http://www.opinion.telegraph.co.uk/news/main.jhtml?xml=/news/2002/12/17/nflaw17.xml By Robert Uhlig, Technology Correspondent 17/12/2002 A boy of 12 yesterday revealed the ease with which confidential Government emails could be intercepted because ministers and officials are unaware of computer security procedures. Using software freely available on the internet, the boy, known only as Tommy, exposed a loophole in the Government's email system that could compromise national security. All email sent within the Government's intranet system, called gsi, is automatically encrypted to prevent it being read by anyone other than the recipient. But security experts said yesterday that the encryption system, introduced in 1996, was now vulnerable to breaches because it was outdated and had been designed to make the sender unaware their messages were being encrypted. The boy demonstrated on BBC Radio 4's Today how to make an email appear as if it came from within the secure gsi network. If a minister or official replied, they would be unwittingly sending unencrypted and potentially sensitive information outside the Government. Paran Chandrasekaran, the head of the internet security firm Indicii Salus, said: "The danger is that users believe all their communications are secure and do not think twice before sending confidential documents outside the encrypted gsi network." The boy showed how, by using a hacker's technique called email spoofing, he could make an email appear as if it came from TonyBlairat_private Mr Chandrasekaran said there was nothing to stop anyone using the same technique to make it appear that the message had come from within the gsi network. He added that the biggest danger was that the messages were not encrypted on ministers' and officials' computers but only when they were being sent within the network. He said: "Anyone could read them on the desktop." A Cabinet office spokesman said there was "no question that Government information security has been compromised". - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 11:37:48 PST