Embed Size (px)
Citation preview
February 199 1 Computer Fraud & Security Bulletin
Australian virus group is founded
A new Computer Virus Information Group has set out a two year plan to combat one of the most worrying threats to computer security. The group will be led by Professor Bill Caelli, director of the Information Security Research Centre in
Brisbane, and will research the reproduction and composition of computer viruses. The Computer Virus Information Group has received A$95 000 from the Queensland state government for the
two year study.
Illinois Bell representatives dismissed the incident as the result of what was termed “a routine manual error”. Supposedly it was made when an unidentified employee entered what was described as “a correction” to the woman’s regular $87.98 bill.
The group’s main role would be to provide
information services to the Queensland government and its departments. However, services would be available to other clients who are subscribers to the new group. The basis of the group’s studies would be an isolated computer network which would be unable to infect other networks on the campus. “Today every organization depends on computers and therefore is vulnerable to virus attack,” said Professor Caelli. “There are now over 100 well-known viruses and they keep coming.”
In October an Illinois Bell contractor planting trees severed a circuit in Hinsdale, the location
of the 1988 service interruption. At least 15 000 Illinois Bell customers - including hundreds of cellular telephone users - were apparently left without long distance and most local service.
Calls were blocked throughout much of the 708 area code for some 14 hours, from mid-morning until midnight. The full extent of this situation could not be determined, but the automated teller machine networks for several Chicago area banks were unable to function during this period. In addition, some flights through O’Hare International Airport were delayed for upwards of two hours after air traffic controllers became unable to communicate with the area’s US Federal Aviation Administration computer facilities.
The group has started publishing a monthly newsletterwhich addresses virus-related issues, and it will be developing links with national and
international organizations, particularly the University of Hamburg and Compulit Inc in New York. They have published a handbook on PC security, virus protection and reviews of anti virus
products. A minimum of two seminars a year to government clients will also form a part of the group’s role. The first was held in July 1990.
Illinois Bell does it again -twice
A few weeks earlier, in an unrelated incident,
MCI Communications also experienced what
has come to be called ‘backhoe fade’. One of its fibre optic long haul cables was severed just outside North Royalton, Ohio, about 10 miles due south of Cleveland. The service interruption
resulted from construction on an Ohio Turnpike bridge. It interrupted telecommunication service for six hours in the middle of the business day to 50 000 switched and dedicated MCI circuits. The
outage impacted MCI operations in parts of Ohio, Illinois, Indiana, Michigan, Maryland, Pennsylvania and West Virginia.
Illinois Bell, which was responsible in 1988
for the largest and longest metropolitan telephone outage in North American history, has shot itself in the foot again, twice. In September it presented an elderly widow in Flossmoor, a suburb south of Chicago, with what appears to be a Guinness Record residential telephone bill. The bill, for $8 709 800.33, supposedly reflected just three weeks of basic residential telephone service. It did not include any long distance calls.
Be/den Menkus
Big Brother watches Australia
A privacy commission report on the databases held by Australian Federal Government bodies has revealed that they commonly maintain records of Australians’ political and religious connections, personal
01991 Elsevier Science Publishers Ltd 3
Computer Fraud & Security Bulletin February 199 1
relationships and other details, often without apparent justification. Many of these are held on computer networks, theoretically making them vulnerable not only to unauthorized access, but to cross-matching in a way that would terrify the opponents of the disgraced Australia Card.
The Federal Government has demanded a Government examination of the record keeping functions of departments and agencies in light of the report. Frontbencher Ian Wilson said, “Australians will be shocked and outraged to find that massive databanks are now being used to
hold more information about their private lives than was contemplated under the Australia Card
proposal”.
Dr Jacqueline Morgan, executive member of the NSW Privacy Committee, is adamant that the public needs educating about the erosion of
privacy. When the ID card was mooted, there was a public outcry about loss of rights and information control. Now that the tax file number
has been extended to the Department of Social Security, they are facing the same constraints, but under a different name.
in January 1989 the Federal Government appointed a privacy commissioner, Kevin O’Conner. The commissioner’s job is to implement the 11 principles of the Privacy Act. in
his words, to deal with the input, output and throughput of information such as an individual’s medical history, immigration status, employment history and tax-file number. in the past 18 months
he has spoken out against federal practices and innovation such as cross-matching of information, the extent of information kept in files and the cash transactions scheme. Ail of which he sees as highly invasive.
Although the Government is one of the greatest information collectors, O’Connell argues that the Privacy Act does offer some safeguards. “Federal agencies are subject to the Act and the Privacy Commissioner”, he said. “There is something that can be activated and there is a conciousness. in the private sector there are no privacy laws or rules and it is a matter of what they regard to be ethical practices.
My role under the Act is to encourage the private sector to take up privacy principles.”
State legislature computer spying revealed
John Kohier, New Jersey State General Assembly Republican Staff Executive Director, has been forced to resign over charges that he permitted his employees to spy on computer files
belonging to the Assembly’s Democratic Staff. Specifically Kohier had been charged with lying about his knowledge of the incident. Both the New Jersey Attorney General and an ethics joint
committee of the State Assembly and Senate were investigating it. Jeffrey Land, an employee of Kohier who had been fired in March 1990 after the tampering was revealed, indicated that he
was prepared to testify about the incident in return for the State’s promise not to charge him with a crime.
The spying focussed on the compromise of so-called security trapdoors in the software used by two Wang Laboratories VS systems, maintained by the State’s Office of Legislative Services. These minicomputers tie 120 field offices across New Jersey to the Trenton Capital State House and are used for research and
legislation tracking, and to provide the public with access to various types of information.
Be/den Menkus
BSA announces piracy prosecutions in Europe
The Business Software Alliance (BSA) has announced that it is taking legal action in London and Paris over alleged unauthorized copying of software. The London case is against Marconi instruments Ltd, and the Paris case is against Rhone-Pouienc Films. A similar inspection of France Distribution Systems was settled out of court after the company agreed to take prompt action to verify licenses and regulate its software use. The cases were brought by the BSA in
01991 Eisevier Science Publishers Ltd
