Computer Fraud & Security Bulletin November 1990

large sums of money are involved, both accuracy and security are vitally important. But even in banking, with closed systems used only by bankers, there had been problems of fraud and error that had cost enormous sums of money.

Inevitably, similar problems would arise with EDI transactions, and somebody will have to bear the cost. The question is who? For one

thing, those transactions will give rise to large payment orders. Secondly, very valuable commodities will sometimes be involved - for example a ship load of wheat or iron ore. The

danger is not so much that somebody will

fraudulently make off with the cargo, he continued, but that somebody will fraudulently create the appearance that they have title to the

cargo and will fraudulently sell it or raise money using it as security.

Cunliffe warned the conference that the greater speed and efficiency of EDI systems brought increased vulnerability to large scale malpractice, if businessmen were not wary. He urged tham to pay more attention to security risks with electroniebased systems than they were accustomed to do with paper-based ones. And this applied equally to players other than the trading partners themselves. If the security of the

telecommunications carriers, software suppliers or network providers was lax, then similar problems would arise. All par-lies must agree in

advance as to the networks and service providers whom they will use, because of the bearing this will have on security and legal liability.

Frank Rees

New York hackers are arrested

New York police have rounded up 13 alleged hackers and have charged them with computer trespass and computer tampering. According to Donald Delaney, supervisor of the major case

squad in New York State, the hackers are suspected of altering files on a mainframe at City University in Bellevue, Washington.

The hackers allegedly used an 800 number to break into the computer. Although more than 40 hackers broke into the system, reportedly only those who used the computer for “extended periods of time”, were actually arrested. Eight of those arrested were juveniles, Delaney said. He admitted that police intend to arrest more hackers later.

One of the juveniles, a 14-year old using the pseudonym Zod, is also accused of breaking into a US Air Force computer at the Pentagon. He is alleged to be a member of a hacker group called MOD. A spokesman for the Air Force investigations office, Major Steve Headley, explained that although the information stolen was unclassified, the Air Force were concerned that “the act was criminal in and of itself and . . . over a long period of time, it could have meaning or perhaps be sensitive.”

The arrests came after a two month investigation by several agencies, including the New York State Police, the Air Force Office of Special Investigations, and the US Secret Service.

Open systems create security nightmare

This is the conclusion of recent research into the consequences of the open systems architecture, and its increasing popularity with users. The advent of open systems such as Unix, OS/2 and the growing popularity of lANs has meant that the percentage of security costs in total IS budgets is expected to quadruple from 2% to 9% by 1994, according to a report by Forrester Research Inc of Cambridge, Massachusetts.

As a result, users are already giving preference to security conscious systems designs: Novell’s Netware 3.0, for example, is praised for its multilevel security system, while Compaq Computer Corp’s N-series of personal computers was lauded because it can be configured to boot off a central server, eliminating the chance of unapproved software being introduced. Conversely, the report

4 01990 Elsevier Science Publishers Ltd