http://www.nandotimes.com/technology/story/839724p-5904624c.html By DAVID HO, Associated Press WASHINGTON (April 3, 2003 7:11 p.m. EST) - A convicted computer hacker told lawmakers Thursday that many attacks on companies that hold consumer financial information go undetected because of poor security. Kevin Mitnick, whose federal probation on hacking charges ended in January, said businesses need to better protect their computers from newly discovered security flaws and train employees to spot the tricks of identity thieves. "The bad guys are going to look for the weakest link in the security chain," said Mitnick, who served five years in federal prison for stealing software and altering data at Motorola, Novell, Nokia, Sun Microsystems and the University of Southern California. He now runs a business to help companies guard against computer attacks. Prompted by three recent cases of information theft involving the accounts of millions of people, two subcommittees of the House Financial Services Committee heard from law enforcement and corporate officials on the growing vulnerability of consumers' most sensitive financial information. "Consumers will quickly lose confidence in our nationwide credit system if we don't do everything practical to improve security and protect sensitive data," said Rep. Michael Oxley, R-Ohio, chairman of the full committee. He said computer information thefts cost U.S. businesses $400 million each year The weak links were different in the three recent incidents. Authorities say an identity theft scheme involving Teledata Communications in New York came from the inside when an employee sold passwords for downloading consumer credit reports. Prosecutors said in November that more than 30,000 people were victimized with losses of more than $2.7 million. In December, thieves physically broke into an office of TriWest Healthcare Alliance in Phoenix and stole computer hard drives containing Social Security numbers and addresses of about 562,000 military personnel and their families. The company, which posted a $100,000 reward for information, said no identity thefts have been reported. Last month, a hacker broke into the computers of Data Processors International, a company based in Omaha, Neb. that handles transactions for catalog companies and other direct marketers. The Secret Service said the hacker accessed more than 10 million credit card numbers. "The cyber threat is rapidly expanding," said James Farnan, deputy assistant director of the FBI's cyber division. "Using a simple Internet search, a 12-year-old could locate a variety of hacker tools, then download and implement them." Farnan said the FBI has devoted more resources and training to counter the growing problem of cyber crime, which includes information theft and terrorist threats against sensitive computer networks. "Many intrusions are never reported because companies fear a loss of business from reduced consumer confidence in their security measures or from fear of lawsuits," Farnan said. Beginning next month, the Federal Trade Commission will require many financial institutions to better protect consumer information. Companies must have written security plans and train employees to protect sensitive data. The FTC will watch companies to make sure they follow the rules, said Howard Beales, chief of the agency's consumer protection bureau. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Apr 04 2003 - 01:30:53 PST