Clicking on banner ads enables JWR to constantly improve
Jewish World Review March 14, 2001 / 19 Adar, 5761

Alexi Oreskovic

JWR's Pundits
World Editorial
Cartoon Showcase

Mallard Fillmore

Michael Barone
Mona Charen
Linda Chavez
Greg Crosby
Larry Elder
Don Feder
Suzanne Fields
James Glassman
Paul Greenberg
Bob Greene
Betsy Hart
Nat Hentoff
David Horowitz
Marianne Jennings
Michael Kelly
Mort Kondracke
Ch. Krauthammer
Lawrence Kudlow
Dr. Laura
John Leo
David Limbaugh
Michelle Malkin
Jackie Mason
Chris Matthews
Michael Medved
MUGGER
Kathleen Parker
Wes Pruden
Sam Schulman
Amity Shlaes
Roger Simon
Tony Snow
Thomas Sowell
Cal Thomas
Jonathan S. Tobin
Ben Wattenberg
George Will
Bruce Williams
Walter Williams
Mort Zuckerman

Consumer Reports


Foreign hackers to launch assault on U.S. firms

http://www.jewishworldreview.com -- COMPUTER security experts are bracing for a wave of online criminal activity originating in Eastern Europe that, unlike many previous electronic break-ins, is calculated and financially motivated.

The concern follows an FBI announcement last Thursday that organized hacker groups have targeted numerous U.S. financial institutions during the past year.

Although the agency did not disclose the names of the businesses that have been hit or the amount of monetary losses suffered, it revealed that more than 40 investigations currently are under way in 20 states and that more than a million credit card numbers have been stolen to date.

According to the FBI, hacker clans operating chiefly in Russia and the Ukraine have penetrated numerous e-commerce computer systems in the U.S. The announcement is unusual for the FBI, which typically does not comment on active investigations to avoid compromising cases.

"It's unprecedented that they would take forensics information from an ongoing investigation and make it public," said Alan Paller, director of the SANS Institute, a Bethesda, Md.-based cooperative for security research and education. "The only reason they would do that is to stop a crime wave."

The FBI listed three vulnerabilities in the Microsoft Windows NT operating system that the hackers were exploiting. The agency also released a list of file names that, if found on a computer, would indicate that that system had been penetrated.

The hacking techniques themselves are nothing new, say security experts. What's new is the organized nature of the break-ins, and the strictly mercenary goal of the incidents, which involve extortion practices that would make the characters in HBO's mob series "The Sopranos" envious.

"Obviously the FBI thinks this is pretty severe," said Jeanne Capachin, an analyst at Newton, Mass.-based Meridien Research. "Sounds like there are a lot of databases that have been hacked already and more to be targeted."

According to the FBI, the hackers first force their way into electronic databases and purloin customer credit card information. The victimized businesses are then contacted and "invited" to sign up for high-priced security services, which would protect any vulnerable information from being accessed by other parties.

"These guys have probably got more resources than the typical hacker has and more incentive to profit from what they're doing," said Meridien's Capachin. "It probably does mean that the ante has been upped."

But for Capachin, the news is nothing shocking. "We've had organized criminals with credit card fraud in the physical world for a long time," she said. "I don't think this is anything that anyone shouldn't have expected."

In the physical world, businesses have combated credit card fraud by relying on things like neural networks, which can detect irregular credit card activity. While these neural networks are important online, as well, the best defense against electronic break-ins is to be diligent about updating software patches, Capachin said. "Merchants need to not wait until they get hacked," she said. "There are patches out there, and they're not installing them."

The attacks will not have a big affect on consumers because an individual's liability is limited to $50 in cases of credit card fraud.

Alexi Oreskovic is a writer for The Industry Standard. Comment by clicking here.

Up

© 2001, SHNS