View
218
Download
0
Embed Size (px)
Citation preview
Computer Fraud & Security Bulletin September 1993
action. Clancy and her supporters believe that the
public have a right to know and that they are only
providing a service. She maintains that without this service only malicious hackers would have
access and, “The legitimate security
professionals would be left out in the cold.” She
also states that high-level hackers have no need to access legitimate BBSes as virus source code
and hacking tools are readily available in the
hacker underground.
A strong stance against software piracy
According to Investor’s Business Daily,
Megalode Resources Inc has announced a
demonstration release of its new software
security system - SoftCop, to selected software publishers and developers. SoftCop will allow
controlled distribution of licensed software
without hardware locks or install/de-stall routines,
using the latest in Stealth Programming Technology (SPT). It is hoped that companies
using SoftCop will experience increased profits in
coming years.
SoftCop is unique in that its SPT obtains a thumbprint of the Computer Hardware
configuration at the installation. The same disk of
software will require a different algorithm at each
initial install. The system releases unlock
algorithms to registered users who identify
themselves with their registered license. A copy
of software protected by SoftCop when copied or downloaded to a new or alternate hardware platform will need a revised algorithm to operate.
Seattle computer hackers sentenced
Computer hackers Charles Anderson and Costa George Katsaniotis have been sentenced
by Seattle, Washington, US District Court Magistrate David Wilson, to five years of probation and 250 hours of community service. Anderson and Katsaniotis had been convicted of
breaking into computer systems at the Boeing
Company and the District Court itself. They also
were sentenced to pay a combined $30 000
restitution, to be divided between Boeing and the
Court. This amount was intended to offset the
cost of changing the security provisions that they
had compromised. One condition imposed by
Magistrate Wilson was that Anderson and
Katsaniotis were not to own a computer or
compu!ter systems accounts without permission from their probation officer.
Be/den Menkus
One-hundredth of a second holds the key
The Weekend Australian reports that
one-hundredth of a second may hold the key to whether two men charged with hacking into the
NASA computer committed the alleged crime in
Australia. If it is decided that the crime was
committed at the site of the NASA computer, the US may decide to extradite the pair to stand trial
in the USA, however if the crime was committed in Australia the two will be tried under Australian
law. Both the men, Nahshon Even-Chaim and
David John Woodcock, have pleaded not guilty
and Even-Chaim’s barrister argued that the alleged crime occurred in the USAone-hundredth
of a second before the information was displayed on Even-Chaim’s computer screen in Melbourne.
The judge’s ruling on the case has not yet been
given.
Tougher rules to fight pirated goods
The EC has proposed tougher rules to fight the import, export and transit of pirated or
counterfeit goods arriving from outside the
community, it has been reported in the Wall
Street Journal Europe. The previous legislation, from 1986, was implemented only in the UK, France and Germany and was, in general, a
failure. The new rules will back-up member
country and industry regulations on counterfeiting, which were estimated to cost
100 000 jobs in Europe last year. Whilst the rules
aim to reduce the addition of counterfeit goods
01993 Elsevier Science Publishers Ltd
September 1993 Computer Fraud & Security Bulletin
from outside the community, the EC Commission is leaving it up to member states to take action
against pirated goods produced within the community. The new legislation is increased to
include pirated goods, goods made without the
consent of the copyright owner and counterfeit
goods. The definition of counterfeit goods has been broadened to include illegally used
trademarks, packaging carrying unauthorized
logos and any tools intended to manufacture
counterfeit marks or products.
Complaints will be made directly to customs officers and cooperation between industry and
customs authorities will be encouraged. The
Commission does not have the power to set
penalties, but it wants EC countries to adopt stringent punishments to deter offenders.
Hacker eavesdrops on missile attack calls
Telephone conversations between the aides of US Secretary of State, Warren Christopher,
concerning the missile attack on Baghdad, were
overheard by an electronic hacker, it is reported in the Business Week magazine. The magazine claims to have had a copy of the tape since before
President Clinton announced the attack. The
conversations took place as Mr. Christopher flew
back from visiting Mr. Bush, after briefing him on the decision to bomb Baghdad. The calls
between the plane and Washington were
intercepted by an electronic hacker who
specializes in monitoring insecure calls.
Data Protection Registrar’s annual report, June 1993
Eric Howe, the British Data Protection
Registrar, is to retire at the end of the year. Howe,
who has been the registrar since the office was founded in 1984, is retiring slightly early to clear the way for impending EC data protection legislation. He said that a new Registrar should
be appointed to handle the consequences for UK legislation that will result from the EC’s directives,
currently under discussion at the Council of
Ministers.
Howe announced his retirement at the
publication of the ninth annual report of the Registrar. The EC directives will cause
“inevitable changes in the UK law”, said Howe;
he suggested that his successor should start
work next January and be in place to oversee the
whole process of implementing changes.
Ministers and their representatives are
discussing the second draft of the directives and
Howe expects the final agreement soon, to allow the directives to come in place at the end of 1994.
The directives will probably require national laws
to be amended for the start of 1996.
In presenting his last annual report Howe
drew attention to his concern about the growing
market in personal data. Public agitation has
reached new levels during the last 12 months as
a result of the publication of personal information
about public figures such as the former Chancellor, Norman Lamont, and Stella
Rimington, the head of the UK security service,
Ml!% Howe pointed out that the Data Protection
Act contains a major loophole. If data is passed or sold to categories of companies who are registered as receivers of data, then the law has
not been broken. The law, as currently drafted,
cannot control what the receiver does with the information. This loophole allows a legitimate
market in information among ‘enquiry agents’, a
category that can include private investigators.
Howe also drew attention to a possible black
market in information derived either by corruption
or deceit, however, he conceded that there was
little evidence of such activities on a wide scale.
He called for this area of the law to be reviewed.
Other important issues during the last year
have been discussions with the police services,
who want to increase the time for which they can
hold criminal records, and to hold acquittals data
where the acquittal is based on a ‘once only’
defence (such as claiming ignorance of the fact
that the goods were stolen). Also, Howe
expressed concern a UK citizens National Health
Service number could become a national
01993 Elsevier Science Publishers Ltd 5