http://www.infowar.com/

Hacker Sitings and News

11/23/99

US Regulators Warn Banks To Be On Lookout For Y2K Hackers.

WASHINGTON -(Dow Jones)-Federal regulators warned banks and other financial institutions Friday to keep their guards up against opportunistic computer hackers during the Year 2000 date changeover.

"Hackers and developers of malicious software may step up their activities at a time when it may be difficult, without adequate safeguards, to detect or distinguish among a routine software or operations problem, a Year 2000-related problem, and fraudulent or malicious activity," according to an advisory from the Federal Financial Institutions Examination Council. The FFIEC is an umbrella group that includes the Federal Reserve, the Federal Deposit Insurance Corp., the National Credit Union Administration, the Office of the Comptroller of the Currency and the Office of Thrift Supervision.

The advisory counsels bank officers to make sure they have adequate security provisions in place, including up-to-date passwords and limited access to computer systems, and to have contingency plans in case there are problems.

The advisory also calls for making sure tech staff, contractors and others have passed background checks.

While banking regulators have continually said banks are well prepared for the century date change, no one is certain what effects, if any, will result from the Year 2000 computer "bug." The bug occurs when computers running older software mistake dates ending in 2000 for dates ending in 1900.

-By Jonathan Nicholson CAPITAL MARKET REPORT 19/11/1999

-- Helium (Heliumavid@yahoo.com), November 23, 1999

Answers

------The advisory also calls for making sure tech staff, contractors and others have passed background checks.-----

Does this include all of the employees of the foreign firms who did the remediation?

Oooops!

-- oh (my@goodness.gracious), November 23, 1999.

Hackers? Is this just another scapegoat for the Gov. to use when all hell breaks loose next year?

ABC NEWS: Mr. President, do you have an answer as to why Americans on welfare have not received a check since Dec 99'.

Mr President: We have reason to believe that hackers are the problem here.

-- Sha-Kahn (prepare@home.com), November 23, 1999.

Those damn hackers, terrorists, squirrels, woodchucks and drunken drivers.

-- It's all Their Fault (totally@theirs.totally), November 23, 1999.

"WASHINGTON -(Dow Jones)-Federal regulators warned banks and other financial institutions Friday to keep their guards up against opportunistic computer hackers during the Year 2000 date changeover."

This is a complete bunch of crap. I am in charge of the computer security for my bank. There is a FDIC regulator that has a temporary office set up DIRECTLY beside mine. I have asked this person point blank if he honestly thought that hackers were a threat. His response? "(chuckling) It's a specious claim and laughable at best."

"The advisory counsels bank officers to make sure they have adequate security provisions in place, including up-to-date passwords and limited access to computer systems, and to have contingency plans in case there are problems."

I am convinced, after this statement, that the 'authorities' in the banking world, have not one iota of knowledge concerning hackers and hacker penetration attempts, but is an attempt to obfuscate and give the appearance that they know what they are doing. The vast majority of attacks do not remotely involve the use of passwords. Further, the compromising of one machine will eventually give way to compromise of all other machines on the same network. The only conceivable contingency plan is to cut the communications connections and restore from back up while trying to find the hole that was exploited.

"The advisory also calls for making sure tech staff, contractors and others have passed background checks."

This is all well and good, but unless you can examine the source code of the applications that you have bought, you are at the mercy of the people that wrote it. Service Level Agreements and blanket insurance policies against damage will only go so far and do nothing to protect the companies reputation.

You can take my comments for what they're worth, or email me at the address below (it's real) if you have questions. I have more than a dozen years in the Information Security field and I have contacts on both sides of the fence on this issue. I know quite a few 'infamous' hackers personally, and I have worked with a couple of the alphabet agencies in the past as well.

-- Jay (havocuz@mindspring.com), November 23, 1999.

If ever you could see one coming a mile away, these failed remediation scapegoats and straw men and black-sheep are it. Yeah, hackers my ass! Oh yeah and don't forget CYBER-TERRORISTS, I love that one! How about computer viruses from Africa, right wing religious fanatics, millenial madcaps, apocolyptic cultists, messianic maniacs, Muslim extremists, Ossama Bin Bullshit!

How about lying, greedy, self-serving,CYA companies, banks, and utilites. How about elitist, lazy politically correct, lying-if-I'm-breathing govt. officials, bureaucrats and pollyiticians who can't see past their next re-election and would sell their own mother for campaign contributions. I just hope they have enough go-jo to wash the blood and tears of the people off their hands in a couple of months.

Somebody get a rope. A bunch of ropes.

-- doktorbob (downsouth@dixie.com), November 23, 1999.