NASSAU, Bahamas – Between 65-70% of all computer crime comes from employees and contractors, according to Glen Christopher who spoke at the Seventh Annual Leadership Conference held by the World Council of Credit Unions (WOCCU) on August 1-4th. However, the remaining attacks can come from any hacker, cracker or script kiddie. Christopher's talking from experience and observation. A graduate of Cornell University, he's spent 22 years designing, installing and managing computer network systems and has worked for all types of companies. He describes his mission in life as "Helping organizations reduce cost and improve customer loyalty using Internet technologies." Who are these culprits who commit computer crime? This is how Christopher defines them: "a Hacker is a person who enjoys exploring the details of programmable systems and how to stretch their capabilities" while a "Cracker is one who breaks security on a system." This term Hacker was coined in 1985 by hackers in defense against journalistic misuse of the word. Christopher talked about the so-called "hacker code" which espouses it's "an ethical duty of hackers to share their expertise by writing open-source code and facilitating access to information and to computing resources wherever possible," he says. A script kiddie, Christopher said, was "the lowest form of cracker; doing mischief with scripts and programs written by others." Christopher traced the history of computer security problems starting in 1997 when. "Paul Greene, a student at Worcester Polytechnic Institute, discovered that a specially written Web page could trick Microsoft's Internet Explorer into executing practically any program with any input on a target computer. An attacker could use this bug to trash a victim's computer, infect it with a virus, or capture supposedly private information from the computer's hard drive." He warned credit unions that are Microsoft Office or Windows users that "Microsoft is reporting five new flaws in its software, including one of `critical' severity that affects nearly all programs in its Office suite of software. The critical vulnerability could allow an attacker to read files on a victim's computer or run programs. To be successful a person would have to open an affected e-mail attachment." Even the Department of Homeland Security's U.S. Computer Emergency Readiness Team has been involved. They "touched off a storm this week (early July 2004) when it recommended for security reasons using browsers other than Microsoft Corp.'s Internet Explorer," he said. When hackers plan an attack, says Christopher, they have many tools to work with including scanners. They hunt modems, sniff out passwords, have remote control programs to crack passwords. He even described how he would attack a credit union's network if he were thinking like a hacker. Christopher said he might start with SuperScan that would show him what ports were open. Then he would use a tool called SNMP to map out the credit union's network. Although Hackers are out there, Christopher said credit unions could fight back. Some methods were quite simple such as turning off unused services. Firewalls also help keep hackers away from what Christopher called "Hacker Friendly Ports" among the 65,000+ easily accessible ports. He named Telnet(23), ftp (21), TFTPSSimilar and Finger as some of the more vulnerable.. He spoke more strongly about NetBIOS (135) and nbsession (139) saying they "should never be on the Internet." Christopher called wireless LANs "A Hacker's best friend". There are tools that credit unions also use to help administrators locate and fix security holes. Credit unions that want to foil hackers, says Christopher, must maintain a security policy that covers not just viruses, but also written permissions, passwords, locked doors and equipment cabinets, limited access to server and network hardware, a perimeter firewall, a server and workstation firewall, secure encryption, log file review, and staying updated on new tools. Credit unions should have regular data backups and also a recovery plan in place well before they are needed. Christopher encouraged people in charge of their computer security to try and think like a hacker. If they do, they are well on their way to protecting themselves. -

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.