Associated Press Thursday, July 29, 1999 6:49PM

"Experts warn of new y2k threat"

By TED BRIDIS WASHINGTON (AP) via NewsEdge Corporation -

Some programmers hired to fix Year 2000 problems may be quietly installing malicious software codes to sabotage companies or gain access to sensitive information after the new year, two top government computer security experts warned Thursday.

Michael Vatis, director of the FBI's National Infrastructure Protection Center,said experts hired by U.S. companies to fix their computers can secretly install ``trap doors'' _ ways to let them gain access later or add malicious codes, such as a logic bomb or time-delayed virus that could disrupt systems.

``While systems have been and will continue to be extensively tested, the probability of finding malicious code is extremely small,'' agreed Richard Schaeffer, director of the Defense Department's Infrastructure and Information Assurance program.

Neither expert suggested the possible scope of the problem. They raised the alarms at hearing Thursday on the Y2K glitch and cyberterrorism before the Senate Committee on the Year 2000 Technology Problem.

``Many of these (rogue programmers) have no security clearance, do not work for the government, and yet they have access to critical systems that if sabotaged could wreak havoc to our financial institutions and our economy,'' said Sen. Christopher Dodd, D-Conn.

John Koskinen, chairman of the President's Council on Year 2000 Conversion, said security breaches may be difficult to recognize because it's unlikely they'll be triggered on New Year's Day, when systems will face heavy scrutiny. Problems, if any, probably will appear weeks or months later.

``If you have violent intent, the last time in the world you want to set it to go off is January 1 or 2,'' he said.

A recent report from the Gartner Group, a consulting company, predicted electronic thefts worth at least $1 billion, noting that the computer networks of financial institutions, corporations and governments handle transactions worth $11 trillion annually.

``With so many people involved and all the code being looked at, it's such an unprecedented risk if we don't have good audit procedures,'' said Bob Mack, a Gartner analyst.

A New York bank that hired contractors in India to repair its software discovered in 1996 that one of the programmers had added code to transfer money to his own account, said Allen Burgess of Data Integrity Inc., a Y2K consultant later hired by the same bank. Burgess declined to identify the bank.

Schaeffer said problems are complicated by the New Year's rollover, when some computers programmed to recognize only the last two digits of a year may mistake 2000 for a full century earlier.

Both experts said the risks were exacerbated by the amount of software repaired by companies overseas. Vatis called the situation ``a unique opportunity for foreign countries and companies to access, steal from or disrupt sensitive national and proprietary information systems.''

Vatis recommended that companies thoroughly check the backgrounds of companies they hire for software repairs. He also said they should test for the existence of trap doors after the repairs, possibly even hiring teams to try to electronically crack into their own networks.

-- kritter (kritter@adelphia.net), July 31, 1999

Answers

This tells me that the IRS is going down FOR SURE!!!!

-- smitty (smitty@sandiego.com), August 01, 1999.