
0167-4048/85/$3.30
4 (1985) 65-73
0 1985, Elsevier Science Publishers
Fraud
in New Banking
Technology
Graeme Ward, FCCA, IPFA, FBIM (U.K.) is Divisional Manager of Field Operations with Abbey National Building Society (London), primarily responsible for the development and operation of automated financial services and the Society’s B.V. (North-Holland)
66
Conference Reports
DISCOVERY
OF THE EVENT
EMPLOYEE
_ _ _ _
MORALE
Discovered by accident Tipped off by (staff) employee Discovered by audit Outside organization - Police notifies management (rare) _ Employee confesses (rare)
_ _ _ _ _ _
INITIAL
USE OF EXTERNAL
_ _ _ _ _ _
ACTIONS
AFTER
DISCOVERY
Create team Gather relevant information Document all activities Arrange for computer time Duplicate all media Identify the ‘evidence’
-
PLANNING
Benefits costs Risks Expert status
USE OF UNDERCOVER _ _ _ _ _
I
INTERVIEWS
_ _ _ _
Stress confidentiality Use ‘open door’ approach If possible, record via secretary (witness) Keep interview brief - Stress ‘problematic’ aspect _ Maintain professionalism and dignity
!
No management control New exposures created Professional witnesses Reduced danger to civilians Federal Grand Jury
EVERYTHING KNOW ABOUT..
YOU
_ Computer
investigations investigators trials judges juries evidence
- Computer _ Computer _ Computer - Computer _ Computer
crime crime crime crime crime crime
ALWAYS
WANTED
TO
J
Fig. 1. Computer
THE DECISION
LAW ENFORCEMENT
a public
I
CONDUCTING
PROFESSIONALS
_ Technical experts limited
THE INVESTIGATION
_ Determine the phases _ Obtain the strongest team leader - Appraise the internal/external audit staff _ Document the flow of the investigation _ Formulate a press release and establish posture _ Utilize attorneys
The internal climate What do you tell? What you don’t say Use of professionals Patching wounded feelings After the trial
Crime Investigations
by Bruce Goldstein.
PROCESS
_ Criminal trial - Civil trial _ Dismissal/termination _ No court action _ Custom and practice _ Most beneficial
taking up his present Society’s chief internal
review
ATM and electronic funds transfer systems. He is also Director/Trustee of LINK, the vehicle for more than 20 major financial institutions that are cooperating to provide a shared EFTS. Before
post, Mr. Ward auditor.
was the
Summary In his presentation Mr. Ward discussed the exposures arising from the introduction of advanced technology into the most vulnerable environments, the place where the money is kept. Increasingly sophisticated funds transfer and management information systems are being introduced and interconnected between banks and other banks, and between banks and their customers, on a world-wide basis. The risks faced by banks are largely those en-
Conference Reports
countered by other large scale processors of data; it is perhaps the exposure which is so much greater. Like most business problems and challenges, this vulnerability is, in no small measure, a function of the attitudes and the conceptions of the people who direct the business. The paper discusses these attitudes - the tolerance of loss, the view of crime, the impact of security and auditing officers and the level of interest in the testing and certification of systems. Most system designers base their designs upon the expectation that ‘ things will not go wrong’ and that events will occur in a predictable order. Most frauds arise because someone has spotted a loophole in the system or because assumed controls are not effective. To illustrate some of the problems accruing - and without dwelling on individual case histories, the most notable of which have already been very well documented - two strands of well-established technology will be considered. These are plastic cards and electronic funds transfer systems - the areas where the world’s largest frauds are regularly arising. Are defences adequate or could more be done to eliminate loss? The principal point is that there are real exposures to loss both for banks and for the users of banking services and that, in many organizations, more could be done to avoid the consequences of these exposures resulting in loss. There is ample evidence to suggest that even the largest and most well-established of the international banks is vulnerable and that, for smaller banks given the vast amounts at risk and other pressures on liquidity and margins - a single fraud could make the difference between success and failure. It can be argued that it is absolutely essential that every bank - and every other large user of information technology - should adopt a manifesto for security endorsed from the highest level and involving everybody. Consideration will also be given to the role of the internal auditor in relation to control and security. Has he or she been fiddling whilst an electronic Rome was burning? The internal auditor must be a vital element in the defensive system. Data Protection
Legislation:
Guidelines for Action
Christopher T.H. Amety (U.K.) is Human Factors and Data Protection Manager in the Management Systems Department of IBM United King-
61
dom’s Head Office (Portsmouth). Among his current responsibilities is the implementation of the Data Protection Act in the IBM United Kingdom group of companies. He joined IBM in 1961 after reading Law at Oxford. Summary Mr. Amery made a 29 slide presentation of a brief overview of the Act itself followed by some detailed recommendations for its implementation by companies and other bodies. The implementation aspects covered included organization, the data census or survey, review of personal data, registration, communication and security. The UK Data Protection Act was passed in July 1984 and the first of its provisions has now come into effect - giving individuals the right to sue for compensation if a data user’s poor security results in damage to them. The Act will compel nearly everyone who processes personal data automatically to register what data they hold, why, where they get it from, and to whom it will be disclosed. They will have to conform to eight new ‘data protection principles’, and to respond to data subjects wanting to see their own data. There are new official bodies - the Data Protection Registrar, and the Data Protection Tribunal - and there will be new criminal offences and new civil liabilities. There are special provisions for bureaux, for international data transfers, and for a transition period. Telecoms Security Robin L. Sherman (U.K.) is Manager of Branch Data Communications Department and Group Telecommunications Department for Midland Bank plc. He started in computing in 1959 and joined the Midland Bank in 1970 where he was one of those who established the dedicated computer audit and security function within the Bank inspectorate. He currently represents the UK on IS0 TC97/SC20 and is committed to promoting a higher level of user participation in national and international standards activities. Summary Telecommunications in today’s information processing environment represents an area of significant risk if security requirements are not properly understood and steps are not taken to limit exposure to an acceptable level. The pace of
68
Conference Reports
