[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] ex-KGB-Leute werden zur Cyber-Bedrohung (sagt ein ex-NATO-Mitarbeiter)
Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------
http://www.ds-osac.org/edb/cyber/news/story.cfm?KEY=7854
Thursday, 11 April 2002
The Sunday Tribune
Story:
The biggest threat to ebusiness security is coming from eastern Europe
and Russia.
THE most significant threat to ebusiness security is now coming from
teams of ex-KGB computer specialists working out of eastern Europe and
Russia, according to the former head of data security for Nato's
European HQ. Those teams, working as part of organised crime syndicates,
work to crack large business systems, such as those in banks or large
companies, but are not faced with charges from companies who fear a
crisis of confidence would damage their business.
"Computing is now the medium of business, so it is the medium of fraud,
" said David Love, who used to be the UK RAF's head of data security,
and is now head of Computer Associates' Security Advocacy Group. "The
method of robbing banks is no longer going in with an axe, it is more
subtle. The big banks are, have been and will be attacked simply because
they are attractive targets for people." "The centre for this kind of
organised crime is the Ukraine and Russia, because the old KGB educated
themselves very well in these technologies and have now gone into
business for themselves. But the big banks will never, ever tell anyone,
for good reasons." Love believes that large financial institutions would
risk losing customers by admitting a security failure, so do not even
contact police or press charges. "You only have to look at the Egg
fiasco in the UK where one customer accidentally accessed another's
account in 1999 where no money was taken, but there was an incredible
repuational loss, " he said.
Love, who will this week address the ICT Expo event at the RDS in
Dublin, also said new research shows that the vast majority of security
breaches are now internal rather than external. "There is research in
the US which says that companies are most concerned about internal
breaches, where they see 70% of their security problems coming from, "
he said. "The large organisations and institutions are aware of the
problem and are coping, but the medium-sized and small organisations are
the ones that tend to say 'we trust our employees' and that's where the
problem lies." While most publicised attacks are viruses and worms
transmitted mostly through email, these are not examples of particularly
dangerous cyber-crime, Love warned. "The centre for these kinds of
attacks are US universities, where hackers will try to out-do each other
in writing the best virus, " he said. But these viruses almost never
have a destructive element, or payload, attached to them. They are
written to demonstrate the proficiency of the programmer, not to destroy
computer systems.
The more destructive cyber-crime involves incidents that are rarely
publicised, and now often depends on the burgeoning commercial espionage
industry. "Information broking is a growing industry, where someone
gathers information either that they have been asked for, that they can
use themselves, or that they sell on to a third party, " said Love.
But the changing international political climate could bring a new kind
of attack that systems are not as able to deal with. "We know that
people like the Al Quaeda network are highly trained in computing but
we're not sure exactly what they want to do. You can't predict exactly
what will happen - as a member of the security community we looked at
flying planes into buildings and discounted it - so you can only protect
yourself against reasonable risk." "I think cyber-terrorism will do more
damage than anything else could. How do you make sure you only damage
your enemy? Well, you can target so effectively now. You could write a
virus that only attacks computers with the US English dictionary
selected in Microsoft Word to make sure you attack US users. If you are
anti-west, anything which slows down the economy fulfils your aims. " It
is in launching attacks like these that the until-now relatively
harmless virus and worm technology developed as a hobby could become
devastating. A report by Computer Economics estimated the cost to
business of computer viruses, through damage just caused by their
existence rather than destructive payloads, at $17.1bn. If they carried
a destructive payload, that damage would be far greater. Even
businesses' attempts to protect themselves against these attacks have
caused problems, said Love.
"There were some companies that made a lot of money as people rushed out
and bought security after 11 September, and that included computer
security. But you can waste a lot of money on security products if you
don't know exactly what your requirements are, " said Love.
That need for security will force companies to start using PKI (public
key infrastructure) technology to protect their communications and their
identities.
Security companies are now also using sophisticated artificial
intelligence technology to keep up with virus writers and hackers. "What
we need to do is to recognise when something has some of the qualities
of a virus, not just find a fix for it after it has struck. We can do
that now, " said Love.
---------------------------------------------------------------
Liste verlassen:
Mail an infowar -
de-request -!
- infopeace -
de mit "unsubscribe" im Text.