• United States



by CSO Contributor

Tech-Related Issues Top List of Fraud Complaints; Personal Data Pirated from Russian Phone Files; Master Key Copying Revealed; CIA Makes First Attempt to Recruit Arab-Americans

Jan 23, 20034 mins
CSO and CISOData and Information Security

Tech-Related Issues Top List of Fraud Complaints

According to an IDG News Service story last night, computer technology underlies the top three categories of consumer fraud complaints lodged with the U.S. Federal Trade Commission in 2002, including the number one complaint: identity theft. Joanna Crane, manager of the FTC’s Identity Theft Program, told IDG News that the theft of business records is a growing problem, which often involves hacking computer networks and stealing data on computer disks. “It’s much easier for them to bring that home with them on a disk than on reams of paper,” she said. Forty-three percent of the 380,000 fraud complaints to the FTC in 2002 involved identity theft. The story summarizes other findings the agency released yesterday.Personal Data Pirated from Russian Phone FilesNew York Times today. A spokeswoman for the company said it was hard to determine where the leak came from, but averred, The measures to protect the database are very strict.” State security services are suspect, because in Russia mobile phone operators and Internet services are required by law to hand over information about their customers to the police and to government agencies like the Federal Security Service. The issue is under investigation, but the Times says, the incident was a reminder of one risk of doing business in Russia, where data piracy is rampant and just about any information can be bought, often quite cheaply.

Mobile Telesystems, a Russian mobile phone company acknowledged on Tuesday that it had suffered a huge security breach that led to pirated CD’s, purportedly containing its entire database of five million customers, appearing on the streets of Moscow, according to a story in the

Master Key Copying RevealedNew York Times story today describes how a security researcher at AT&T Labs has revealed a little-known vulnerability in many locks that lets a person create a copy of the master key for an entire building by starting with any key from that building. Matt Blaze found the vulnerability by applying his area of expertisethe security flaws that allow hackers to break into computer networksto the real-world locks and keys. According to the Times, Blaze applies the principles of cryptanalysis, ordinarily used to break secret codes, to the analysis of mechanical lock designs. He describes a logical, deductive approach to learning the shape of a master key by building on clues provided by the key in handan approach that cryptanalysts call an oracle attack. The technique narrows the number of tries needed to discover a master-key configuration to only dozens of attempts, not the thousands of blind tries that would otherwise be necessary. AT&T decided that the risk of abuse of the information was great, so it has taken the unusual step of posting an alert to law enforcement agencies nationwide. Despite the ethical quandary involved in publishing the paper generally, publication will go forward. Copies distributed privately for peer review have been leaked to the Internet, for one thing, and, since locksmiths say this situation has been in existence for 150 years, the bad guys may already be aware of it. Publication simply “puts the good guys and the bad guys on equal footing,” Blaze told the Times.


CIA Makes First Attempt to Recruit Arab-AmericansBoston Globe. The new ad, which first appeared Sunday in a handful of major urban newspapers, is part of a wider campaign to increase Middle Eastern expertise at the spy agency, with recruiting also taking place in the academic arena. ”We’re looking for second- and third-generation Arab-Americans with area and cultural expertise, as well as foreign language skills,” the Globe quotes CIA spokesman Mark Mansfield. ”We hope this advertisement will reach and attract qualified applicants who might not otherwise consider a career at the agency.” All applicants for a job at the CIA must be US citizens and pass a polygraph test, among other security procedures.

The CIA has rolled out a new recruiting ad that for the first time targets ArabAmericans to meet growing demand for their cultural and language expertise in fighting terrorism, according to a Reuters story in todays