technological development adds increasingly to the range of options available to the network builder and to the network breaker. The growing dependence of organizations upon telecoms within their information systems and the trend towards the sharing of network services heightens their exposure to active attack and raises the cost and complexity of providing reliable means of protection. Security within systems that utilize network services is therefore of paramount importance. In the face of this demand encryption techniques are now available to ensure that critical data are handled in a secure way. At the same time, many of the established security techniques aimed at preventing fraud, the denial of service, or the destruction, modification or disclosure of sensitive data, remain as vital considerations for the network designer today. The need for standards to support technological development has long been accepted. The quantity of work currently being done within ISO, CCITT and the other international standards bodies is considerable. Nonetheless it remains questionable whether this work is being progressed fast enough. The role being played by the UK Department of Trade and Industry through its Intercept Strategy for Open Systems Interconnection is important and should help to identify and promote standards which are near to formal agreement. Nevertheless the role of the manufacturers and the PTTs in developing standards has to be backed up by the active participation of users, who in the end will pay for their implementation anyway. Unfortunately few users outside government, and some academics, are involved even at a national level in standards work. Consideration of a number of network security scenarios within this presentation illustrated the situation facing us today. The need to develop a strategy for coping with the pace of technological advance and the economic forces which are transforming our world is possibly not obvious to all. The key activities which can be considered essential to the identification of such a strategy include the need to maintain compatibility with public networks, whomsoever the network provider may be, and ensuring cost effectiveness. These objectives can run counter to security considerations and the interaction of the individual components of the strategy must be balanced in such a way as
to avoid such compromises. Setting up an effective network management function is arguably the most important component part of one’s telecoms strategy. Indeed it has been argued by some sources that a company’s own organization should be mirrored in the structure of its network management facilities. The advancement of commercially usable cryptography over the past few years has produced a host of new techniques to help us. The range of cryptographic systems available today is examined. Wide acceptance of the DES algorithm has been accompanied by vigorous criticism of it, which continues even today. Authentication using ciphers, such as DES, identify verification techniques and the problems of key management are also discussed. Public key cryptography is still not widely used, but may provide a solution to the key distribution problems which complicate the application of crypt0 in networks. Auditing
of a Financial Institution
Network
Kenneth R. Lindup (U.K.) is an Inspector with the Group Inspection Department of Barclays Bank plc, having started in 1973 as an internal auditor. He has served on security working parties of the Committee of London Clearing Bankers dealing with the security aspects of electronic banking systems. He is a member of the research committee of the Institute of Internal Auditors and an organizer of COMPACS. He has lectured on computer audits in both the U.K. and the U.S.A. Summary As the use of computer networks grows, so the risks of losses from computer related crime increase. Banks and other financial institutions are particularly concerned with ensuring that their systems contain adequate controls. The role of the auditor is to take an independent view and to give assurances to senior management on the security and controls of computer systems. In Barclays Bank this means that the section responsible for EDP audit must look at all aspects of the Bank’s computer operations. To do this, no areas can be left unconsidered. It is not sufficient to examine the system design documentation; audit must also consider the environment that produces the systems, and the environment in which it runs. Operating procedures must be considered, and
Conference
0 Can an application sign on to T.C.A.M. using any T.C.A.M. GET and PUT queues not in use that date? l Can an application ‘impersonate’ another application? 0 Can an application ‘impersonate’ a terminal? l Can an application put any valid information in the message source field? l If a message on the input queue has the correct format and the correct source identifier, will it be accepted as a genuine message from another application? 0 What transactions can be passed between applications? l What validation is carried out to ensure that all messages passed between applications are genuine? 0 Can more than one application open the same GET or PUT queue simultaneously?
Fig. 2. Lindup’s
questionnaire.
compliance with controls must be tested Unless this is done, the auditor cannot be aware of every aspect and component of the system. There is, then, a real danger that the assumptions underlying the audit work program will be invalid. The consequence of this is that any assurance given to senior management may be equally invalid. Mr. Lindup’s paper considered one aspect of the system - the telecommunications network. It is not necessary for the auditor to have an in-depth, technical understanding of telecommunications. Mr. Lindup described an approach which was used within Barclays Bank. Barclays Bank runs several complex networks. Depending on how the networks are defined, they can overlap or they can be seen as separate entities. The approach adopted was to analyze the networks into their component elements. Thus each network could be considered as the sum of its parts. This meant that each element need to be considered only once. This done, Mr. Lindup described a questionnaire that was adopted and modified to make it fit the exercise. A portion of the questionnaire is included in the accompanying illustration. Personnel Aspects of Computer
Security
Ronald Beech (U.K.) served in the Chesire Constabulary from 1938 to 1969. He was stationed in various parts of Chesire in uniform and on CID duty and spent his latter years in administration.
Reports
69
He retired with the rank of Chief Inspector and took an appointment with United Biscuits Ltd at their Liverpool site as Security/Safety Manager where he had special responsibility for the security of the group computer installation.
Summary Chief Inspector Beech discussed the recruitment of staff, beginning with the preliminary application form. He drew attention to the ease with which unsuitable candidates can obtain employment by taking advantage of the weakness at this stage. Generally, there is a failure to check details and a failure to say ‘no’ when the alarm bells of doubt start to ring. Educational, technical and academic qualifications are rarely checked and too often urgency results in corners being cut and the wrong person recruited. Procedures for interviewing potential staff were examined, and reference was made to the enquiries necessary after the candidate’s first screening. These include written enquiries, telephone enquiries, positive ‘ vetting’ and social enquiries. The paper examined the problem of investigating the candidate’s record, obtaining information on previous offences and convictions, and the restrictions placed on checking these statements. In examining the situation of people with a criminal record, Mr. Beech discussed the effect of the Rehabilitation of Offenders Act and the implications of current thinking. Advice was given on the formulation of contractual conditions of employment and, at the same time, the need to ensure that there is in existence a well drafted Code of Internal Discipline, which is understood completely at all levels, particularly by those who have to apply it. Finally, the paper examined the harm that can be done to any organization by recruiting the wrong data processing staff. Apart from basic inefficiency, there are the dangers of reduced staff morale due to the presence of a petty thief or a trouble maker, sabotage, and, above all, the everpresent danger of fraud. During the talk Mr. Beech made reference to several case histories.
