Return-Path: <sentto-279987-3646-1004452107-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Tue, 30 Oct 2001 06:29:09 -0800 (PST) Received: (qmail 1230 invoked by uid 510); 30 Oct 2001 14:27:44 -0000 Received: from n9.groups.yahoo.com (216.115.96.59) by 204.181.12.215 with SMTP; 30 Oct 2001 14:27:44 -0000 X-eGroups-Return: sentto-279987-3646-1004452107-fc=all.net@returns.onelist.com Received: from [10.1.4.56] by n9.groups.yahoo.com with NNFMP; 30 Oct 2001 14:28:27 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 30 Oct 2001 14:28:27 -0000 Received: (qmail 58304 invoked from network); 30 Oct 2001 14:28:15 -0000 Received: from unknown (10.1.10.142) by l10.egroups.com with QMQP; 30 Oct 2001 14:28:15 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta3 with SMTP; 30 Oct 2001 14:28:15 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id f9UESJP17395 for iwar@onelist.com; Tue, 30 Oct 2001 06:28:19 -0800 Message-Id: <200110301428.f9UESJP17395@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Tue, 30 Oct 2001 06:28:19 -0800 (PST) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Russian.hacker's.story.shows.financial.system's.weak.spots] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Russian hacker's story shows financial system's weak spots By Jim Hopkins, USA Today, 10/30/2001 <a href="http://cgi.usatoday.com/usatonline/20011029/3575869s.htm">http://cgi.usatoday.com/usatonline/20011029/3575869s.htm> SAN FRANCISCO -- The financial system's vulnerabilities are not limited to physical threats. Growing computerization makes it more vulnerable to cyberwarriors and data thieves. A 1997 presidential commission on U.S. defense identified insiders as ''the most persistent security threat'' to banking and finance. Terrorists known as ''sleepers'' could get jobs at banks, where they could embezzle or destroy data. Banks and brokerages do background checks on job candidates, including fingerprinting and searching for criminal records, the American Bankers Association says. But things can escape notice, says Ira Winkler, a former analyst for the National Security Agency who runs a computer security firm. He says the checks do not show that an individual is on government lists of suspected terrorists. The State Department's Office of Counterterrorism has one such list. It is not available to the private sector, it says. The FBI has a similar list that it recently began sharing only with major airlines. Cyberattacks, which are increasing in number across many industries as computer hacking proliferates, are another threat. The presidential commission, highlighting the vulnerability of computer networks, cited a well-publicized 1994 case. A 26-year-old computer hacker in St. Petersburg, Russia, stole $3.7 million from Citibank by breaking into its central computer in New York City and transferring money into accounts opened by accomplices. The bank recovered all but $400,000 and bolstered its security. Vladimir Levin was sentenced to 3 years in prison. A band of 50 terrorists with $10 million or less could buy the training, computers and other tools needed to launch a cyberattack against a major bank or investments firm -- even through secure phone lines, says Michael Erbschloe, a computer security consultant with Computer Economics. ''All of those are hackable. It's more difficult than hacking something through the Internet, but it's accessible,'' says Erbschloe, author of the recently published Information Warfare: How to Survive Cyber Attacks. While lost data could be recovered from electronic backups, terrorists could mount a sustained assault for months. That could tie up banking resources, scare customers and undermine consumer confidence that money is safe. Sooner or later, terrorists will ''get the training they need to get up to par with the hackers that we have here in the states,'' says Russ Ray, a University of Louisville finance professor. ''You could do major damage to the U.S. financial system. It's scary.'' ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:58 PST