Friday 15 January 1999
Burglary raises issue of high-tech security
By GARRY BARKER
TECHNOLOGY REPORTER
How safe is your credit card number? Or, for that matter, your tax file
number, driving licence and all the other numbers by which we are known to
the myriad computer systems through which companies, organisations and
governments serve us and rule us?
Just before Christmas, Amnesty International, and many other tenants of
their building in Sydney, were burgled. The thieves took only computers,
presumably to sell in pubs to people who wanted cheap Christmas presents
and who wouldn't ask questions.
In Amnesty's case, the stolen machines were network servers, less than
useful to a home user, but containing on their hard disks all the
organisation's data, from e-mails about international campaigns to the
credit card numbers of their members.
But, said Amnesty's national director, Ms Kate Gilmore, ``so far as we
know, not a single member suffered any loss. It was very inconvenient for
us, but we had good back-up and the machines were insured. We replaced the
machines and we were quickly back up and running again.''
While Amnesty was supported by some of the rich and famous, most of its
30,000 members and donors were generous and concerned ordinary people who
paid their subscriptions or gave donations by cheque or cash. Credit cards
were not often used for such purposes, Ms Gilmore said.
``But, for security reasons, we immediately told the banks, American
Express and Diners Club what had happened and they acted, freezing
accounts and organising new cards, just in case. So far as I know, nobody
suffered any loss.''
While credit and debit cards are now virtually universal in the developed
world and handle trillions of dollars worth of transactions a year, more
fraud occurred with cheques than credit cards, said Hayden Park, spokesman
for the National Australia Bank.
Banks and credit card companies say they have more than adequate measures
to protect credit cards from fraud but decline to give details. ``If I
told you, the crims would find out, and that might help them,'' said Mr
Park.
``We obviously know who they are, in terms of the numbers and can take all
sorts of steps to delete the number and replace it. We have all sorts of
measures to protect the cardholder and help the police.'' Any attempt to
use a stolen credit card number would leave an audit trail that could lead
police to the criminal, he said.
Mr Nick Kennett, chief manager, cards, for the Commonwealth Bank, said
2500 of the bank's cards were involved in the Amnesty International system
and the bank had ``taken all necessary steps'' to ensure that their
customers suffered no loss.
In the Amnesty case no plastic was lost; only numbers. That limited their
use and they were ``highly traceable.''
One of the impediments to the growth of commerce on the Internet is a
fairly general concern that credit card numbers might be hijacked by
hackers or unscrupulous merchants. Yet their use is growing exponentially
and now involves many billions of dollars a year.
``I wouldn't advise putting your credit card number on the Internet unless
you use a software package to protect yourself,'' Mr Park said.
Australia Post offers a secure key or certificate system that identifies
not only the user but also the merchant so that both sides know they are
trading in security and with who they intend.
The new Apple Online Store, which opened in Australia today, in common
with most online merchants, uses modern Secure Sockets Layer (SSL)
encryption software to ensure transactions are safe. Hackers might be able
to get into the shop website, but they would be unable to unscramble the
financial details.
Encryption remains a major focus for the world's IT companies and anyone
who can improve security is instantly feted, no matter how obscure they
might have been.
Thus did fame arrive last month for Sarah Flannery, a 16-year-old from
Blarney in Ireland, daughter of Dr David Flannery, a mathematics lecturer
at the Cork Institute of Technology.
She developed a brand new mathematical procedure for encrypting Internet
communications, such as e-mail and online commerce.
Her public key algorithm that enables encryption of a document 30 times
faster than the most widely used current standard, RSA, won her top prize
at the Irish Young Scientists and Technology Exhibition and a trip to Fort
Worth, Texas. She has since been besieged with job and scholarship offers.
Sarah's code is called Cayley-Purser, named for Arthur Cayley, a 19th
century expert in mathematics at Cambridge and Michael Purser, a
cryptographer at Trinity College, Dublin, who, she says, provided the
inspiration.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
Received on Thu Mar 11 17:00:29 1999