Conference Reporrs
70
Software Protection
and Piracy
Dr. Simon M. Elsom (U.K.) is engaged by a firm of London solicitors in the Computer Law and Software Protection practice. Until early in 1984 he was a software protection consultant with the British Technology Group, participating in the development of a software protection method in collaboration with the National Physical Laboratory and a consortium of companies. He is Secretary of the Technology of Software Protection Specialist Group of the British Computer Society and Deputy Chairman of the Society’s Copyright Committee. He was graduated with honors in Physics from the University of Sussex and has his Doctorate from the University of Aston in Birmingham. He worked as a trainee Patent Agent for GEC Ltd and was a research student at the University of Aston. Summary Interest in technological methods of protecting microcomputer software has arisen from the fear of widespread piracy by errant users and dealers and because of a reluctance by many software suppliers to resort to law. Although the extent of unauthorized copying and piracy is unknown, a survey of the U.K. Software Industry in 1982 revealed that at least a quarter of business microcomputer software suppliers in the sample suffered ‘serious’ losses in revenue from one, other or both of these activities. Since then the evidence available suggests that the proportion of suppliers ‘conscious’ that they are losing revenue from piracy of their business software has increased markedly. It is now standard practice for many software suppliers to incorporate technological measures into their products, in an attempt to staunch the loss of revenue. Indeed the 1982 survey also revealed that over 76% of microcomputer software suppliers used some form of technological protection. It is likely that their use is now almost universal. However, very little is published on software protection methods currently in use because (a) many of the measures are not userfriendly, and thus are unlikely to attract custom, and (b) such information may be useful to an intruder attempting to bypass or otherwise overcome them.
One consequence of this secrecy is that a large number of methods are now in use with, as yet, no standard technique emerging. However, on the basis of the 1982 survey and a follow-up study
Non-standard
Disk Formats
Aim: Prevent copying 1. Disk -residentsoftware Examples: * File protection - delete entries from disk directory . Unformatted tracks and half tracks - Non-standard sync. bytes 2. RAM-resident software Restrict access to software by temporary tion of operating system examples: . Autorun * Disable interrupts Non-standard
modifica-
Disk Formats
Advantages: Cheap (ignoring development costs) Effective against the ‘curious’ Disadvantages: No back-up copies Some vulnerable to ‘bit copiers’ All vulnerable to ‘copykit’ products Use-Protect
Measures
Aim: prevent
unauthorized
use of software
How? Tie software to uncopiable software will not run. Match Examples: - ‘ Dongles’ - Disk ‘watermarks’ * Simple scramblers
device without which serial number/feat&e
and ‘intelligent’
dongles
Advantages: Relatively cheap (approx. E35) Allows back-up copies of software Disadvantages: Product specific Some vulnerable to patching All vulnerable to emulation Secure Systems Aim: convert
insecure
computer
system to secure one
How? Use of secure secondary processor (interfacing insecure host) to run all, or part, of software. Software stored in scrambled form in insecure host RAM. Examples: * ‘Padlock - Software
protection
Fig. 3. Types of Technological
device (NPL/BTG)
Protection
11
Conference Reports
commissioned by the BTG/NPL software protection consortium, methods currently under development or in use may be classified as follows: Copyright, and other notices seeded in the software product; Non-standard disk formats, and ancillary measures, designed to prevent unauthorized copying of disk-based software; ‘Dongles ’ , ‘watermarks’ and other measures designed to prevent unauthorized use of software. Secondary microcomputers designed to convert insecure computer systems into secure systems and provide a secure environment within which to run valuable software. The protection enjoyed by the software supplier varies, from methods providing a low level of security, and thus merely deterring the curious, to those which provide a high level of protection and defeat all but the most determined and resourceful of intruders. Although many measures can, with the minimum of expertise, be overcome, they may nevertheless currently provide sufficient protection. However, it is debatable whether a low level of protection will be sufficient in future, particularly with the increasing sophistication of intruder techniques and the protection problems inherent in the widespread application of software in computer networks. Dr. Elsom gave examples in each category and assessed their effectiveness. He also explained possible future developments in software protection. Computer Crime Insurance: Need, Couer, Costs? Ronald Berg (Sweden) is a senior partner with United Risk Management Consultants AB (Stockholm) and is advisor to the Swedish EDP Vulnerability Board. From 1980 to early in 1984 he was a Risk Management Consultant with Skandia Risk Management and before that he was responsible for EDP insurance service and product development with the Skandia Group. Summary During the last 5-10 years EDP vulnerability has received increasing coverage, discussion and awareness: for example, in Sweden, as a result of governmental actions such as ‘The Vulnerability Committee’ and ‘The Vulnerability Board’. In the USA a number of spectacular and well-publicized frauds have had the same effect. The questions remain: who is the next victim?
How great will the consequences be? How can we protect ourselves from these? Mr. Berg examined, in detail, three aspects of computer crime insurance: the need for it; the type of coverage available; and the cost of that coverage. Need: In an area like EDP security, there is always a danger of inferior source data. It is important to examine loss statistics with great care, in relation to both the nature and frequency of computer crime. The need for insurance cover is closely tied in with the existing level of EDP security, in terms of capital protection, functional protection, data protection and quality protection. The talk outlined techniques of risk management and risk analysis which should be carried out in preparation for the purchase of insurance and which are designed to upgrade existing levels of protection. Coverage: The nature of computer operations requires that a separate EDP package approach be adopted when insuring computer operations. This permits easier cost allocation and generates increased risk awareness/insurance knowledge on the part of the EDP manager. Mr. Berg discussed each element of the EDP insurance package, compared the different policies available and looked at a typical policy wording. He also stressed the need to examine, early on, the potential interface problems between existing policies and the new EDP insurance package. Cost: Insurance will not cover or pay for all losses. It is only one defence among many and should be arranged as a catastrophy cover with high deductibles. This point should be borne in mind when considering the costs and benefits of each component of the insurance package. Data Base Management
Security
Dr. William A.J. Bound (U.K.) is Manager, Security and Banking for CSC Computer Sciences U.K. Ltd. He is responsible for an expanding business area that provides consulting, systems specifications and products. Previously he was Associate Chairman of the Information Resource Protection Department at the US Department of Defense Computer Institute. He holds a 1st Class Honours degree and
72
Conference Reports
doctorate in physics from London University. He is chairman of IFIP/TC 11 Working Group on Office Automation Security and Senior European Editor of Computers & Security.
