Friday 15 January 1999 Burglary raises issue of high-tech security By GARRY BARKER TECHNOLOGY REPORTER How safe is your credit card number? Or, for that matter, your tax file number, driving licence and all the other numbers by which we are known to the myriad computer systems through which companies, organisations and governments serve us and rule us? Just before Christmas, Amnesty International, and many other tenants of their building in Sydney, were burgled. The thieves took only computers, presumably to sell in pubs to people who wanted cheap Christmas presents and who wouldn't ask questions. In Amnesty's case, the stolen machines were network servers, less than useful to a home user, but containing on their hard disks all the organisation's data, from e-mails about international campaigns to the credit card numbers of their members. But, said Amnesty's national director, Ms Kate Gilmore, ``so far as we know, not a single member suffered any loss. It was very inconvenient for us, but we had good back-up and the machines were insured. We replaced the machines and we were quickly back up and running again.'' While Amnesty was supported by some of the rich and famous, most of its 30,000 members and donors were generous and concerned ordinary people who paid their subscriptions or gave donations by cheque or cash. Credit cards were not often used for such purposes, Ms Gilmore said. ``But, for security reasons, we immediately told the banks, American Express and Diners Club what had happened and they acted, freezing accounts and organising new cards, just in case. So far as I know, nobody suffered any loss.'' While credit and debit cards are now virtually universal in the developed world and handle trillions of dollars worth of transactions a year, more fraud occurred with cheques than credit cards, said Hayden Park, spokesman for the National Australia Bank. Banks and credit card companies say they have more than adequate measures to protect credit cards from fraud but decline to give details. ``If I told you, the crims would find out, and that might help them,'' said Mr Park. ``We obviously know who they are, in terms of the numbers and can take all sorts of steps to delete the number and replace it. We have all sorts of measures to protect the cardholder and help the police.'' Any attempt to use a stolen credit card number would leave an audit trail that could lead police to the criminal, he said. Mr Nick Kennett, chief manager, cards, for the Commonwealth Bank, said 2500 of the bank's cards were involved in the Amnesty International system and the bank had ``taken all necessary steps'' to ensure that their customers suffered no loss. In the Amnesty case no plastic was lost; only numbers. That limited their use and they were ``highly traceable.'' One of the impediments to the growth of commerce on the Internet is a fairly general concern that credit card numbers might be hijacked by hackers or unscrupulous merchants. Yet their use is growing exponentially and now involves many billions of dollars a year. ``I wouldn't advise putting your credit card number on the Internet unless you use a software package to protect yourself,'' Mr Park said. Australia Post offers a secure key or certificate system that identifies not only the user but also the merchant so that both sides know they are trading in security and with who they intend. The new Apple Online Store, which opened in Australia today, in common with most online merchants, uses modern Secure Sockets Layer (SSL) encryption software to ensure transactions are safe. Hackers might be able to get into the shop website, but they would be unable to unscramble the financial details. Encryption remains a major focus for the world's IT companies and anyone who can improve security is instantly feted, no matter how obscure they might have been. Thus did fame arrive last month for Sarah Flannery, a 16-year-old from Blarney in Ireland, daughter of Dr David Flannery, a mathematics lecturer at the Cork Institute of Technology. She developed a brand new mathematical procedure for encrypting Internet communications, such as e-mail and online commerce. Her public key algorithm that enables encryption of a document 30 times faster than the most widely used current standard, RSA, won her top prize at the Irish Young Scientists and Technology Exhibition and a trip to Fort Worth, Texas. She has since been besieged with job and scholarship offers. Sarah's code is called Cayley-Purser, named for Arthur Cayley, a 19th century expert in mathematics at Cambridge and Michael Purser, a cryptographer at Trinity College, Dublin, who, she says, provided the inspiration. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:16:04 PDT