Cyber crime 'holds banks to ransom'

[InfoSec News <isn () C4I ORG>]

http://www.thisislondon.co.uk/dynamic/news/story.html?in_review_id=345095

by Ken Hyder
18 December 2000

A new breed of criminal computer hacker is holding dozens of leading
British companies to ransom by stealing confidential customer
information and demanding cash in return.

Many of the hackers are escaping justice because firms, including
major banks, credit card firms and internet traders, want to keep the
attacks secret, fearing that any publicity which highlights their
vulnerability will undermine customer confidence.

One British team of professional hackers, all believed to be aged
under 25, has already penetrated some of the country's best-protected
computer systems to attempt blackmail.

Criminal hackers differ from their amateur colleagues in that the
latter will attack big organisations - often hate figures like
Microsoft - for the fun of it. But criminal hackers are after money
rather than glory.

They steal vital information like source codes or customers' details
then demand cash - threatening further attacks which could crash
computer systems. It is believed that in the past 18 months, more than
a dozen corporate computer systems have been hit by one gang alone.

Security insiders say that nobody knows just how many big companies
have been hit - or how many have secretly paid-off cyber-blackmailers.
One senior Scotland Yard detective said: "All too often when big firms
are hit, they call in the security experts, patch up the system - and
say nothing."

The obsessive secrecy also means crucial knowledge about intrusion
techniques is often not passed on to other firms who could be next in
line as targets.

Experts say this vulnerability is providing a major headache for MI5
and its warning systems to protect Britain's critical national
infrastructure of utilities like telecommunications, transport, and
electricity.

Even when police are brought in, criminals can slip the net. A year
ago, Scotland Yard began investigating a 10 million cyber-ransom
demand on Visa.

It is thought that the gang stole source codes and demonstrated the
ability to crash Visa's system - which could have cost Visa many
millions of pounds.

After it called in police at the end of last year, Visa said: "We
hardened the system, we sealed it and they did not return. We have
firewalls upon firewalls, but are concerned that anyone got in."

Today a Visa spokeswoman said: "It's our policy to bring in the police
over intrusions like this. We have a very good relationship with the
police."

Because the firm took civil action against one of the suspects - James
Grant, who lives near Elgin in Scotland - detectives were legally
unable to use the information gained to bring a criminal case. The
civil court order forced Mr Grant to reveal information to Visa
investigators.

The hackers thought to be behind the Visa attack are still free.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".