[108049] in Cypherpunks
No subject found in mail header
daemon@ATHENA.MIT.EDU (Anonymous)
Tue Feb 2 16:03:06 1999
Date: Tue, 2 Feb 1999 21:44:53 +0100
From: Anonymous <nobody@replay.com>
To: cypherpunks@algebra.com
Reply-To: Anonymous <nobody@replay.com>
From _Electronic Trust_, a glossy advertising rag for Global Integrity
(an SAIC company) masquerading as "The Magazine of Information Security
Trends:"
SECURITY NIGHTMARES:
What Banking Infosec Managers Say They Fear Most:
o A team of hackers over the course of 12 hours penetrates different
parts of our network.
o Loss of about $25,000 in unauthorized checks electronically cut.
o Executive systems' e-mail published to internal staff.
o Direct loss of control over the payment systems for several hours.
o Finding 200 back doors in our latest electronic commerce system.
o Finding one of our trading partners using our systems to gain
knowledge about us for their use.
o Unable to recover a day's trading because of a disgruntled employee.
o Random encryption of our customer data in our primary database
over two years.
o Teleconferencing system making every executive call a conference call
with somebody outside the organization.
o CEO's e-mail being distributed without his/her knowledge.
o Strategic plan being e-mail to a location outsiide our facilities
and posted to a BBS.
o Salaries of key personnel being posted to the Internet.
o Finding six unauthorized Internet connections, one running a hacker BBS.
o Finding an executive spending eight hours a day downloading and
uploading pornography.
o Selling of unauthorized software using our Internet connection.
o Hackers shutting down ouur primary trading systems for six hours.
o Employee spamming our systems and effectively shutting them down.
o Intentional misdirection of data between business units.
o Loss of new design through it being e-mailed out by insider.
o Confidential information being posted to the Internet.
o Company systems being used to attack another company.
o Spending $2 million to track a hacker stealing intellectual property
to find out it was an employee.
o Trading floor records electronically altered by insider.
o Our systems being used to launder money.
o Customers receiving replies to e-mails from pornography sites with
attachments.
LOSSES DUE TO NETWORK ATTACKS ON 17 BANKS:
Man-hours/incident response time: $ 4,825,000
Data: $ 2,395,000
Trading partner information: $ 850,000
Human resources: $ 350,000
System time: $ 250,000
Checks: $ 125,000
Total: $ 8,795,000