devised, or it can be the basis of a document to support the internal audit of present practices and procedures. Microcomputer
Summary Creating a database is an expensive undertaking and, once implemented, it represents a major investment which must be properly protected. The illegal modification or disclosure of the database contents is likely to result in major problems and perhaps severe embarrassment, especially with the legal ramifications of the Data Protection Act. Any loss of data could have disastrous consequences. In practice very few organizations have applied risk analysis techniques to identify the threats and implementing countermeasures based on a trade-off between risk and cost. This presentation identified the areas of concern and gave advice on the practicality of applying countermeasures. In discussing database security a broad view was taken of the potential threats and a review of the impact of advances in technology is given. Establishing an effective policy for protecting the database is not a data processing decision. It is a business management issue involving strategy and operational concern. The involvement of management at this level is essential to obtain the necessary degree of commitment and to ensure consistency. Policies were discussed which concern data ownership, data classification and controls. Database security issues in the development environment were also presented by Dr. Bound. Factors to be considered include auditability of the data, consistency across all application areas and checkpoints for management control. Once a database has been established there are many other security issues. These include recovery, software maintenance, the problem of creeping corruption, troubleshooting and failed magnetic media. Access control and ensuring that only the correct information is displayed to a valid user are problems that will exist for many years to come. An example of a secure approach was described as well as case histories of a mini and mainframe implementation for database applications. Some of the more important issues which need to be addressed in the area of data base security were given in the form of a simple questionnaire. The list can be used as a framework around which a strategy for protecting the database could be
Security: Procedures, Hardware
Software
and
Dr. Harold Joseph Highland is Editor-in-Chief of Computers & Security and serves as Press Officer of IFIP Technical Committee 11 on Security and Protection in Information Processing. He is also Distinguished Professor Emeritus of the State University of New named to that post in 1978 by the SUNY Board of Trustees. He is also editor of the ACM SIGSAC Security, Audit and Control Review. He was Fulbright Professor of Computer Science at Helsinki University of Technology and has taught and lectured at many universities in the United States, Canada and Europe. He is the author of over 20 books, the latest of which is Protecting Your Microcomputer System, published in 1984 by John Wiley & Sons. Summary The operating systems available today for microcomputers simply cannot support the many technical security features found on mainframes. Recognizing the reduced level of security in a microcomputer environment does not mean that we should ignore the security that is available today. It should not be a question of all or nothing as is too often the case. Because microcomputer data are available to many more individuals without the extensive protection found in a mainframe environment, it is essential to decide which data must be secured. Protection is now available against certain classes of threats: a. the inadvertent loss of data; b. unauthorized use of the microcomputer; c. casual browsing by unauthorized personnel; d. unauthorized modification of data files and programs; e. intentional but unauthorized destruction of files; f. copying and theft of data files and/or programs. We have sufficient technology - software and
73
Conference Reports
hardware - to protect our microcomputer data files and programs. They offer varying degrees of protection: _ at costs from $5.00 to well over $2,000.00; _ in ways that can be transparent to the user; _ with minor modifications at an inconvenience level similar to entering a password when using a terminal with a mainframe. There are many ways in which computer security can be implemented on both stand-alone and network microcomputer systems. Data and program protection can be very easily implemented. Access control, hard disk file protection and telecommunications security are likewise readily available. The speech was based on an in-house evaluation included in a special report prepared by CompuLit Inc. The detailed, illustrated report evaluates over 60 different software security packages and hardware security devices that can be used to protect data files and programs in single-user, multi-user and network microcomputer environments. The speech covered some seven areas of data security: 1. first level security measures: operating systems, utilities and disks, 2. data compression techniques, 3. encryption software: DES, RSA, XORs and proprietary algorithms, 4. special protective software for hard disks, 5. encryption hardware, 6. access control hardware, 7. communications security hardware. Also included was a demonstration of a free access control program, PASSWORD. The program has been written in CBASIC developed by Digital Research, the creators of CP/M. This basic
language does not require statement numbers which is common to all other BASICS. It permits the use of procedure names, the declaration of variables as strings, integers or real values, and the use of identifiers with up to 31 characters. It also includes built-in cursor, screen and color controls as well as graphics. Furthermore, CBASIC is available in compiler form to be executed on any microcomputer that can operate under either PCDOS or MS-DOS. Participants at the Conference received copies of the PASSWORD program, information on how to create an AUTOEXECBAT file, and a copy of the warning screen used by the program. Also distributed was a list of security software and hardware devices including the names and addresses of the manufacturers. Editor’s Note
Readers interested in receiving a copy of the PASSWORD program and related material may communicate with the Editor. To obtain more information about any speech at The First National Computer Security Conference, communicate with either: (a) Roger Doswell, The National Computing Centre Limited, Oxford Road, Manchester Ml 7ED. Phone: 061-228 6333; Telex 668962; (b) Tony Powell, Elsevier International Bulletins, Mayfield House, 256 Banbury Road, Oxford OX2 7DH, England. Phone: 0865 512242. Harold Joseph Highland
Conference Report
The First National Computer Security Conference The First National Computer Security Conference was held in Nottingham, United Kingdom, on October 29th and 30th, 1984. It was sponsored jointly by Elsevier International Bulletins (U.K.) and the National Computing Center and was designed to encourage the widest possible discussion and exchange of opinion, bringing together keynote speakers and seminar discussion groups on a wide ranging program. Some 200 people attended this two-day conference coming from the United Kingdom, Ireland, Italy, Spain, Denmark, Norway, Sweden, Nigeria, the Netherlands and the United States. There were ten featured presentations by speakers from the United Kingdom, Sweden and the United States. There were eight discussion groups which ran concurrently with the featured presentations. The featured presentations and discussion groups were well organized and executed thanks to the efforts of Ron L. Brown and Roger Doswell of the NCC (Manchester), and Tony Powell and Andrew Carey of Elsevier International Bulletins (Oxford) and their supporting staffs.
