View
213
Download
1
Embed Size (px)
Citation preview
FRAUD/HACKING NEWS
Hacker crosses from Internet to intranet
I n the United States, more than a dozen of security had to be shut down while new security software was consultant Richards Reiner’s clients have had their installed and several thousand new passwords allocated.
intranets invaded by unauthorized If a company has gaps in its intranet invaders, some of whom changed security, snooping may be just the
passwords on accounts they cracked first of many headaches. Without the
to ensure exclusive access. The “the clients internal right protection in place, a snoop
Globe and Mail reports that Reiner could go on to sabotage sensitive
traced the problem to a teenage network was information by tampering with it. A
hacker who had successfully crossed inundated with disgruntled employee could send out
over from the Internet to companies’ embarrassing E-mail messages in
private internal communications unauthorized users” another person’s name. The best way
networks. The youth accomplished to prevent snooping and tampering is
this by breaching a poorly configured firewall. to equip an intranet with software
that enables it to sniff out hackers who have broken
The young hacker then enlisted the help of a number of through the company firewall. The problem of E-mail
other hackers and the client’s internal network was verification can be solved by forcing users to sign
inundated with unauthorized users. The entire network messages with a digital signature.
UK businesses threatened by phone fraud
B usinesses in the UK are losing millions of pounds a year through
telephone fraud. According to Computing the results of a report written by research company benchmark show that, “Unless the threat of telephone fraud is brought to the attention of the UK’s decision makers and action is taken to alleviate the problem, telephone fraud will be a chink in the corporate security of UK industry and will dramatically alter its financial success.”
Though only 6% of respondents to the survey have knowingly been victims of telephone hacking, a third of the organizations admitted they would be unaware if they had suffered from it. Telephone fraud includes unauthorized access to a corporate telephone network via a company’s PBX system or theft of confidential information. One company admitted that telephone fraud had cost it
A common hacking technique involves direct inward system access, a PBX-based function enabling employees who are not in the office to make use of facilities such as ‘onward dialling’ of long-distance calls. A spokesman for the Telecom Users’ Association said, “Telephone fraud is effectively computer hacking, and the business itself is responsible, rather than BT or Mercury, if it has a private
262 000 in just four days. Of the exchange. respondents, 30% had no idea how long it would take them to detect fraud.
Edlf’OT:‘tiELEN MEYER
Am&an Editor: CHARLES CRESSON WOOQ information integrity Investments, Sausallto,‘Oalifornia~:USA
‘Editdrfal Advlsars: ChLt%A&q~ UK; l&ns~ Gtiss, German?; David Hi&on, CEC, DGXIII:‘L& Labi-enge, New South Wales, Australia; P.,K%u&ee$,:Germanyny: WayneIb+&en, Virginia, USA: Saldan Mankus, Tenriesse~, USA; BIll:Yuiri& @%xwcticut, USA: Silvano Qngetta, Italy;
Auetralasian Editor: BILL J. CAELLI Dorm 8. Parker, California; US& Peter Sommer, UK; Mark Tantam, UK;
CXmansla~d’lJniversity of Technology, Australia PetetThlngsted, Denmark: Hank Wolfe, New Zealand,
European Editor: KEN WON0 Correspondents: Frank Rees, Metbourne, Austra[ia; John Sterllcchi,
4nsight Consulting, London, UK California, USA; Paul Gannon, Brussels, Belgium.
1996,Elsevier Science Ltd., Englaand/SS/lJS~l!5~OO Nopartof this publication may be reproduced, stor w;f!
erartlqle
mechanical, photoco in a retnevaf systeq or transmitted by any form or by an
reaufatfons listed on g ying, recording or otherwise, without the prfor,perrn&on of the publishers. (Readers in K
means, electronic,
ack cover.) e USA -please see special
2 Computer Fraud & Security December 1996 0 1996 Elsevier Science Ltd