Euro Stirs Y2K-Like Concerns

By Dermot McGrath 2:00 a.m. Oct. 9, 2001 PDT

PARIS -- Introducing a new currency may not be the kind of event to inspire Hollywood blockbusters, but security experts and intelligence agencies warn that the arrival of the euro in January 2002 has the potential for at least a B-grade disaster movie.

Denial-of-service attacks, rampant viruses, terrorist atrocities, cyber-fraud and money-laundering are just some of the sinister scenarios that euro program managers are having to factor in to their contingency plans for the currency changeover.

No one has mentioned a plague of locusts -– for the moment.

"At the time of the recent terror attacks, most enterprises had just about finalized their preparations for the euro changeover," said Nick Jones, an analyst and euro implementation expert with the Gartner Group. "Now the landscape in which this final changeover will occur has changed drastically and enterprises must revise their plans accordingly."

Jones claims that a similar terrorist attack in Europe during the euro transition could be particularly disruptive, as could the consequences of an actual war.

"The introduction of the euro is unprecedented in economic terms, and it would be naive to think that there won't be individuals or groups who could try to take advantage of the inevitable confusion stemming from the phasing out of national currencies," Jones said.

While cyber terrorism is not believed to be a major threat come next January, denial-of-service or virus attacks targeting Europe's financial infrastructure and high-profile organizations cannot be ruled out, Jones warned.

"Enterprises should be prepared for every eventuality," Jones said. "One can just imagine the potential for chaos if Europe was struck by denial-of-service attacks or a virus like the Nimda worm at exactly the time that financial institutions and corporations are depending heavily on their computer systems. Data could become corrupted during a conversion, the unavailability of a trading partner's website could prevent end-to-end testing, or enterprise websites for providing changeover information to customers and employees could go down," he said.

Noel Hepworth, euro project director with the European Federation of Accountants (FEE) said that the large number of enterprises -– estimated at between 20 percent and 40 percent -- that had left their euro conversion projects until the last minute was a source of concern.

"Viruses or denial-of-service attacks are undoubtedly a worry, but I think the lack of preparedness from companies is the biggest threat to a smooth changeover," Hepworth said. "This obviously has serious repercussions for trade and commerce. These enterprises will be more vulnerable to whatever problems might arise in the initial changeover period, since they'll be too busy firefighting to worry about some of the wider concerns of the euro changeover."

Dennis Keeling, chief executive of BASDA, the Business Application Software Developers Association, stressed the need for all companies who do business in Europe to remain vigilant.

"Any company trading with the euro-zone over the next few months will need to be cautious, particularly if its customers or suppliers are not already using the euro as a trading currency," Keeling said. "The many businesses unprepared for the changeover risk collapse, perhaps taking their trading partners’ money with them."

Others have warned about the massive potential for fraud when the euro makes its official appearance in the new year.

"The introduction of the euro represents a golden opportunity for organized crime," said John Abbott, director general of Great Britain’s National Criminal Intelligence Service (NCIS). "During conversion, from 1 January 2002 to midway through the year, criminals will exploit public, commercial and institutional confusion to their advantage."

Jay Valentine, ex-CEO of Infoglide Software, knows a thing or two about the sophistication of online fraudsters; he led the team that built the real-time cyber-fraud system for auction house eBay. He says that cyber criminals will be rubbing their hands with glee at the prospect of the euro changeover.

"Whenever there is a social discontinuity, there is massive cyber-fraud," Valentine said. "This first happened in the Y2K scare. Now, with the arrival of the euro, there will be a substantial increase of new Web-based scams because cyber criminals, like all fraud artists, need periods of change to prosper," he said.

Peter Vogel, a partner with the law firm Gardere Wynne Sewell in Dallas, agreed that the potential for cyber-fraud during the euro changeover is mind-boggling.

"In the U.S., for example, there is a bank transfer system called Fedwire that transfers $3 trillion per day, and the U.S. Government Accounting Office (GAO) claims that at any time $40 million to $50 million are unaccounted for, meaning it is either lost or stolen. That's just one country, so imagine the potential criminal opportunities to transfer euros on the Internet between 15 countries," he said.

Vogel added that the "code of silence" that prevails among enterprises when it comes to cyber crime only makes it harder to nab the criminals.

"The criminal vulnerability for the euro is made worse by the fact that less than 10 percent of computer/Internet crimes are reported because of the potential adverse publicity and lack of public confidence if a major bank admitted that a major theft had occurred," Vogel said.

Patrick O'Beirne, a euro consultant with Systems Modelling and author of a book on information systems and the euro, said that the new currency undoubtedly presented an opportunity for white-collar crime or "inside jobs." The challenge for companies will be detecting whether conversion mistakes have been the result of human error, a software glitch or deliberate fraud, O'Beirne said.

Such confusion has already been evident this year in some European countries as company payrolls, financial institutions and government bodies began calculating amounts in euros.

In France, Electricité de France (EDF) was underpaid by 50,000 of its customers because they confused francs with euros on electricity bills, while workers in a Spanish computer firm were surprised when their paychecks of 200,000 pesetas a month (about $1,100) were mistakenly printed as 200,000 euros (about $184,000).

The countdown to the euro comes at a time when politicians have been calling for tougher measures to tackle cyber crime.

Douglas Alexander, the United Kingdom's minister of state for e-commerce, recently warned that businesses used by hackers to attack other enterprises must take a share of the blame.

"The terrorist attack on America has put a new and intense focus on information security," Alexander said. "Businesses that have gaps in their security and act as a platform for denial-of-service attacks must be held responsible for their role in the attack."

The Belgian government has also been pushing EU members to support its plans for an early warning system for computer viruses. The idea is to create a Web of computer virus and cyber-crime centers that would swap intelligence and give advance warning of emerging threats.

That, however, will come too late to help enterprises deal with the euro conversion. In the meantime, companies are advised to reinforce their cybersecurity measures before Jan. 1 –- or face the consequences.

Gartner's Jones recommended that IT systems should be fully checked for conversion functionality, antivirus protection and backup strategies in the event of a problem. He also advised enterprises to draw up a contingency plan covering scenarios such as power cuts, lack of staff and hardware failure.

"The apocalypse scenario hopefully won't happen, but it's better to be safe than sorry," Jones said.

http://www.wired.com/news/print/0,1294,47252,00.html

-- Martin Thompson (mthom1927@aol.com), October 09, 2001