Summary of the Presentations This report contains a summary of the featured presentations as well as a brief biographical sketch of each speaker.
Computer
Bruce Goldstein (U.S.A.) is a Senior Security Consultant with CGA Software Products Group (Homdel NJ, U.S.A.) and founder of the International Association for Computer Crime Investigators, having served as the Executive Director until November, 1984. He has degrees in criminal justice and police science and has spent over 20 years in managerial, investigative, instructional and consulting positions.
Summary Computer crime is a typical example of a technological crime that utilizes the very nature of the technology to conceal the criminal act. Computer crime has no season or special time that it is committed but in fact has become in the annals of criminology the most interesting crime to study. The talk revealed some of the things peculiar and particular about computer related crime and computer criminals. In a series of slides, Mr. Goldstein presented the recommended procedures to follow upon discovery that such a crime has been committed and suggestions about policies and procedures to adopt in such instances. The essential points are highlighted in the accompanying visuals. Exposures
North-Holland Computers & Security
0167-4048/85/$3.30
4 (1985) 65-73
0 1985, Elsevier Science Publishers
Fraud
in New Banking
Technology
Graeme Ward, FCCA, IPFA, FBIM (U.K.) is Divisional Manager of Field Operations with Abbey National Building Society (London), primarily responsible for the development and operation of automated financial services and the Society’s B.V. (North-Holland)
66
Conference Reports
DISCOVERY
OF THE EVENT
EMPLOYEE
_ _ _ _
MORALE
Discovered by accident Tipped off by (staff) employee Discovered by audit Outside organization - Police notifies management (rare) _ Employee confesses (rare)
_ _ _ _ _ _
INITIAL
USE OF EXTERNAL
_ _ _ _ _ _
ACTIONS
AFTER
DISCOVERY
Create team Gather relevant information Document all activities Arrange for computer time Duplicate all media Identify the ‘evidence’
-
PLANNING
Benefits costs Risks Expert status
USE OF UNDERCOVER _ _ _ _ _
I
INTERVIEWS
_ _ _ _
Stress confidentiality Use ‘open door’ approach If possible, record via secretary (witness) Keep interview brief - Stress ‘problematic’ aspect _ Maintain professionalism and dignity
!
No management control New exposures created Professional witnesses Reduced danger to civilians Federal Grand Jury
EVERYTHING KNOW ABOUT..
YOU
_ Computer
investigations investigators trials judges juries evidence
- Computer _ Computer _ Computer - Computer _ Computer
crime crime crime crime crime crime
ALWAYS
WANTED
TO
J
Fig. 1. Computer
THE DECISION
LAW ENFORCEMENT
a public
I
CONDUCTING
PROFESSIONALS
_ Technical experts limited
THE INVESTIGATION
_ Determine the phases _ Obtain the strongest team leader - Appraise the internal/external audit staff _ Document the flow of the investigation _ Formulate a press release and establish posture _ Utilize attorneys
The internal climate What do you tell? What you don’t say Use of professionals Patching wounded feelings After the trial
Crime Investigations
by Bruce Goldstein.
PROCESS
_ Criminal trial - Civil trial _ Dismissal/termination _ No court action _ Custom and practice _ Most beneficial
taking up his present Society’s chief internal
review
ATM and electronic funds transfer systems. He is also Director/Trustee of LINK, the vehicle for more than 20 major financial institutions that are cooperating to provide a shared EFTS. Before
post, Mr. Ward auditor.
was the
Summary In his presentation Mr. Ward discussed the exposures arising from the introduction of advanced technology into the most vulnerable environments, the place where the money is kept. Increasingly sophisticated funds transfer and management information systems are being introduced and interconnected between banks and other banks, and between banks and their customers, on a world-wide basis. The risks faced by banks are largely those en-
Conference Reports
countered by other large scale processors of data; it is perhaps the exposure which is so much greater. Like most business problems and challenges, this vulnerability is, in no small measure, a function of the attitudes and the conceptions of the people who direct the business. The paper discusses these attitudes - the tolerance of loss, the view of crime, the impact of security and auditing officers and the level of interest in the testing and certification of systems. Most system designers base their designs upon the expectation that ‘ things will not go wrong’ and that events will occur in a predictable order. Most frauds arise because someone has spotted a loophole in the system or because assumed controls are not effective. To illustrate some of the problems accruing - and without dwelling on individual case histories, the most notable of which have already been very well documented - two strands of well-established technology will be considered. These are plastic cards and electronic funds transfer systems - the areas where the world’s largest frauds are regularly arising. Are defences adequate or could more be done to eliminate loss? The principal point is that there are real exposures to loss both for banks and for the users of banking services and that, in many organizations, more could be done to avoid the consequences of these exposures resulting in loss. There is ample evidence to suggest that even the largest and most well-established of the international banks is vulnerable and that, for smaller banks given the vast amounts at risk and other pressures on liquidity and margins - a single fraud could make the difference between success and failure. It can be argued that it is absolutely essential that every bank - and every other large user of information technology - should adopt a manifesto for security endorsed from the highest level and involving everybody. Consideration will also be given to the role of the internal auditor in relation to control and security. Has he or she been fiddling whilst an electronic Rome was burning? The internal auditor must be a vital element in the defensive system. Data Protection
Legislation:
Guidelines for Action
Christopher T.H. Amety (U.K.) is Human Factors and Data Protection Manager in the Management Systems Department of IBM United King-
61
dom’s Head Office (Portsmouth). Among his current responsibilities is the implementation of the Data Protection Act in the IBM United Kingdom group of companies. He joined IBM in 1961 after reading Law at Oxford. Summary Mr. Amery made a 29 slide presentation of a brief overview of the Act itself followed by some detailed recommendations for its implementation by companies and other bodies. The implementation aspects covered included organization, the data census or survey, review of personal data, registration, communication and security. The UK Data Protection Act was passed in July 1984 and the first of its provisions has now come into effect - giving individuals the right to sue for compensation if a data user’s poor security results in damage to them. The Act will compel nearly everyone who processes personal data automatically to register what data they hold, why, where they get it from, and to whom it will be disclosed. They will have to conform to eight new ‘data protection principles’, and to respond to data subjects wanting to see their own data. There are new official bodies - the Data Protection Registrar, and the Data Protection Tribunal - and there will be new criminal offences and new civil liabilities. There are special provisions for bureaux, for international data transfers, and for a transition period. Telecoms Security Robin L. Sherman (U.K.) is Manager of Branch Data Communications Department and Group Telecommunications Department for Midland Bank plc. He started in computing in 1959 and joined the Midland Bank in 1970 where he was one of those who established the dedicated computer audit and security function within the Bank inspectorate. He currently represents the UK on IS0 TC97/SC20 and is committed to promoting a higher level of user participation in national and international standards activities. Summary Telecommunications in today’s information processing environment represents an area of significant risk if security requirements are not properly understood and steps are not taken to limit exposure to an acceptable level. The pace of
