NASDAQ hit not the last

 e-risk analysis™

London, UK, 15:30 GMT 16th September 1999 - The recent hack of the NASDAQ and AMEX web site (www.nasdaq-amex.com), in which the hacker group 'United Loan Gunmen' (ULG) infiltrated the internet computing end and defaced the web site demonstrates graphically the vulnerability of very high profile web sites. This attack succeeds recent attacks by ULG on other well known web sites - C-Span, ABC and Matt Drudge - highlighting the concern that successful web sites and on-line businesses are more vulnerable to Cyber Attack, as they receive more unwanted attention from hackers. This is simply because the hacker groups are aware of the influence of these well viewed sites. By attacking them, the hackers are more likely to achieve their disparate aims of embezzlement, extortion or notoriety.

mi2g software comment

"On-line financial institutions, bourses and shopping sites ought to be aware that they need to put internet security at the top of the board agenda. Whilst the security blue print is off-the-shelf and not unique in architecture, high profile hacking attacks will become weekly and then daily. The inevitable consequences when the hack becomes public knowledge are likely to be a sharp drop in share price and Downstream Liability for the victim", said D K Matai, Managing Director of mi2g software.

Analysis

For this information please contact e-risk.analysis@mi2g.com

Long Term View

At present the 'source code' of most commercial software is not available publicly. If a security hole is discovered by a well sized client company, their own programers can't plug the hole directly, they have to wait for the vendor to provide a patch, which may be made available in a few days, weeks or months. For older operating systems and standard applications, where some standard security concerns have been addressed, the 24-hour, 365-day, non stop international threat arising from a networked culture was not adequately considered in the beginning because it did not exist at that time. The loss-of-confidence cost of correcting the architectural flaws is so high that it is likely that newer open operating systems with bespoke fortress architecture will ultimately supersede in security critical areas for large clients.

Background:

1. mi2g software presented seminars on e-risk at Richards Butler on 4th August and Hammond Suddards on 8th September. A total of 220 CEOs, FDs and Partners from USA, Germany, Japan and Britain have attended the events which highlight the threat to e-commerce systems from Cyber Warfare. We presented an update on all major Cyber Warfare incidents and trends within the escalating threat to e-commerce businesses, financial institutions and multi-national corporations. Future seminars on e-risk are planned for October and November 99.

2. Downstream Liability is the real possibility of litigation arising from customers and businesses that have bought a product or a service from a vendor in good faith and have surrendered personal and financial information about themselves for a declared purpose only.

3. The total cost of servicing Cyber Warfare incidents worldwide is likely to exceed $20 Billion in 1999 according to mi2g software. In the last seven months, there have been three major virus attacks and several full scale Cyber Attacks. Melissa in March, Chernobyl in April and the fatal ExploreZip in June cost corporations huge unplanned and unbudgeted resources. The cost of disabled computers and their down time through each major worldwide Cyber Warfare incident is already exceeding $2.5 Billion.

4. mi2g software (www.mi2g.com) is a leading edge London based e-commerce enterprise specialising in e-commerce risk management and bespoke security architecture.