3

Online security attacks on theglobal financial sector havedoubled in the last year.Deloitte and Touche's secondannual Global Security Surveyindicates a dramatic increase inthe respondents reporting sys-tem breaches among financialinstitutions.

The survey, released on 27May, showed that the numberof financial institutions whosesystems have been compro-mised in the last year hasincreased by 39% to 83%.Moreover, 40% of victims saidthey had sustained financialloss.

The survey sampled 100companies, including 31 of theworld's top 100 financial serv-ices firms, 23 of the top 100banks, and 10 of the top 50insurance companies.

A senior banking source at aCity of London institutionconfirmed that cyber attacksand financial losses haveincreased in the last year."There can be no doubt ofthat", he said, "though it is

hard to get an overall picture.Some colleagues at other insti-tutions are saying it is 'businessas usual' while others do reportsignificant financial losses."

Eighty-seven per cent of theprofessional services firm'srespondents said they had fullydeployed anti-virus measures,which is down from 96% in2003. While this might indi-cate a loss of faith in tradition-al AV technology, caused bythe success of network wormssuch as Blaster and Sasser, theCity of London bankingsource expressed scepticism."It's more that anti-virus islacking at the customer end,especially regarding phishingattacks".

Deloitte and Touche failedto put a number on the scale ofthe loss due to the increasedvolume of attacks.

The banking source said that"losses are starting to get on apar with credit card fraud loss-es, but at present it is moreabout brand damage and internal disruption".

PROOF-OF-CONCEPT VIRUSTHREATENS 64-BIT SYSTEMS

Symantec has released details ofwhat is thought to be the firstthreat to 64-bit Windows systems.The virus is a "proof-of-concept"program — to demonstrate that acertain vulnerability exists —rather than an active and maliciousvirus. Named W64.Rugrat.3344,it is not believed to be a significantthreat due to the relatively smallnumber of 64-bits systems in use,however more viruses are anticipat-ed as the systems increase in popu-larity. The program does not workon 32-bit windows platforms.

WORMS COST ISPS 123 MILLION

European ISPs will suffer financial-ly from worms this year - to thetune of 123 million Euros. Theincreased traffic from worms cancause an upsurge in support calls toISPs. The associated costs withdealing with worms, includingincreased customer support, loss ofbrand equity and tactical responseteams can lead to a financial prob-lem that may exist long after theworm has gone.

ZOMBIES DRIVE COMCASTSPAM RECORD

Zombie computers have added700 million e-mails a day to the100 million legitimate messagesflowing through Comcast. This hasmade the US high speed cable-based internet service provider theworld's biggest single source ofspam. Zombie computers arisewhen spammers use bugs inMicrosoft Windows to take overPCs and use them to send junk e-mails, mostly via port 25. PCs withbroadband, always-on connectionsare so quick that most users do notspot what should be a degradedservice. Comcast has over 21 mil-lion users.

FBI INVESTIGATE CISCO CODETHEFT

The FBI is working with Cisco, asit appears that some of its sourcecode has been stolen. A smallamount of the source code, whichcould be used by hackers to sabo-tage operating systems, was postedon a Russian website. Few furtherdetails are available as the FBI andCisco continue to investigate thetheft and the possible hacking oftheir corporate network.

'GAME' RECORDS KEYSTROKESFOR STUDENT HACKER

A student at the NationalUniversity of Singapore was recent-ly jailed for hiding a keystroke log-ging program as a game on hiswebsite. Fellow students proceededto download the game, while heused their bank account details foronline shopping. The program,Perfect Keylogger, would installitself and record all strokes when-ever someone downloaded thegame from Nguyen Van PhiHung's website. He used fundsstolen from bank accounts to pur-chase phone cards and magazinesubscriptions. The computer engi-neering student pleaded guilty toseveral charges and could serve amaximum penalty of 10 years.

HACKERS DEFACE MICROSOFTWEBSITE

Hackers calling themselves the"Outlaw Group" sabotaged theUK press area of Microsoft's web-site on 24 May 2004. Microsoftsay that this did not compromiseconfidential data.

I n B r i e f

news

Cyber attacks on banks double from 2003Brian McKenna

establish a regulatory frame-work applicable to all data min-ing conducted by the Pentagonthat involves personally identi-fiable information concerningUS persons. Another recom-mendation is to create a policy-level privacy officer to check ifthe regulations are carried out.The creation of two panels ofexternal privacy experts toadvise the Pentagon and thePresident on privacy issues isalso recommended. The needfor oversight, training, ethics,sensitivity to privacy concerns,

and inter-agency dialogue, arealso called for in the report.

Rumsfeld appointed theTAPAC in February 2003 toexamine the use of "advancedinformation technologies toidentify terrorists before theyact."

Rumsfeld also chargedTAPAC "to ensure that theapplication of such technolo-gies within the DefenseDepartment is carried out inaccordance with US law andAmerican values related to privacy."