Internet Trojans likely to cause
havoc for Company Directors
London, UK, 09:30 GMT 20th August 1999 - Several thousand company
directors in the UK may be in violation of the Data Protection Act if they
have a business connected to the internet. Proper protection needs to be put
in place against unauthorised access of customer and employee data, held by
their company. The emergence of Remote Control Trojan Horse (RCTH) software
variants has greatly multiplied the risk of violation. Trojan variants can
be sent into company networks via e-mail, lie undetected and continue to export
vital information to internet locations anywhere in the world via the backdoor.
"Newer, more sophisticated and deviant variants
of Trojans are being released constantly. It is a nightmare to realise that
cameras and microphones connected to computers may be unknowingly transmitting
internal conversation and images to third parties in the world. All customer
credit card records, passwords, intellectual property, spread sheets and personnel
details may also be exported out of the company in bursts lasting a few seconds
each. When it is discovered that this has happened, how are the directors
going to respond to their customers, share holders and regulatory bodies?",
said DK Matai, Managing Director of mi2g software.
The two most popular Trojan Horses are Netbus and Back Orifice 2000. There
are at least thirty more including Girlfriend, Master's Paradise and GateCrasher.
These variants have been disguised as several hundred games, screen savers,
pictures, holiday greetings, upgrades and other harmless looking files to
be sent to unsuspecting business users by e-mail. Anti-virus toolkits cannot
detect most of the variants with name changes, default setting changes or
when they are installed via the startup menu.
"The guidelines issued by the Data Protection
Registrar provide some guidance to companies wishing to review their security
measures to protect against unauthorised access. Apart from the obvious dangers
of piracy, passing off, denial of service or other hazards, including possibly
extortion, directors need to be aware of the Data Protection Act requirements
and the effects of exposing their wired business to the internet.",
said Larry Cohen, Head of Intellectual Property at Hammond Suddards, a leading
UK law firms.
On Wednesday 8th September, mi2g software is holding the 2nd seminar
in a series on, "Countering the growing Corporate
threat from Cyber Warfare" in the City of London at 5:30pm
in conjunction with Hammond Suddards. The purpose of this exclusive seminar,
aimed at the CEOs and FDs of financial institutions and multi-national corporations,
is to present the need for well funded Bespoke Security Architecture solutions,
that are individually designed for each company, to counter the growing corporate
threat from Cyber Warfare through Trojan Horses, Viruses and Hacking.
1. This is an issue with international ramifications. Data protection across
the EU is being harmonised, and the directives are in place. Businesses need
to ensure that their approach is consistent across Europe. Meanwhile, the
US is relying on self regulation, and with a prohibition on the transfer of
computer data outside the EU becoming imminent, internal data transfer checks
will have to be constructed by multi-nationals. Directors will have to be
careful to ensure that EU data protection laws are not circumvented by inadvertent
transfer due to lax procedures in the USA.
2. Cyber Warfare is when individuals acting via the internet or through viruses
malevolently attack industry, business, social utilities and national security
with an intent to cause disruption or damage. Such individuals need only a
relatively simple computer capability to make such Cyber Attacks highly effective.
mi2g successfully predicted the Cyber Attack to businesses, governments
and financial markets in early January, which was brought home during the
recent NATO-Serbia Cyber War between March and early June.
3. The total cost of servicing Cyber Warfare incidents worldwide is likely
to exceed $20 Billion in 1999 according to mi2g. In the last seven
months, there have been three major virus attacks and several full scale Cyber
Attacks. Melissa in March, Chernobyl in April and the fatal ExploreZip in
June cost corporations huge unplanned and unbudgeted resources. The cost of
disabled computers and their down time through each major worldwide Cyber
Warfare incident is already exceeding $2.5 Billion.
4. Hammond Suddards is one of the UK's largest commercial law firms. Larry
Cohen, as Head of Intellectual Property at Hammond Suddards leads a team of
legal experts in Internet practice and e-commerce issues. Recently, he has
been actively engaged in the campaign against Genetically Modified (GM) crop
protesters, many of whom take an anarchist viewpoint and some of whom the
Police believe were involved in the organisation of the Stop the City protest
on June 18. These organisations have been using the Internet as their means
of communication in order to co-ordinate protesters against the planting of
GM foods and other genetically modified crops, while relying on Civil Liberties
to try to prevent their own Cyber secrets being disclosed under court order.
5. mi2g software (www.mi2g.com) is a Central London based R&D
focussed e-commerce technology enterprise that has already developed the main
components to become a world-class player in secure e-commerce trading, broking
and banking. mi2g pioneered the concept of secure internet lounges
- industry specific portals - in early 1996.