MARCH 1994 ISSN: 0142-0496

Edilor: HELEN COLLINSON

Amorlcsn Editor: CHARLES CRESSON WOOD Information Integrity Investments Sausslito, California, USA

AustnlPrian Edltor: BILL J. CAELLI Queensland University of Technology Australia

European Edltor: KEN WONG PA Consulting Group London, UK

Editorial Advisors: Chris Amery, UK; Hans Gliss, Germany; David Herson, CEC. DGXIII; Les Lawrence, New South Wales, Australia: P.Kraaibeek, Germany; Gordon Lennox, Belgium: Wayne Madsen, New Jersey, USA; Belden Menkus, Tennessee, USA: Bill Murray, New Canaan, USA; Silvano Ongetta, Italy; Donn B. Parker, California, USA; Peter Sommer, UK; Mark Tantam, UK: Peter Thingsted, Denmark; Hank Wolfe, New Zealand.

Correspondents: Frank Rees, Melbourne, Australia, John Sterlicchi, California, USA, Paul Gannon, Brussels, Belgium.

NETWORK NEWS

Network monitoring attacks ,...I.......*..,........** 1

STANDARDS/LEGfSLATK3N NEWS

Italy - New computer crime law . . . . . . . . . . . . . . . . . 3

Clipper chip compromise proposed . . . . . . . . . . . . . 4

FRAUD NEWS

Password thief jailed . . . . . . . . . . ..I....................... 4

SURVEY NEWS

Survey of Computer Fraud & Abuse 1993 . . .4

MARKETPLACE ,....*,.,....*......,*......I..........*. 5

REPORTS

The Los Angeles earthquake . . . . . . . . . ..~.........._ 6

Bomber stalks Internet .*.,.......................I..... 7

OPEN SYSTEMS NEEDN’T BE! . . . . . . . . . . . . . . . . 8

EVENTS . . ..**....*...*.*...*............*................... 20

STOP PRESS . . . . . . . . ..I......................,,.......*. 20

NETWORK NEWS

Network monitoring attacks

At the beginning of February the DOD

Automated Systems Security Incident Support

Team (ASSIST) received information about

dramatic increases in reports of Internet intruders

monitoring network traffic using root-

compromised systems supporting a promiscuous

network interface. The intruders first penetrate a

system and gain root access through an unpatched vulnerability. They then run a network

monitoring tool that captures up to the first 128

keystrokes of all newly opened ftp, tftp, telnet,

and rlogin sessions visible within the compromised system’s domain. These

keystrokes usually contain host, account, and

password information for user accounts on other

systems, and are logged for later retrieval. The intruders typically install trojan horse programs to

support subsequent access to the compromised

system and to hide their network monitoring

process.

The reports indicate that tens of thousands of systems connected to the Internet are involved, including a number of Milnet systems.

01994 Elsevier Science Ltd., England./94/$7.00 per item No part of this publication may be reproduced, stored in a retrieval system, or transmitted by any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of the publishers. see special regulations listed on back cover.)

(Readers in the U.S.A. - please

Computer Fraud & Security Bulletin June 1990

A$750 for gaining access to a computer without lawful authority. While working for a computing company the accused had copied business record systems without permission from his employer.

During the trial the defence argued that the computer trespass law could be viewed in the same light as ordinary trespass, where it was necessary to prove not merely that the incident had happened, but also that there had been criminal intent. If this distinction was not drawn with equal force in the case of computer trespass, then thousands of schoolchildren and employees going about their business could be breaking the law.

The magistrate, however, disagreed: the law clearly applied in this case and was not confined to cases where there was clearly criminal intent, such as theft. He held that the law had been enacted precisely because of the harm done by mere access, and that prosecutions such as the one before the court were necessary because they involved programs of great value. Nonetheless, the magistrate conceded that the application of the computer trespass law would require common sense.

Frank Rees

Virus epidemic disrupts India

Indian newspapers, university departments, software developers, military bases and banks are all suffering the depredations of computers viruses, according to a recent report in Asia Technology. One large corporation in Bangalore lost nearly all its data and had to shut down for three days to remove the offending virus. Unfortunately, the company did not keep replacement back-ups of the files and is having to rebuild its data from scratch.

The Independent of Bombay, an up-market daily produced entirely on computer, was crippled for six hours last December. A badly written modification of the Jerusalem virus didn’t destroy any files, but locked up the system and

corrupted the Indian-made software. Engineers at the newspaper offices say the virus was loaded onto the system from bootleg floppy disks containing computer games. The 7 December issue of the newspaper eventually appeared containing only eight rather than the usual 16 pages.

Earlier in the year a virus called Ashar erased files and corrupted data at the University of Delhi’s department of physics and astrophysics, and at the Indian Institute of Technology in Delhi. Ashar, a word that has no known meaning in India, is thought to have originated at the university itself. Another virus, the Pakistani Brain, had previously caused havoc at the navy’s Southern Command headquarters at Vishakhapatanam.

Other places to be affected have included two Bangalore computers schools, a bank and a major software company in Bombay. The software house had to withdraw a financial accounting package from the market for two weeks when it discovered that a virus had infected the disks, including the master copies.

To counter the epidemic, the National Association of Software & Service Companies has launched a set of 14 vaccines, the first such software to be distributed in India. NASSCOM members receive the set free, and non-members can also purchase the software for the nominal fee of $5.40.

Vijay Mukhi, one of programmers who developed the vaccines, claims that India has so far got off very lightly. “Luckily, most computers in India are stand-alone systems,” explains Mukhi, “with networks, the spread of viruses could have been much faster.” This advantage appears to be only temporary, as at least two nationwide networks are now being organized in India.

Hacking bill widens police powers

The UK Government’s proposed Computer Misuse bill has been amended to allow police t0

01990 Elsevier Science Publishers Ltd