Have you ever asked yourself what is computer security in electronic world?
Now is time to reveal that information.
19 sep 99
British banks am being blackmailed by hackers who penetrate their security systems and threaten to cripple their computers or publish stolen files, a Sunday Times investigation has found.
Ransoms of hundreds of thousands of pounds are being demanded by the hackers and one European bank has admitted it was a victim of the racket.
City investigators say at least two London financial institutions have paid out ransoms totalling more than £1m.
The blackmail threats underline the dangers posed by criminals who "crack" computer security systems. GCHQ, the government`s electronic surveillance centre in Cheltenham, is so concerned by the threat that it is to help key companies safeguard themselves.
About 30 international banks have admitted serious security attacks on their networks last year. Trading, accounting and communications departments are among those that have been "ransacked" at a cost of more than £5m.
One German bank, Noris Verbraucherbank, was targeted by a hacker who claimed he had raided customer accounts and stolen bank access codes. Executives offered a reward for his capture in January last year after he demanded a £300,000 ransom.
City investigators claim the case is not an isolated one.
"There have been a number of cases in the UK where hackers have threatened to shut down the trading floors in financial institutions," said Mark Rasch, a former attorney for computer crime at the United States justice department. "The three I know of (in London) happened in the space of three months last year one after the other." Rasch now works as a legal counsel for Global Integrity, a computer security company.
"There was the same pattern - a high ransom for millions was initially demanded, but then it started to come down. In one case, the trading floor was shut down and a ransom paid."
In another incident last year, an extortionist threatened to publish the stolen client database of a London financial institution unless he was paid a £1m ransom.
Executives called in private investigators, but settled the ransom rather than risk confidential company information being published on the intemet.
A survey by Global Integrity of 50 of the world`s largest banks has revealed that more than half suffered one significant network attack last year. While the most adept hackers - such as Vladimir Levin, the Russian graduate who transferred more than £6m from Citibank in New York after logging on the network from a laptop in Moscow - will seek to steal funds, it is easier to steal information or disable systems.
Corrupt employees are responsible for the vast majority of extortion attempts, but external hackers regularly probe bank security systems. The International Chamber of Commerce (ICC), which is shortly to launch a dedicated cyber crime unit to advise members on the threat, last week confirmed it had received several reports of attempted extortion but was unable to release any figures. It is one of several computer crime issues that will be addressed at an ICC conference on cyber crime in December.
"We have had cases of extortion and the matter has been investigated internally and the threat removed," said Pottengal Mukuindan, director of commercial crime services at ICC. "I don`t think you will find there are many companies which adinit to having a problem."
Edward Wilding, director of computer forensics at Maxima Group, said his firm investigates about four cases of attempted cyber extortion a year for multinationals and financial institutions. "Computer extortion is not rife, but we do get called to assist in incidents where, extortionists have attempted to extract money by the use of encryption and where databases of sensitive information have been stolen," he said.
Companies which are worried about hackers can get advice from the Communications Electronics Security Group, a branch of GCHQ. From next month, it is offering to inspect sensitive computer systems of key companies. Additional reporting: Jessica Berry
Another definition of computer security:
Electronic eavesdropping is becoming mere child`s play. SOFTWARE that allows a computer to receive radio signals could make spying on other computers all too simple, according to two scientists at the
University of Cambridge. Such are the dangers that they are patenting
countermeasures that computer manufacturers can take to foil any
Spies can already read documents written on computers by intercepting the
radio-frequency emissions from their electronics, but the tuning and
antenna equipment needed to do this is not available off-the-shelf and is
very expensive. But a new breed of "software radio", designed to let
computers tune in to radio signals in any waveband, promises to make this
type of eavesdropping simple and cheap. A PC circuit board with a plug-in
aerial does all the tuning under software control and has a digital signal
processor chip to cut noise.
"Equipment to do this [spying] would now cost at least £30 000, but in
five years it will cost less than £1000, and it`s hackers who will be
writing the software," predicts Markus Kuhn, a research student who has
filed the patent with Cambridge cryptographic expert Ross Anderson (see
interview this issue, p 48).
The late Peter Wright, who worked for British intelligence, was the first
to blow the whistle on electronic eavesdropping. His 1986 book,
Spycatcher, revealed how he had spied on messages sent by the French
during Britain`s negotiations to join the European Economic
Community--electromagnetic emissions from the input of the French encoding
machine allowed plain text to be received and read. (See diagram)
Insulating computers in metal jackets to prevent these telltale emissions
is difficult, expensive and ugly. Modern offices want stylish PCs--but
their plastic cabinets emit radiation. So, in patent application GB 2 333
883, Kuhn and Anderson detail how PC makers can foil spies without fitting
PCs with metal enclosures.
In a conventional PC, the magnetic heads of the hard disc drive rest over
the data tracks that were last accessed. The drive keeps spinning, the
heads keep reading and the readout amplifier keeps repeating the
data--which provides a perfect signal for an eavesdropper`s tuner to lock
onto. The inventors say the answer is to load software into the PC that
ensures that the drive heads are always "parked" over a safe area of the
disc which contains no data.
But the monitor also transmits signals, which depend on the text
displayed. An ordinary TV receiver can display on-screen documents on a
remote screen, which can then be video-recorded and transcribed at the
spy`s leisure. So Anderson and Kuhn suggest using a text font with
softened edges. This limits high-frequency emissions--radiation which
beams farthest afield from the computer. Sharp-edged fonts need fast
signal "rise times", which demand high-frequency harmonics.
And keyboards are also troublesome. They rely on a scanning signal, which
radiates the pattern of keys being pressed. So the patent suggests using a
random number generator to continually distort the scanning signal.
New Scientist, 6 November 1999