68
Conference Reports
technological development adds increasingly to the range of options available to the network builder and to the network breaker. The growing dependence of organizations upon telecoms within their information systems and the trend towards the sharing of network services heightens their exposure to active attack and raises the cost and complexity of providing reliable means of protection. Security within systems that utilize network services is therefore of paramount importance. In the face of this demand encryption techniques are now available to ensure that critical data are handled in a secure way. At the same time, many of the established security techniques aimed at preventing fraud, the denial of service, or the destruction, modification or disclosure of sensitive data, remain as vital considerations for the network designer today. The need for standards to support technological development has long been accepted. The quantity of work currently being done within ISO, CCITT and the other international standards bodies is considerable. Nonetheless it remains questionable whether this work is being progressed fast enough. The role being played by the UK Department of Trade and Industry through its Intercept Strategy for Open Systems Interconnection is important and should help to identify and promote standards which are near to formal agreement. Nevertheless the role of the manufacturers and the PTTs in developing standards has to be backed up by the active participation of users, who in the end will pay for their implementation anyway. Unfortunately few users outside government, and some academics, are involved even at a national level in standards work. Consideration of a number of network security scenarios within this presentation illustrated the situation facing us today. The need to develop a strategy for coping with the pace of technological advance and the economic forces which are transforming our world is possibly not obvious to all. The key activities which can be considered essential to the identification of such a strategy include the need to maintain compatibility with public networks, whomsoever the network provider may be, and ensuring cost effectiveness. These objectives can run counter to security considerations and the interaction of the individual components of the strategy must be balanced in such a way as
to avoid such compromises. Setting up an effective network management function is arguably the most important component part of one’s telecoms strategy. Indeed it has been argued by some sources that a company’s own organization should be mirrored in the structure of its network management facilities. The advancement of commercially usable cryptography over the past few years has produced a host of new techniques to help us. The range of cryptographic systems available today is examined. Wide acceptance of the DES algorithm has been accompanied by vigorous criticism of it, which continues even today. Authentication using ciphers, such as DES, identify verification techniques and the problems of key management are also discussed. Public key cryptography is still not widely used, but may provide a solution to the key distribution problems which complicate the application of crypt0 in networks. Auditing
of a Financial Institution
Network
Kenneth R. Lindup (U.K.) is an Inspector with the Group Inspection Department of Barclays Bank plc, having started in 1973 as an internal auditor. He has served on security working parties of the Committee of London Clearing Bankers dealing with the security aspects of electronic banking systems. He is a member of the research committee of the Institute of Internal Auditors and an organizer of COMPACS. He has lectured on computer audits in both the U.K. and the U.S.A. Summary As the use of computer networks grows, so the risks of losses from computer related crime increase. Banks and other financial institutions are particularly concerned with ensuring that their systems contain adequate controls. The role of the auditor is to take an independent view and to give assurances to senior management on the security and controls of computer systems. In Barclays Bank this means that the section responsible for EDP audit must look at all aspects of the Bank’s computer operations. To do this, no areas can be left unconsidered. It is not sufficient to examine the system design documentation; audit must also consider the environment that produces the systems, and the environment in which it runs. Operating procedures must be considered, and
Conference
0 Can an application sign on to T.C.A.M. using any T.C.A.M. GET and PUT queues not in use that date? l Can an application ‘impersonate’ another application? 0 Can an application ‘impersonate’ a terminal? l Can an application put any valid information in the message source field? l If a message on the input queue has the correct format and the correct source identifier, will it be accepted as a genuine message from another application? 0 What transactions can be passed between applications? l What validation is carried out to ensure that all messages passed between applications are genuine? 0 Can more than one application open the same GET or PUT queue simultaneously?
Fig. 2. Lindup’s
questionnaire.
compliance with controls must be tested Unless this is done, the auditor cannot be aware of every aspect and component of the system. There is, then, a real danger that the assumptions underlying the audit work program will be invalid. The consequence of this is that any assurance given to senior management may be equally invalid. Mr. Lindup’s paper considered one aspect of the system - the telecommunications network. It is not necessary for the auditor to have an in-depth, technical understanding of telecommunications. Mr. Lindup described an approach which was used within Barclays Bank. Barclays Bank runs several complex networks. Depending on how the networks are defined, they can overlap or they can be seen as separate entities. The approach adopted was to analyze the networks into their component elements. Thus each network could be considered as the sum of its parts. This meant that each element need to be considered only once. This done, Mr. Lindup described a questionnaire that was adopted and modified to make it fit the exercise. A portion of the questionnaire is included in the accompanying illustration. Personnel Aspects of Computer
Security
Ronald Beech (U.K.) served in the Chesire Constabulary from 1938 to 1969. He was stationed in various parts of Chesire in uniform and on CID duty and spent his latter years in administration.
Reports
69
He retired with the rank of Chief Inspector and took an appointment with United Biscuits Ltd at their Liverpool site as Security/Safety Manager where he had special responsibility for the security of the group computer installation.
