By Peter Branton
Super-villains targeting a country and trying to topple its entire infrastructure sounds like something from a work of fiction, a James Bond or Robert Ludlum novel. In the movies you expect to see Pierce Brosnan or Matt Damon battling it out with the villains using high-tech gadgetry and some cool kung-fu moves. However, this month the story was a bit different. For one thing, the super-villains are using computers rather than WMDs. For another thing, this time its real.
Be on your guard against the cyber-criminals|~||~||~|Super-villains targeting a country and trying to topple its entire infrastructure sounds like something from a work of fiction, a James Bond or Robert Ludlum novel. In the movies you expect to see Pierce Brosnan or Matt Damon battling it out with the villains using high-tech gadgetry and some cool kung-fu moves. However, this month the story was a bit different. For one thing, the super-villains are using computers rather than WMDs. For another thing, this time its real.
This month, one of the UK’s most secretive government bodies broke it’s quiet to issue an urgent warning to the country’s businesses to update the security of their IT systems, following fears that the country is being targeted by a wave of sophisticated e-mail Trojan attacks. The body, the National Infrastructure Security Co-ordination Centre (NISCC), warned that the UK’s critical national infrastructure – the key private and public sector organisations that control the nation’s main services – are being deliberately attacked by an unidentified overseas group, or groups.
While such a scenario might sound more than a little far-fetched, the NISCC certainly believes it to be true and also to be very, very dangerous. “When you start to measure this particular attack it is clear that it is coming from more than a couple of teenagers,” Roger Cumming, director of NISCC, told a UK title. “The attack is clearly not targeted at stealing money. It is aimed at gathering information. It is extremely well-organised and requires quite a lot of resources to execute,” he added. While the scenario may seem alarming, if not positively frightening, there is a caveat. “Our philosophy is that if everyone in the UK was to adopt our advice and install all the latest patches, that attack would not have any impact on UK plc,” Cumming told the same title. So nothing to worry about, surely?
Surely not, unfortunately. The problem of course is that everyone doesn’t apply the latest patches, or follow security experts advice, or indeed do anything of the kind. While it’s sometimes tempting to talk about lazy individuals, corporations seem to take just as cavalier an approach to their data. Take Citigroup, the world’s biggest bank, one of its most reputable institutions, if not the Bank of England then a firm that should be considered as safe as, surely? Again, surely not. Citigroup admitted this month that it had suffered what was swiftly termed the world’s biggest data loss, when it managed to lose tapes of customer records – four million customers’ worth (see IT Weekly 11-17 June 2005). This questionable record seems likely to have been broken already, with MasterCard International claiming this month that as many as 40 million customer records may have been compromised.
Executives at one of the firms involved in the handling of the data now seem to have admitted that they did not follow their own internal procedures correctly, thus making the incident possible. As IT Weekly went to press, even more details were coming to light which suggest that one of the payment processing companies that works with MasterCard had failed to discard records it should have done, and that data was held in unencrypted form. All of which of course, made it possible for criminals to take advantage. The full extent of the damage is likely to come out in the next few days, few months, few years, who can say with certainty?
At this point, readers may feel justified in pointing out that this is IT Weekly Middle East, and these examples are about countries elsewhere. Well, we will be examining the regional implications of these events in more detail in later issues but we have already heard that credit card users in this region may have been impacted. It’s for real, and it could happen here.||**||