[ISN] Burglary raises issue of high-tech security

From: mea culpa (jerichoat_private)
Date: Sat Jan 16 1999 - 15:55:26 PST

  • Next message: mea culpa: "Re: [ISN] IRS Computers Vulnerable"

    Friday 15 January 1999 
    Burglary raises issue of high-tech security
    How safe is your credit card number? Or, for that matter, your tax file
    number, driving licence and all the other numbers by which we are known to
    the myriad computer systems through which companies, organisations and
    governments serve us and rule us? 
    Just before Christmas, Amnesty International, and many other tenants of
    their building in Sydney, were burgled. The thieves took only computers,
    presumably to sell in pubs to people who wanted cheap Christmas presents
    and who wouldn't ask questions. 
    In Amnesty's case, the stolen machines were network servers, less than
    useful to a home user, but containing on their hard disks all the
    organisation's data, from e-mails about international campaigns to the
    credit card numbers of their members. 
    But, said Amnesty's national director, Ms Kate Gilmore, ``so far as we
    know, not a single member suffered any loss. It was very inconvenient for
    us, but we had good back-up and the machines were insured. We replaced the
    machines and we were quickly back up and running again.''
    While Amnesty was supported by some of the rich and famous, most of its
    30,000 members and donors were generous and concerned ordinary people who
    paid their subscriptions or gave donations by cheque or cash. Credit cards
    were not often used for such purposes, Ms Gilmore said. 
    ``But, for security reasons, we immediately told the banks, American
    Express and Diners Club what had happened and they acted, freezing
    accounts and organising new cards, just in case. So far as I know, nobody
    suffered any loss.''
    While credit and debit cards are now virtually universal in the developed
    world and handle trillions of dollars worth of transactions a year, more
    fraud occurred with cheques than credit cards, said Hayden Park, spokesman
    for the National Australia Bank. 
    Banks and credit card companies say they have more than adequate measures
    to protect credit cards from fraud but decline to give details. ``If I
    told you, the crims would find out, and that might help them,'' said Mr
    ``We obviously know who they are, in terms of the numbers and can take all
    sorts of steps to delete the number and replace it. We have all sorts of
    measures to protect the cardholder and help the police.'' Any attempt to
    use a stolen credit card number would leave an audit trail that could lead
    police to the criminal, he said. 
    Mr Nick Kennett, chief manager, cards, for the Commonwealth Bank, said
    2500 of the bank's cards were involved in the Amnesty International system
    and the bank had ``taken all necessary steps'' to ensure that their
    customers suffered no loss. 
    In the Amnesty case no plastic was lost; only numbers. That limited their
    use and they were ``highly traceable.''
    One of the impediments to the growth of commerce on the Internet is a
    fairly general concern that credit card numbers might be hijacked by
    hackers or unscrupulous merchants. Yet their use is growing exponentially
    and now involves many billions of dollars a year. 
    ``I wouldn't advise putting your credit card number on the Internet unless
    you use a software package to protect yourself,'' Mr Park said. 
    Australia Post offers a secure key or certificate system that identifies
    not only the user but also the merchant so that both sides know they are
    trading in security and with who they intend. 
    The new Apple Online Store, which opened in Australia today, in common
    with most online merchants, uses modern Secure Sockets Layer (SSL)
    encryption software to ensure transactions are safe. Hackers might be able
    to get into the shop website, but they would be unable to unscramble the
    financial details. 
    Encryption remains a major focus for the world's IT companies and anyone
    who can improve security is instantly feted, no matter how obscure they
    might have been. 
    Thus did fame arrive last month for Sarah Flannery, a 16-year-old from
    Blarney in Ireland, daughter of Dr David Flannery, a mathematics lecturer
    at the Cork Institute of Technology. 
    She developed a brand new mathematical procedure for encrypting Internet
    communications, such as e-mail and online commerce. 
    Her public key algorithm that enables encryption of a document 30 times
    faster than the most widely used current standard, RSA, won her top prize
    at the Irish Young Scientists and Technology Exhibition and a trip to Fort
    Worth, Texas. She has since been besieged with job and scholarship offers. 
    Sarah's code is called Cayley-Purser, named for Arthur Cayley, a 19th
    century expert in mathematics at Cambridge and Michael Purser, a
    cryptographer at Trinity College, Dublin, who, she says, provided the
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:16:04 PDT