Summary Chief Inspector Beech discussed the recruitment of staff, beginning with the preliminary application form. He drew attention to the ease with which unsuitable candidates can obtain employment by taking advantage of the weakness at this stage. Generally, there is a failure to check details and a failure to say ‘no’ when the alarm bells of doubt start to ring. Educational, technical and academic qualifications are rarely checked and too often urgency results in corners being cut and the wrong person recruited. Procedures for interviewing potential staff were examined, and reference was made to the enquiries necessary after the candidate’s first screening. These include written enquiries, telephone enquiries, positive ‘ vetting’ and social enquiries. The paper examined the problem of investigating the candidate’s record, obtaining information on previous offences and convictions, and the restrictions placed on checking these statements. In examining the situation of people with a criminal record, Mr. Beech discussed the effect of the Rehabilitation of Offenders Act and the implications of current thinking. Advice was given on the formulation of contractual conditions of employment and, at the same time, the need to ensure that there is in existence a well drafted Code of Internal Discipline, which is understood completely at all levels, particularly by those who have to apply it. Finally, the paper examined the harm that can be done to any organization by recruiting the wrong data processing staff. Apart from basic inefficiency, there are the dangers of reduced staff morale due to the presence of a petty thief or a trouble maker, sabotage, and, above all, the everpresent danger of fraud. During the talk Mr. Beech made reference to several case histories.
Conference Reporrs
70
Software Protection
and Piracy
Dr. Simon M. Elsom (U.K.) is engaged by a firm of London solicitors in the Computer Law and Software Protection practice. Until early in 1984 he was a software protection consultant with the British Technology Group, participating in the development of a software protection method in collaboration with the National Physical Laboratory and a consortium of companies. He is Secretary of the Technology of Software Protection Specialist Group of the British Computer Society and Deputy Chairman of the Society’s Copyright Committee. He was graduated with honors in Physics from the University of Sussex and has his Doctorate from the University of Aston in Birmingham. He worked as a trainee Patent Agent for GEC Ltd and was a research student at the University of Aston. Summary Interest in technological methods of protecting microcomputer software has arisen from the fear of widespread piracy by errant users and dealers and because of a reluctance by many software suppliers to resort to law. Although the extent of unauthorized copying and piracy is unknown, a survey of the U.K. Software Industry in 1982 revealed that at least a quarter of business microcomputer software suppliers in the sample suffered ‘serious’ losses in revenue from one, other or both of these activities. Since then the evidence available suggests that the proportion of suppliers ‘conscious’ that they are losing revenue from piracy of their business software has increased markedly. It is now standard practice for many software suppliers to incorporate technological measures into their products, in an attempt to staunch the loss of revenue. Indeed the 1982 survey also revealed that over 76% of microcomputer software suppliers used some form of technological protection. It is likely that their use is now almost universal. However, very little is published on software protection methods currently in use because (a) many of the measures are not userfriendly, and thus are unlikely to attract custom, and (b) such information may be useful to an intruder attempting to bypass or otherwise overcome them.
One consequence of this secrecy is that a large number of methods are now in use with, as yet, no standard technique emerging. However, on the basis of the 1982 survey and a follow-up study
Non-standard
Disk Formats
Aim: Prevent copying 1. Disk -residentsoftware Examples: * File protection - delete entries from disk directory . Unformatted tracks and half tracks - Non-standard sync. bytes 2. RAM-resident software Restrict access to software by temporary tion of operating system examples: . Autorun * Disable interrupts Non-standard
modifica-
Disk Formats
Advantages: Cheap (ignoring development costs) Effective against the ‘curious’ Disadvantages: No back-up copies Some vulnerable to ‘bit copiers’ All vulnerable to ‘copykit’ products Use-Protect
Measures
Aim: prevent
unauthorized
use of software
How? Tie software to uncopiable software will not run. Match Examples: - ‘ Dongles’ - Disk ‘watermarks’ * Simple scramblers
device without which serial number/feat&e
and ‘intelligent’
dongles
Advantages: Relatively cheap (approx. E35) Allows back-up copies of software Disadvantages: Product specific Some vulnerable to patching All vulnerable to emulation Secure Systems Aim: convert
insecure
computer
system to secure one
How? Use of secure secondary processor (interfacing insecure host) to run all, or part, of software. Software stored in scrambled form in insecure host RAM. Examples: * ‘Padlock - Software
protection
Fig. 3. Types of Technological
device (NPL/BTG)
Protection
11
Conference Reports
commissioned by the BTG/NPL software protection consortium, methods currently under development or in use may be classified as follows: Copyright, and other notices seeded in the software product; Non-standard disk formats, and ancillary measures, designed to prevent unauthorized copying of disk-based software; ‘Dongles ’ , ‘watermarks’ and other measures designed to prevent unauthorized use of software. Secondary microcomputers designed to convert insecure computer systems into secure systems and provide a secure environment within which to run valuable software. The protection enjoyed by the software supplier varies, from methods providing a low level of security, and thus merely deterring the curious, to those which provide a high level of protection and defeat all but the most determined and resourceful of intruders. Although many measures can, with the minimum of expertise, be overcome, they may nevertheless currently provide sufficient protection. However, it is debatable whether a low level of protection will be sufficient in future, particularly with the increasing sophistication of intruder techniques and the protection problems inherent in the widespread application of software in computer networks. Dr. Elsom gave examples in each category and assessed their effectiveness. He also explained possible future developments in software protection. Computer Crime Insurance: Need, Couer, Costs? Ronald Berg (Sweden) is a senior partner with United Risk Management Consultants AB (Stockholm) and is advisor to the Swedish EDP Vulnerability Board. From 1980 to early in 1984 he was a Risk Management Consultant with Skandia Risk Management and before that he was responsible for EDP insurance service and product development with the Skandia Group. Summary During the last 5-10 years EDP vulnerability has received increasing coverage, discussion and awareness: for example, in Sweden, as a result of governmental actions such as ‘The Vulnerability Committee’ and ‘The Vulnerability Board’. In the USA a number of spectacular and well-publicized frauds have had the same effect. The questions remain: who is the next victim?
