Computer Fraud & Security Bulletin September 1993

action. Clancy and her supporters believe that the

public have a right to know and that they are only

providing a service. She maintains that without this service only malicious hackers would have

access and, “The legitimate security

professionals would be left out in the cold.” She

also states that high-level hackers have no need to access legitimate BBSes as virus source code

and hacking tools are readily available in the

hacker underground.

A strong stance against software piracy

According to Investor’s Business Daily,

Megalode Resources Inc has announced a

demonstration release of its new software

security system - SoftCop, to selected software publishers and developers. SoftCop will allow

controlled distribution of licensed software

without hardware locks or install/de-stall routines,

using the latest in Stealth Programming Technology (SPT). It is hoped that companies

using SoftCop will experience increased profits in

coming years.

SoftCop is unique in that its SPT obtains a thumbprint of the Computer Hardware

configuration at the installation. The same disk of

software will require a different algorithm at each

initial install. The system releases unlock

algorithms to registered users who identify

themselves with their registered license. A copy

of software protected by SoftCop when copied or downloaded to a new or alternate hardware platform will need a revised algorithm to operate.

Seattle computer hackers sentenced

Computer hackers Charles Anderson and Costa George Katsaniotis have been sentenced

by Seattle, Washington, US District Court Magistrate David Wilson, to five years of probation and 250 hours of community service. Anderson and Katsaniotis had been convicted of

breaking into computer systems at the Boeing

Company and the District Court itself. They also

were sentenced to pay a combined $30 000

restitution, to be divided between Boeing and the

Court. This amount was intended to offset the

cost of changing the security provisions that they

had compromised. One condition imposed by

Magistrate Wilson was that Anderson and

Katsaniotis were not to own a computer or

compu!ter systems accounts without permission from their probation officer.

Be/den Menkus

One-hundredth of a second holds the key

The Weekend Australian reports that

one-hundredth of a second may hold the key to whether two men charged with hacking into the

NASA computer committed the alleged crime in

Australia. If it is decided that the crime was

committed at the site of the NASA computer, the US may decide to extradite the pair to stand trial

in the USA, however if the crime was committed in Australia the two will be tried under Australian

law. Both the men, Nahshon Even-Chaim and

David John Woodcock, have pleaded not guilty

and Even-Chaim’s barrister argued that the alleged crime occurred in the USAone-hundredth

of a second before the information was displayed on Even-Chaim’s computer screen in Melbourne.

The judge’s ruling on the case has not yet been

given.

Tougher rules to fight pirated goods

The EC has proposed tougher rules to fight the import, export and transit of pirated or

counterfeit goods arriving from outside the

community, it has been reported in the Wall

Street Journal Europe. The previous legislation, from 1986, was implemented only in the UK, France and Germany and was, in general, a

failure. The new rules will back-up member

country and industry regulations on counterfeiting, which were estimated to cost

100 000 jobs in Europe last year. Whilst the rules

aim to reduce the addition of counterfeit goods

01993 Elsevier Science Publishers Ltd

September 1993 Computer Fraud & Security Bulletin

from outside the community, the EC Commission is leaving it up to member states to take action

against pirated goods produced within the community. The new legislation is increased to

include pirated goods, goods made without the

consent of the copyright owner and counterfeit

goods. The definition of counterfeit goods has been broadened to include illegally used

trademarks, packaging carrying unauthorized

logos and any tools intended to manufacture

counterfeit marks or products.

Complaints will be made directly to customs officers and cooperation between industry and

customs authorities will be encouraged. The

Commission does not have the power to set

penalties, but it wants EC countries to adopt stringent punishments to deter offenders.

Hacker eavesdrops on missile attack calls

Telephone conversations between the aides of US Secretary of State, Warren Christopher,

concerning the missile attack on Baghdad, were

overheard by an electronic hacker, it is reported in the Business Week magazine. The magazine claims to have had a copy of the tape since before

President Clinton announced the attack. The

conversations took place as Mr. Christopher flew

back from visiting Mr. Bush, after briefing him on the decision to bomb Baghdad. The calls

between the plane and Washington were

intercepted by an electronic hacker who

specializes in monitoring insecure calls.

Data Protection Registrar’s annual report, June 1993

Eric Howe, the British Data Protection

Registrar, is to retire at the end of the year. Howe,

who has been the registrar since the office was founded in 1984, is retiring slightly early to clear the way for impending EC data protection legislation. He said that a new Registrar should

be appointed to handle the consequences for UK legislation that will result from the EC’s directives,

currently under discussion at the Council of

Ministers.

Howe announced his retirement at the

publication of the ninth annual report of the Registrar. The EC directives will cause

“inevitable changes in the UK law”, said Howe;

he suggested that his successor should start

work next January and be in place to oversee the

whole process of implementing changes.

Ministers and their representatives are

discussing the second draft of the directives and

Howe expects the final agreement soon, to allow the directives to come in place at the end of 1994.

The directives will probably require national laws

to be amended for the start of 1996.

In presenting his last annual report Howe

drew attention to his concern about the growing

market in personal data. Public agitation has

reached new levels during the last 12 months as

a result of the publication of personal information

about public figures such as the former Chancellor, Norman Lamont, and Stella

Rimington, the head of the UK security service,

Ml!% Howe pointed out that the Data Protection

Act contains a major loophole. If data is passed or sold to categories of companies who are registered as receivers of data, then the law has

not been broken. The law, as currently drafted,

cannot control what the receiver does with the information. This loophole allows a legitimate

market in information among ‘enquiry agents’, a

category that can include private investigators.

Howe also drew attention to a possible black

market in information derived either by corruption

or deceit, however, he conceded that there was

little evidence of such activities on a wide scale.

He called for this area of the law to be reviewed.

Other important issues during the last year

have been discussions with the police services,

who want to increase the time for which they can

hold criminal records, and to hold acquittals data

where the acquittal is based on a ‘once only’

defence (such as claiming ignorance of the fact

that the goods were stolen). Also, Howe

expressed concern a UK citizens National Health

Service number could become a national

01993 Elsevier Science Publishers Ltd 5