(Reuters, 22 March) In an annual survey issued today, the FBI and the San Francisco-based Computer Security Institute showed just how pressing the issue cyber security has become: total verifiable losses in 1999 more than doubled to up to top $265 million, while more than 90 percent of respondents reported detecting some form of security breach. The fifth annual survey of computer crime and security polled some 640 corporations, banks and government organizations about the state of their computer systems. At least 74 percent of respondents reported security breaches including theft of proprietary information, financial fraud, system penetration by outsiders, data or network sabotage, or denial of service attacks. Information theft and financial fraud caused the most severe financial losses, put at $68 million and $56 million respectively. Losses traced to denial of service attacks were only $77,000 in 1998, and by 1999 had risen to just $116,250. The new survey, which reports on numbers taken before the high-profile February attacks against Yahoo, Amazon and eBay, showed quantified losses up at more than $8.2 million. (CNN, 17 March) A new worm now "in the wild" has the potential to shut down Windows platforms and make the operating system permanently unusable. Computer Associates (CA) International discovered the worm, Win32/Melting.worm, Tuesday, when customers started to find it in their e-mail systems, said CA's director of security solutions. So far, it has reprotedly hit some Fortune 1,000 software companies. "The risk level is moderate, and it hasn't caused too much damage because we believe we've caught it in time." The Melting Worm is unleashed through Microsoft Corp.'s Outlook running on Windows 95/98/2000/NT. Once launched, the worm puts a copy of itself into a Windows directory as MeltingScreen.exe and remains in memory. Files with .exe extensions in a system's Windows directory are renamed with .bin extensions. As the worm renames files, including ones critical to operating Windows, these changes may render the operating system useless. The worm also starts to e-mail itself to all the names in a victim's Outlook address book and randomly executes other .exe files. This potentially can take down a company's e-mail system. (Hong Kong News, 21 March) Three teenage computer hackers were warned they faced deterrent sentences after they admitted selling login names and passwords stolen from the Internet in the first case of its kind in Hong Kong. One of the trio, a student, was also convicted of downloading songs from the Internet and selling them for profit. At Eastern Court, restaurant manager Tam Hei-lun and clerk Po Yiu-ming, both 19, and student Mak King- lam, 18, pleaded guilty to a total of 49 charges. The offenses took place between March 1998 and May last year. IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages. Get your FREE, totally secure email address at http://www.hushmail.com.