How great will the consequences be? How can we protect ourselves from these? Mr. Berg examined, in detail, three aspects of computer crime insurance: the need for it; the type of coverage available; and the cost of that coverage. Need: In an area like EDP security, there is always a danger of inferior source data. It is important to examine loss statistics with great care, in relation to both the nature and frequency of computer crime. The need for insurance cover is closely tied in with the existing level of EDP security, in terms of capital protection, functional protection, data protection and quality protection. The talk outlined techniques of risk management and risk analysis which should be carried out in preparation for the purchase of insurance and which are designed to upgrade existing levels of protection. Coverage: The nature of computer operations requires that a separate EDP package approach be adopted when insuring computer operations. This permits easier cost allocation and generates increased risk awareness/insurance knowledge on the part of the EDP manager. Mr. Berg discussed each element of the EDP insurance package, compared the different policies available and looked at a typical policy wording. He also stressed the need to examine, early on, the potential interface problems between existing policies and the new EDP insurance package. Cost: Insurance will not cover or pay for all losses. It is only one defence among many and should be arranged as a catastrophy cover with high deductibles. This point should be borne in mind when considering the costs and benefits of each component of the insurance package. Data Base Management
Security
Dr. William A.J. Bound (U.K.) is Manager, Security and Banking for CSC Computer Sciences U.K. Ltd. He is responsible for an expanding business area that provides consulting, systems specifications and products. Previously he was Associate Chairman of the Information Resource Protection Department at the US Department of Defense Computer Institute. He holds a 1st Class Honours degree and
72
Conference Reports
doctorate in physics from London University. He is chairman of IFIP/TC 11 Working Group on Office Automation Security and Senior European Editor of Computers & Security.
devised, or it can be the basis of a document to support the internal audit of present practices and procedures. Microcomputer
Summary Creating a database is an expensive undertaking and, once implemented, it represents a major investment which must be properly protected. The illegal modification or disclosure of the database contents is likely to result in major problems and perhaps severe embarrassment, especially with the legal ramifications of the Data Protection Act. Any loss of data could have disastrous consequences. In practice very few organizations have applied risk analysis techniques to identify the threats and implementing countermeasures based on a trade-off between risk and cost. This presentation identified the areas of concern and gave advice on the practicality of applying countermeasures. In discussing database security a broad view was taken of the potential threats and a review of the impact of advances in technology is given. Establishing an effective policy for protecting the database is not a data processing decision. It is a business management issue involving strategy and operational concern. The involvement of management at this level is essential to obtain the necessary degree of commitment and to ensure consistency. Policies were discussed which concern data ownership, data classification and controls. Database security issues in the development environment were also presented by Dr. Bound. Factors to be considered include auditability of the data, consistency across all application areas and checkpoints for management control. Once a database has been established there are many other security issues. These include recovery, software maintenance, the problem of creeping corruption, troubleshooting and failed magnetic media. Access control and ensuring that only the correct information is displayed to a valid user are problems that will exist for many years to come. An example of a secure approach was described as well as case histories of a mini and mainframe implementation for database applications. Some of the more important issues which need to be addressed in the area of data base security were given in the form of a simple questionnaire. The list can be used as a framework around which a strategy for protecting the database could be
Security: Procedures, Hardware
Software
and
Dr. Harold Joseph Highland is Editor-in-Chief of Computers & Security and serves as Press Officer of IFIP Technical Committee 11 on Security and Protection in Information Processing. He is also Distinguished Professor Emeritus of the State University of New named to that post in 1978 by the SUNY Board of Trustees. He is also editor of the ACM SIGSAC Security, Audit and Control Review. He was Fulbright Professor of Computer Science at Helsinki University of Technology and has taught and lectured at many universities in the United States, Canada and Europe. He is the author of over 20 books, the latest of which is Protecting Your Microcomputer System, published in 1984 by John Wiley & Sons. Summary The operating systems available today for microcomputers simply cannot support the many technical security features found on mainframes. Recognizing the reduced level of security in a microcomputer environment does not mean that we should ignore the security that is available today. It should not be a question of all or nothing as is too often the case. Because microcomputer data are available to many more individuals without the extensive protection found in a mainframe environment, it is essential to decide which data must be secured. Protection is now available against certain classes of threats: a. the inadvertent loss of data; b. unauthorized use of the microcomputer; c. casual browsing by unauthorized personnel; d. unauthorized modification of data files and programs; e. intentional but unauthorized destruction of files; f. copying and theft of data files and/or programs. We have sufficient technology - software and
73
Conference Reports
hardware - to protect our microcomputer data files and programs. They offer varying degrees of protection: _ at costs from $5.00 to well over $2,000.00; _ in ways that can be transparent to the user; _ with minor modifications at an inconvenience level similar to entering a password when using a terminal with a mainframe. There are many ways in which computer security can be implemented on both stand-alone and network microcomputer systems. Data and program protection can be very easily implemented. Access control, hard disk file protection and telecommunications security are likewise readily available. The speech was based on an in-house evaluation included in a special report prepared by CompuLit Inc. The detailed, illustrated report evaluates over 60 different software security packages and hardware security devices that can be used to protect data files and programs in single-user, multi-user and network microcomputer environments. The speech covered some seven areas of data security: 1. first level security measures: operating systems, utilities and disks, 2. data compression techniques, 3. encryption software: DES, RSA, XORs and proprietary algorithms, 4. special protective software for hard disks, 5. encryption hardware, 6. access control hardware, 7. communications security hardware. Also included was a demonstration of a free access control program, PASSWORD. The program has been written in CBASIC developed by Digital Research, the creators of CP/M. This basic
language does not require statement numbers which is common to all other BASICS. It permits the use of procedure names, the declaration of variables as strings, integers or real values, and the use of identifiers with up to 31 characters. It also includes built-in cursor, screen and color controls as well as graphics. Furthermore, CBASIC is available in compiler form to be executed on any microcomputer that can operate under either PCDOS or MS-DOS. Participants at the Conference received copies of the PASSWORD program, information on how to create an AUTOEXECBAT file, and a copy of the warning screen used by the program. Also distributed was a list of security software and hardware devices including the names and addresses of the manufacturers. Editor’s Note
Readers interested in receiving a copy of the PASSWORD program and related material may communicate with the Editor. To obtain more information about any speech at The First National Computer Security Conference, communicate with either: (a) Roger Doswell, The National Computing Centre Limited, Oxford Road, Manchester Ml 7ED. Phone: 061-228 6333; Telex 668962; (b) Tony Powell, Elsevier International Bulletins, Mayfield House, 256 Banbury Road, Oxford OX2 7DH, England. Phone: 0865 512242. Harold Joseph Highland