------------------------------ Date: August 30, 1990 From: Subject: CU in the News ******************************************************************** *** CuD #2.01: File 6 of 6: The CU in the News *** ******************************************************************** Source: Computerworld, Aug. 27, 1990, pg. 6, News Shorts "NSA Denise Killing Security Center" The National Security Agency (NSA) last week denied a published account that said the agency is dismantling its National Computer Security Center, a semipublic unit of the supersecret agency that was established by the U.S. Department of Defense in 1982 to evaluate and certify the security, or levels of trust, of computer systems. A spokeswoman for NSA said the center is being restructured to align its activities more closely with NSA's communications security work. The move was prompted by the blurring of distinction between telecommunications and computer systems, she said. Patrick Gallagher will remain director of the center, and the center will continue to meet its commitments to industry for product evaluation and certification, the spokeswoman said. ************************************************************ Source: Computerworld, Aug 20, 1990, p. 74: "Bozhe Moy! Hackers and viruses already plague Soviets" There have already been computer crimes and virus attacks in the USSR. Over the last several years, the number of incidents has appeared to increase along with other forms of crime. One of the earliest cases of a computer virus in the USSR occurred in 1988 when an unidentified programmer at the Gorky Automobile Works on the Volga River was charged with deliberately using a virus to shut down an assembly line in a dispute over work conditions. The man was convicted under Article 206, the so-called hooliganism law, which provides for a jail term of up to six years for "violating public order in a coarse manner and expressing a clear disrespect toward society." The comments about viruses heard at a number of meetings are worth reporting:"We are ready to meet the problem." (Moscow State University); "Viruses come from international exchanges but some day soon come from here." (National Academy of Economics); "The USSR recently joined Interpol. A requirement of that organization is that member states' police departments must ensure date security. The result has been that the police management has now become sensitized to that issue." (National Academy of Economics); "On the physical side [of security], we close what needs to be closed. Some say that only a sentry will be sufficient." (A Soviet bank security official); "How have we responded to viruses? Up until now we suffer." (Institute for Information Problems in the Information Sciences Department of the Academy of Sciences of the USSR). According to various Westerners, pirated software is all over the USSR, and the Soviets often get hit with viruses when they buy these "forbidden fruits" via the Hong Kong or Swiss connections. A number of the 70 known Bulgarian viruses also appear to be prevalent, along with two Soviet strains: Victor and a variant of the Vienna virus. According to Aryeh Goretsky at McAffee Associates, a computer security firm, other viruses that have been confirmed by Soviet and Eastern European antiviral programmers include the following: Yankee Doodle, Vacsina, Microsoft88 (534), Sunday, Amstrad or Pixel, Disk Killer 170X, Stoned, Ping Pong, Vienna, Jerusalem, Friday the 13th COM, Pakistani Brain, Disk Killer and W-13. Programs available to combat viruses are Aidstest by Lozynky and Anti-Kot and Anti-Kor by Kotik. Some Western antivirus programs and some homegrown versions were also found at various Soviet sites. It is noteworthy that viruses are increasing, even though a form of data security exists in the Soviet Union. This security is of the most basic type: It is largely composed of guards and locked doors restricting access to computer rooms. Other simple measures are used, such as limiting links between computers and systems and access controls to files. These measures are far from adequate,however, given the pressure to acquire and distribute microcomputers and to establish networks. What makes the situation worse is the lack of trained data security personnel, data security standards and tools, data security supports and, in some instances (but not in others), lack of knowledge of security techniques beyond basic approaches. Sadly, it appears certain that there will be an onslaught of computer crimes and virus attacks in the near future. If (and when) perestroika can lead to computer linkages of even a minimal sort, the types of crime and abuse problems that have become part of life in the West will be found in the USSR. A mixture of homegrown hackers, outsiders and even some business managers will create what could be a very fearful situation for the Soviet authorities. How they will respond to this challenge is, to a large degree, based on what authority will be functioning in the near future. Decisions about what information to protect and how to do it are not being developed in the USSR today. Unfortunately, it appears that these decisions will be put off there as they were in the U.S. for too long. Soviet computerists, both in state enterprises and the fledgling private sector, can learn about information security from U.S. experiences. The main issue is to try to be like us while avoiding the many problems (including security problems) that we developed in association with computerization. -Sanford Sherizen ******************************************************************** Source: Computerworld, August 20, 1990, pg. 102, Inside Lines: When a young computer hacker broke into an unclassified computer at the Pentagon last November, the U.S. Air Force was quick to draw a bead on him. The Air Force's Office of Special Investigations (OSI) is the only federal agency with a full-time staff of computer crime investigators, according to the OSI. There are 14 Air Force computer crime cops stationed at air bases around the world. The group was instrumental in tracking down the Hannover hacker, profiled in _The Cuckoo's Egg_ by Clifford Stoll. Talk with Soviet users From Computerworld, August 20, 1990, pg. 74, no author. Network connections to and from the USSR are few but growing all the time. Some of the choices include a bulletin board that provides electronic mail and teleconferencing with Soviet computer users called the San Francisco/ Moscow Teleport located at 3278 Sacramento St., San Francisco, Calif. 94115 (415) 931-8500. Another connection is through Peacenet via Jeff Sears, (415) 923-0900. A Russian text processing mailing list, Rustex-L, is also available. It is administered by Dimitri Vulius, Department of Mathematics, City University of New York Graduate Center, who can be contacted at DLV%CUNYVMS1.BITNET@cunyvm.cuny.edu. An excellent overview of Soviet technological growth is provided in a book entitled _Chip in the Curtain: Computer Technology in the Soviet Union_ by David A. Wellman, Washington, D.C., National Defense University Press, 1989. (202) 475-0948. From Computerworld, August 20, 1990, pg. 74, no author. ******************************************************************** ------------------------------ **END OF CuD #2.01** ******************************************************************** Downloaded From P-80 International Information Systems 304-744-2253 12yrs+