FRAUD/HACKING
NEWS
Hacker crosses from Internet to intranet n the United States, Iconsultant Richards
more than a dozen of security Reiner’s clients have had their intranets invaded by unauthorized invaders, some of whom changed passwords on accounts they cracked to ensure exclusive access. The Globe and Mail reports that Reiner traced the problem to a teenage hacker who had successfully crossed over from the Internet to companies’ private internal communications networks. The youth accomplished this by breaching a poorly configured firewall.
had to be shut down while new security software was installed and several thousand new passwords allocated. If a company has gaps in its intranet security, snooping may be just the first of many headaches. Without the right protection in place, a snoop could go on to sabotage sensitive information by tampering with it. A disgruntled employee could send out embarrassing E-mail messages in another person’s name. The best way to prevent snooping and tampering is to equip an intranet with software that enables it to sniff out hackers who have broken through the company firewall. The problem of E-mail verification can be solved by forcing users to sign messages with a digital signature.
“the clients internal network was inundated with unauthorized users”
The young hacker then enlisted the help of a number of other hackers and the client’s internal network was inundated with unauthorized users. The entire network
UK businesses threatened by phone fraud in the UK are losing Businesses millions of pounds a year through telephone fraud. According to Computing the results of a report written by research company benchmark show that, “Unless the threat of telephone fraud is brought to the attention of the UK’s decision makers and action is taken to alleviate the problem, telephone fraud will be a chink in the corporate security of UK industry and will dramatically alter its financial success.”
Though only 6% of respondents to the survey have knowingly been victims of telephone hacking, a third of the organizations admitted they would be unaware if they had suffered from it. Telephone fraud includes unauthorized access to a corporate telephone network via a company’s PBX system or theft of confidential information. One company admitted that telephone fraud had cost it 262 000 in just four days. Of the respondents, 30% had no idea how long it would take them to detect fraud.
Edlf’OT:‘tiELEN MEYER Am&an Editor: CHARLES CRESSON WOOQ information integrity Investments, Sausallto,‘Oalifornia~:USA Auetralasian Editor: BILL J. CAELLI CXmansla~d’lJniversity of Technology, Australia European Editor: KEN WON0 4nsight Consulting, London, UK
A common hacking technique involves direct inward system access, a PBX-based function enabling employees who are not in the office to make use of facilities such as ‘onward dialling’ of long-distance calls. A spokesman for the Telecom Users’ Association said, “Telephone fraud is effectively computer hacking, and the business itself is responsible, rather than BT or Mercury, if it has a private exchange.
‘Editdrfal Advlsars: ChLt%A&q~ UK; l&ns~ Gtiss, German?; David Hi&on, CEC, DGXIII:‘L& Labi-enge, New South Wales, Australia; P.,K%u&ee$,:Germanyny: WayneIb+&en, Virginia, USA: Saldan Mankus, Tenriesse~, USA; BIll:Yuiri& @%xwcticut, USA: Silvano Qngetta, Italy; Dorm 8. Parker, California; US& Peter Sommer, UK; Mark Tantam, UK; PetetThlngsted, Denmark: Hank Wolfe, New Zealand, Correspondents: Frank Rees, Metbourne, Austra[ia; John California, USA; Paul Gannon, Brussels, Belgium.
Sterllcchi,
1996,Elsevier Science Ltd., Englaand/SS/lJS~l!5~OO erartlqle Nopartof this publication may be reproduced, stor w;f!in a retnevaf systeq or transmitted by any form or by an means, electronic, of the publishers. (Readers in K e USA -please see special mechanical, photoco ying, recording or otherwise, without the prfor,perrn&on reaufatfons listed on g ack cover.)
2
Computer Fraud & Security December 1996 0 1996 Elsevier Science Ltd