2

Click here to load reader

AT&T provides cautious anti-hacking service

Embed Size (px)

Citation preview

Page 1: AT&T provides cautious anti-hacking service

JULY 1992 ISSN: 0142-0496

Editor: DNA MONK

Editorial Consultant: DR. KEN WONG P A Consultants London

Editorial Advisors: Professor Henry J. Beker, UK; William A,J. Bound, UK; Or Jerry Fitzgerald, California, USA; Or Allan Fox, UK; Hana Gliss, Germany; Fred M. Greguras, California, USA; Alistair Kelman, UK; Dr Les Lawrence, New South Wales, Australia; Gordon Lennox, Belgium; David T. Lindsay, LJt(; Wayne Madsen, New Jersey, USA; Belden Menkus, Tennessee, USA; Donn B. Parker, California, USA; Michael I. Sobol, Massachusetts, USA: Peter Sommer, UK; Mark Tantam, UK.

~orresp~dents: Frank Bees, Melbourne, Australia, John Sterlicehi, California, USA.

NEWS

AT&T provides cautious anti-jacking service

AT&T has announced that it will now try to help customers fight against phone fraud, after

years of forcing corporations to pay up or be sued. AT&T is following after a similar initiative by

rival Sprint. Toll fraud is estimated to have cost US businesses some $1.2 billion in 1991. The

basic service, called Netprotect, means that AT&T will monitor its customers toll-free and

international lines (only) and warn them of possible fraudulent activity. Note that despite the

name, this monitoring is not a preventative

measure.

Customers can purchase two additional

network monitoring services for a fee. NetProtect Enhanced and Premium Service cap the

customers’ liabili~ at $25 000 per ‘incident’, while

providing more customized call monitoring. AT&T

has also released Hacker Trackers, a software

program which will track and alert users of incoming and outgoing fraudulent calls on PBX

lines. The program costs $1995. However, if customers do not sign up for the liability limit plan,

01992 Elsevier Science Publishers Ltd., England./SZ/$O.OO + 3.00 No part pf this publication may be reproduced, stored in a retrieval system, or transmitted by any form or by any means, electronic, mechamcal, photocopyrng, recording or otherwise, without the prior permission of the publishers. (Readers in the U.S.A. -please see special regulations listed on back cover.)

Page 2: AT&T provides cautious anti-hacking service

Computer Fraud & Security Etuttetin July 1992

they will still be sued by AT&T for charges

incurred.

“it’s the way the tariffs are written” disclaimed

Russell Thomas, a spokesperson for AT&T.

“Since the call goes through the customer’s

equipment it is legally the customer’s

responsibility to stop it from happening. And if

they don’t then the law says that they are going to have to pay for the charges. This puts us in a tough situation because that is not the attitude

that AT&T wants to show the users.”

More cynical observers might note that the

services have been started following litigation

begun by Mitsubishi last summer (see August

1991 issue of CFSj. The complaint charges that

AT&T failed to warn Mitsubishi of security

breaches over a remote access phone system, and of overlooking the source of the problems as

the situation got worse. The suit contested

f430 000 of telephone charges, seeks to

recovers costs for replacing the system and to receive compensation for charges. Note that the

suit assumes some fiabifity on AT&T’s part, even

in the absence of any pre-paid monitoring

service.

Teenage hackers attack credit files

Two teenage Dayton, Ohio, computer

hackers reportedly have penetrated consumer

credit history files maintained by Atlanta based

Equifax, a major collector and marketer of such data. The names of these individuals apparently

were not disclosed due to their age. Officers

executing search warrants at their home

confiscated six microcomputers and numerous diskettes Equifax since has claimed that it is

working on making remote access to its databases more difficult.

Equifax claims that the teenagers either had stolen or had been given avalid customer number and access code that aided them in penetrating its Equifax system. The teenagers are alleged to

be part of a group of possibly 50 computer

hackers that was under investigation for some

time The group reportedly made up to $82 000 worth of unauthorized telephone calls in 1991

through an $00 number provided to legitimate

customers of LDDS Communications, a long

distance telecommunication service provider.

San Diego police are working on a similar case with the help of a juvenile informer who has

not been charged. According to a report in

Compuferwortd the informer took the police to a

computer store where he demonstrated how to

crack the Eqwifax system. The San Diego police

estimate that some 100 people have used

Equifax access codes, obtained from bulletin

boards, to obtain credit card numbers. The case

is very similar and possibly related to the one in Dayton, Ohio.

Eleiden Menkus

European C~mrnun~t~ funds more computer security

The European Gommjssion has launched a

major new project to provide businesses with

formal assurance about information security. A

consortium has been formed by Touche Ross, Nowhere Tefecom, fABG and XP Conseif to study

the problem. The study wifl initially consist of a

European wide survey on the views of companies

and government organizations and will build on

the existing experience of secure product

evaluations, in particular ITSEC (the European

evaluation criteria) and ITSEM (the evaluators’

manuatf which are now in use.

Viruses creep into Japan

The number of computers infected with viruses has been rapidly increasing, according to a recent report in 7%e Japan Times. Statistics

from the Japan IT Promotion Agency, an

organization affiliated with the Ministry of

International Trade and Industry, show that 37 damaging viruses were reported between 1 January and 23 March this year, compared with

2 01992 Elsevier Science Publishers Ltd