home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker Chronicles 1
/
HACKER1.ISO
/
cud2
/
cud209h.txt
< prev
next >
Wrap
Text File
|
1992-09-26
|
8KB
|
151 lines
------------------------------
From: P.A.Taylor@EDINBURGH.AC.UK
Subject: CU in the News: "Hackers" and Bank Blackmail in England
Date: 24 Oct 90 12:59:34 bst
********************************************************************
*** CuD #2.09: File 8 of 8: CU in the News: Hackers/English Banks**
********************************************************************
Taken from: "The Independent On Sunday," October 14, '90:
Mysterious computer experts demand money to reveal how they penetrated
sophisticated security.
HACKERS BLACKMAIL FIVE BANKS by Richard Thomson
At least four British clearing banks and one merchant bank in the City are
being blackmailed by a mysterious group of computer hackers who have broken
into their central computer systems over the last six months. These
breaches of computer security may be the largest and most sophisticated
ever among British Banks.
The electronic break-ins which began last May, could cause chaos for the
banks involved. Once inside their systems, the hackers could steal
information or indulge in sabotage, such as planting false data or damaging
complex computer programs.It is unlikely, however, they would be able to
steal money. So far, the hackers have contented themselves with demanding
substantial sums of money in return for showing the banks how their systems
where penetrated. None of the banks has yet paid.
The break-ins are evidence of the rapid growth in computer fraud and
manipulation in Britain. Although most hacking is relatively trivial, the
latest cases show much sophistication. The hackers have concentrated on
tapping the banks' electronic switching systems which, among other things,
control the routing of funds around the world.
Some of the hackers are in contact with each other, but they are believed
to be operating individually. One computer expert described their level of
expertise and knowledge of the clearing bank computer systems as "truly
frightening". They are not believed to have links with organised crime,
which has become heavily involved in computer hacking in the US over the
last two to three years.
It is a severe embarrassment for the banking community which is frightened
that public awareness of the security breach could undermine public
confidence. As a result, they have not called in the police but have hired
a firm of private investigators, Network Security Management, which is
owned by Hambros Bank and specialises in computer fraud. It is common for
banks not to report fraud and security failures to the police for fear of
damaging publicity.
All the banks approached either denied that they were victims of the
blackmail attempt or refused to comment. The hunt for the hackers is being
led by David Price, managing director of NSM, who confirmed his firm was
investigating computer security breaches at five British banks. "I am
confident of success in catching the hackers," he said. "The amount of
information they can get from the banks will vary depending on the computer
systems and the ways the hackers broke into them," he added. "They could
go back in and sabotage the systems, but they are not threatening to do
so."
The ease with which the hackers appear to have penetrated the systems
highlights the vulnerability of the computer data. Clearing banks in
particular rely on huge computer systems to control their operations, from
cash dispenser payments to massive international transfers of funds.
Security measures were tightened after a large computer fraud at a leading
City bank three years ago Although the bank involved was never named, it is
understood the money was never recovered.
Nevertheless, the speed with which computer technology has developed in the
last few years has made the detection of security breaches more difficult.
According to an expert, who recently advised one of the big four clearers
on its computer systems, there are few people who understand the banks
system well enough even to detect a break-in.
Computer-related fraud has boomed over the last decade as businesses have
come to rely more heavily on electronic information. According to some
reputable UK and US estimates, up to 5% of the gross national product of
western economies disappears in fraud. Experts say that the senior managers
of many companies simply do not appreciate the need for tight security.
The British legal system has been slow to respond. The Computer Misuse Act
which makes it illegal to access a computer without authorisation, came
into effect only at the end of August this year.
(end article)
++++++++++++++++++++++++++++++++++++++++++++
The follow-up article (from The Independent on Oct 21), also by Richard
Thomson, is basically much of the same thing. He quotes a hacker from the
US who's computer "nom de guerre" is Michael Jordan who makes the following
points.
1.One large US bank is notorious for lax security and it has effectively
become a training ground for hackers.
2. Guessing passwords is sometimes "absurdly simple", they tend to choose
words like "Sex, Porsche, or Password"
3.Social Engineering techniques are used and he would spend approx 6 weeks
trying to suss out from a manager's secretary etc. anything he could find
out that would help him have a better chance of accessing a bank's system.
The main body of the article is pretty glib; it has the usual stock phrases
like..."Hackers and Bank employees have always been a danger, but now there
are signs that yesterdays bank robbers have hung up their sawn-off
shot-guns and are turning to computers instead." and even more hypey is ...
" Mr Jordan claims to have been shown pictures of people in organised
crime.
"They're East End lads who've become more sophisticated now. I've been told
that if they ask you to help them and you refuse, it's baseball bats at
dawn."
There's also a discussion of the reliability of fraud figures, a mention of
how various definitions can exaggerate the actual role played by the
computer. Detective Chief Superintendent Perry Nove head of the city fraud
squad defines "computer fraud" as ... "It is when the computer system
itself is attacked rather than just used to facilitate an offence" The main
conclusion on the whole area of fraud is "...the subject remains cloaked in
mythology and mystery.Naturally, no one knows how many frauds are commited
that are never discovered. Matters are further obscured because banks
fearful of bad publicity, sometimes do not report frauds to the police- a
situation that Mr Nove accepts with resignation. There is general agreement
among hackers and other experts that it is more widespread and more
sophisticated in the US, that it is growing in Britain, but that British
Banks are more secure than those in America and the Continent. That is
about as reliable as the detailed information gets."
I hope I've summed up the general tone of the whole article, it was in the
business section of The Independent On Sunday, 21st Oct. The paper's
normally a very good one, so the generally bad coverage this bloke Thomson
gave to the subject of hacking, and the amount of what I'd call "casual
empiricism" he used to back up his arguments, is sadly probably indicative
of what the CU is up against in the way of ignorance and bad reporting. I
thought it was quite ironic that he recognised the role of mystery and
mythology, since he seemed to be doing his best to add to it. Finally, if
he'd of mentioned the word expert once more ..grrrrrrr.... Cheers for now,
P.A.T.
********************************************************************
------------------------------
**END OF CuD #2.09**
********************************************************************
Downloaded From P-80 International Information Systems 304-744-2253 12yrs+