The US could be on the brink of a "digital Pearl Harbor", if one of the world`s leading information security officials is to be believed. Speaking at the Microsoft-organised SafeNet 2000 conference, the US`s top cyberspace spokesman called on the next president (as we know, now George W Bush) to beef up the government`s computer security to prevent a catastrophe on par with the Japanese attack on Hawaii in 1941. "What this presidential election year showed is that statistically improbable events can occur," Richard Clarke of the National Security Council was quoted as saying. "It may be improbable that cyberspace can be seriously disrupted, it may be improbable that a war in cyberspace can occur, but it could happen."
More than 55 000 credit card numbers were exposed on the Web for in excess of 24 hours before the FBI removed them.
Ian Melamed, chief technology officer, SatelliteSafe
Bush inherits a situation where several nations have created information warfare units, Clarke noted. "These organisations are creating technology to bring down computer networks. Some are doing reconnaissance today on our networks, mapping them," he said. Clarke recommends that Bush appoint a Congress-ratified government-wide chief information officer; and the creation of secure lines of communication between the technology industry and the government, exempt from the Freedom of Information Act. So, after a rough and ropey 2000, we could be in for a more secure 2001!
Clarke also announced that the US government has initiated a programme to help it attract some decent security talent. The programme permits two years of free tuition, worth $25 000 a year, in exchange for two years of service in the government. President Clinton was the champion behind the project. See, he did do some real work in the White House amidst his other shenanigans.
The scale and scope of credit card security on the Internet was starkly highlighted last week. More than 55 000 credit card numbers were exposed on the Web for in excess of 24 hours before the FBI removed them. Creditcards.com, yet another lax e-business company that works with Web merchants to allow them to accept credit card payments, was responsible for the glitch, the consequence of a security hole which allowed a cyberthief to steal the information from its servers. The information was posted after an unsuccessful extortion attempt by a hacker, who then posted the credit card details in retribution. Creditcards.com`s systems are based on Microsoft software...
This was not the only security breach of this nature to be reported in 2000. In January hackers demanded money from CD Universe; they were also not successful, and in retaliation they broke into the company`s database and posted links to thousands of customers` details. These events highlight the real problem for people buying with credit cards over the Internet: while people are most concerned that their credit card details could be intercepted, in fact the principal issue is the vulnerability of database back-ends, where vast amounts of personal information - including non-Internet transactions - are aggregated and left wide open to hackers, for extortion or exploitation. The implications of the breach are formidable: while consumers will be inconvenienced and irritated, credit card companies will lose up to $1 million in carrying the cost of replacement credit cards; and Creditcards.com will probably go out of business, as its entire value proposition was mandated on the trust it engendered in its customers. So, beware: while hacking violations, such as that which plagued Microsoft, might be viewed as a nuisance, they can have far-reaching consequences. Just by the by, Internet Security Systems puts this violation in the top 100 of all time, and adds that it comes across one such extortion a month.
Someone, somewhere, must have a great sense of humour or insight, to have given the Kakworm its name, when one considers the South African spin placed on it. After a truly memorable year for viruses, Kakworm has emerged as the world`s most prevalent piece of malware. Yes, I love You may have grabbed all the headlines as it spread worldwide, but Kakworm, a Visual Basic script worm which attacks Outlook users, was the most pervasive nasty. For instance, antivirus vendor Sophos says 17% of all calls to its helpline since January have concerned Kakworm.
Two thoughts with which to leave you after another exhausting security year:
1. 1 By allowing Microsoft and Intel to dominate the desktop as we have, we have encouraged the development of a desktop software mono-culture - so big that it has critical mass and represents a target of such magnitude that virus authors need not bother with anything else.
2. 2 For software developers, when it comes to a tossup between functionality and security, functionality always wins.
It`s been a notable year, with the `I Love You` virus and e-commerce violations grabbing the headlines week in and out. There are solutions, but we all need to take information security as seriously as possible next year. Otherwise, we can expect 2001: A Cyberspace Odyssey! Signing off, for this year!
Source information gleaned from Associated Press, Computergram, Silicon.com and ZDNet.
Share
