Click here to load reader
Upload
mike-moeller
View
214
Download
0
Embed Size (px)
Citation preview
JULY 1992 ISSN: 0142-0496
Editor: DNA MONK
Editorial Consultant: DR. KEN WONG P A Consultants London
Editorial Advisors: Professor Henry J. Beker, UK; William A,J. Bound, UK; Or Jerry Fitzgerald, California, USA; Or Allan Fox, UK; Hana Gliss, Germany; Fred M. Greguras, California, USA; Alistair Kelman, UK; Dr Les Lawrence, New South Wales, Australia; Gordon Lennox, Belgium; David T. Lindsay, LJt(; Wayne Madsen, New Jersey, USA; Belden Menkus, Tennessee, USA; Donn B. Parker, California, USA; Michael I. Sobol, Massachusetts, USA: Peter Sommer, UK; Mark Tantam, UK.
~orresp~dents: Frank Bees, Melbourne, Australia, John Sterlicehi, California, USA.
NEWS
AT&T provides cautious anti-jacking service
AT&T has announced that it will now try to help customers fight against phone fraud, after
years of forcing corporations to pay up or be sued. AT&T is following after a similar initiative by
rival Sprint. Toll fraud is estimated to have cost US businesses some $1.2 billion in 1991. The
basic service, called Netprotect, means that AT&T will monitor its customers toll-free and
international lines (only) and warn them of possible fraudulent activity. Note that despite the
name, this monitoring is not a preventative
measure.
Customers can purchase two additional
network monitoring services for a fee. NetProtect Enhanced and Premium Service cap the
customers’ liabili~ at $25 000 per ‘incident’, while
providing more customized call monitoring. AT&T
has also released Hacker Trackers, a software
program which will track and alert users of incoming and outgoing fraudulent calls on PBX
lines. The program costs $1995. However, if customers do not sign up for the liability limit plan,
01992 Elsevier Science Publishers Ltd., England./SZ/$O.OO + 3.00 No part pf this publication may be reproduced, stored in a retrieval system, or transmitted by any form or by any means, electronic, mechamcal, photocopyrng, recording or otherwise, without the prior permission of the publishers. (Readers in the U.S.A. -please see special regulations listed on back cover.)
Computer Fraud & Security Etuttetin July 1992
they will still be sued by AT&T for charges
incurred.
“it’s the way the tariffs are written” disclaimed
Russell Thomas, a spokesperson for AT&T.
“Since the call goes through the customer’s
equipment it is legally the customer’s
responsibility to stop it from happening. And if
they don’t then the law says that they are going to have to pay for the charges. This puts us in a tough situation because that is not the attitude
that AT&T wants to show the users.”
More cynical observers might note that the
services have been started following litigation
begun by Mitsubishi last summer (see August
1991 issue of CFSj. The complaint charges that
AT&T failed to warn Mitsubishi of security
breaches over a remote access phone system, and of overlooking the source of the problems as
the situation got worse. The suit contested
f430 000 of telephone charges, seeks to
recovers costs for replacing the system and to receive compensation for charges. Note that the
suit assumes some fiabifity on AT&T’s part, even
in the absence of any pre-paid monitoring
service.
Teenage hackers attack credit files
Two teenage Dayton, Ohio, computer
hackers reportedly have penetrated consumer
credit history files maintained by Atlanta based
Equifax, a major collector and marketer of such data. The names of these individuals apparently
were not disclosed due to their age. Officers
executing search warrants at their home
confiscated six microcomputers and numerous diskettes Equifax since has claimed that it is
working on making remote access to its databases more difficult.
Equifax claims that the teenagers either had stolen or had been given avalid customer number and access code that aided them in penetrating its Equifax system. The teenagers are alleged to
be part of a group of possibly 50 computer
hackers that was under investigation for some
time The group reportedly made up to $82 000 worth of unauthorized telephone calls in 1991
through an $00 number provided to legitimate
customers of LDDS Communications, a long
distance telecommunication service provider.
San Diego police are working on a similar case with the help of a juvenile informer who has
not been charged. According to a report in
Compuferwortd the informer took the police to a
computer store where he demonstrated how to
crack the Eqwifax system. The San Diego police
estimate that some 100 people have used
Equifax access codes, obtained from bulletin
boards, to obtain credit card numbers. The case
is very similar and possibly related to the one in Dayton, Ohio.
Eleiden Menkus
European C~mrnun~t~ funds more computer security
The European Gommjssion has launched a
major new project to provide businesses with
formal assurance about information security. A
consortium has been formed by Touche Ross, Nowhere Tefecom, fABG and XP Conseif to study
the problem. The study wifl initially consist of a
European wide survey on the views of companies
and government organizations and will build on
the existing experience of secure product
evaluations, in particular ITSEC (the European
evaluation criteria) and ITSEM (the evaluators’
manuatf which are now in use.
Viruses creep into Japan
The number of computers infected with viruses has been rapidly increasing, according to a recent report in 7%e Japan Times. Statistics
from the Japan IT Promotion Agency, an
organization affiliated with the Ministry of
International Trade and Industry, show that 37 damaging viruses were reported between 1 January and 23 March this year, compared with
2 01992 Elsevier Science Publishers Ltd