[ISN] Expert: Casinos need to improve online security

From: InfoSec News (isnat_private)
Date: Thu May 29 2003 - 22:39:40 PDT

  • Next message: InfoSec News: "[ISN] PHRACK MAGAZINE Call For Papers (#61)"

    Forwarded from: William Knowles <wkat_private>
    
    http://www.lasvegassun.com/sunbin/stories/gaming/2003/may/29/515145345.html
    
    By Liz Benston 
    benstonat_private
    LAS VEGAS SUN
    May 29, 2003 
    
    Las Vegas casinos are considered among the most physically secure
    environments around -- but are far behind in terms of creating
    computerized security systems that can withstand cyber-attacks from
    disgruntled customers, corporate spies, ideological opponents and even
    terrorists, a security expert says.
    
    "The potential for a cyber 9-1-1 is high," said Michael Leach, a
    director of Computer Sciences Corp., an El Segundo, Calif.-based
    supplier of information security systems. Leach addressed a group of
    information technology managers and other technology specialists at
    the Gaming Technology Summit in Henderson on Wednesday.
    
    Casinos have retained older back-office technology systems that are
    increasingly vulnerable to security gaps as newer front-end software
    systems are added to their floors, Leach said.
    
    Companies also are behind in offering online security for gamblers, he
    added.
    
    Properties are increasingly offering slot club loyalty cards and
    taking other measures to better monitor their customers for marketing
    purposes. But companies generally don't allow customers to "opt out"  
    of requests to sell or exchange personal information with other
    companies, he said.
    
    Security and privacy standards for customers also are generally absent
    from gaming regulations nationwide. With the pervasiveness of the
    Internet in business transactions and the explosion of computerized
    technology for even the smallest tasks, the casino industry should
    expect regulators to take a closer look at cyber-security measures, he
    told attendees.
    
    Government agencies and some businesses are migrating toward the use
    of "smart cards" and in some cases, biometrics to identify and track
    employees and customers, he said.
    
    New technology carries new risk unless companies devise security
    measures to monitor those systems. That's because hackers can now
    destroy what once required manual manipulation, such as locking all of
    the secure doors in a casino, he said.
    
    Strict casino regulations have created highly specialized departments
    that function somewhat independently from one another. Departments
    must find a way to work more closely together to develop a companywide
    risk management system that appeases regulators and creates a more
    seamless security barrier, he said.
    
    Meanwhile, executives across many industries have falsely concluded
    that their security is "good enough" and that terrorism "is not their
    problem," said Leach, who worked for the DuPont chemical company for
    more than 34 years.
    
    Others that have implemented some kind of companywide risk management
    system are relying on incorrect assumptions of security, he said.
    
    Computer firewalls that keep out viruses can't protect systems from
    disruptions that could occur from within, such as those initiated by
    unidentified employees or individuals that are outsourced by a company
    to perform a certain task.
    
    Information that is scrambled, or encrypted for security purposes also
    can be cracked using high-performance computers, he said.
    
    Also at the gaming summit, Pete Fox, general manager of Microsoft
    Corp.'s Southwest region, said the tech giant aims to work more
    closely with the gaming industry to create specific products to run
    their casinos as well as to better service those products.
    
    Microsoft doesn't intend to develop gambling software such as that
    used on remote gambling devices in Europe, however, said Fox, who
    oversees Microsoft operations across Clark County, Arizona and New
    Mexico.
    
    The company has talked with software development partners about
    creating technology that could make gambling more convenient, he said.  
    But such systems would eventually come from developers rather than
    management companies such as Microsoft, he said.
    
    Fox declined to comment on regulations governing Internet gambling and
    other remote betting systems.
    
    Some European countries have devised rules on Internet gambling and
    allow gamblers to bet remotely from casinos using personal computing
    devices such as cell phones. The U.S. government, which has taken a
    more stringent approach to Internet gambling, has determined that
    online wagering is illegal with some exceptions like simulcast
    wagering on horse races. Meanwhile, a bill that would outlaw financial
    transactions used to place Internet wagers is pending in Congress.
    
    
     
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ================================================================
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    *==============================================================*
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri May 30 2003 - 01:23:27 PDT