Systems Beware - Hackers Want In
Weinstein, Michael, American Banker
It's late at night and a young man is rummaging through the trash behind a bank branch.
He's looking for a key to unlock the bank's computer system -- to obtain valid identification codes and passwords.
If he finds the right ones, he can go home to his personal computer and dial into the bank's computer system.
If he doesn't find the right codes, he'll return the next night or spend hours in front of his computer trying to figure out the codes himself.
While many bank computer systems are designed to prevent access by these youthful intruders, or hackers, they are constantly thinking of new ways to penetrate business' computers.
And since banks, like other businesses, have significantly automated their operations in recent years, they are increasingly dependent on their computers.
Meanwhile, the number of microcomputers, or personal computers, is increasing dramatically. And these small computers are using phone lines and other communications networks to gain access to big corporate computers.
The threat to corporate information posed by this new technology has been highlighted by a few well-publicized cases of young computer enthusiasts, or hackers, gaining unauthorized access to various computer systems. Banks Security Better
Computer-security experts generally acknowledge that banks' data security is better tahn that of most companies. And many banks use a variety of techniques to protect their systems, especially the most sensitive ones involving account information and funds transfer. There has been only one known case of hackers breaching a bank's computer system, and that was a low-level inter-office message network.
But a few potential trouble spots are unresolved. Bankers should not underestimate the hacker community: It pools information and is relentless in the pursuit of its goals. Identification codes for bank computer systems have already begun appearing on the electronic bulletin boards used by hackers.
Illicit activity by insiders -- whether alone or in tandem with hackers -- is even more threatening. Computer education courses are taught in prisons, and some computer-security experts worry that hardened criminals are getting into computer crime.
The banking industry itself is encouraging the spread of microcomputers through its home banking and corporate cash management programs. Ironically, these systems that are designed to improve banking services may increase the vulnerability of customers' accounts and banks' computer systems.
There are no firm statistics on the banking industryhs losses due to computer crime. Banks are loath to publicize such incidents, but there are a few known cases.
An operations officer at Wells Fargo Bank embezzled $21.3 million from the bank beginning in 1978 by manipulating the branch settlement system. The scheme went undetected for two years. And Stanley Mark Rifkin, a computer consultant, stole $10.2 million from Security Pacific National Bank several years ago through a fraudulent wire transfer.
While these crimes were not perpetrated by hackers, they show the large amounts of money involved with computerized banking. Dial-Up Lines
For now, banks' exposure to hackers is mainly limited to dial-up phone lines. With a dial-up line, one computer, such as a hacker's microcomputer, can call another, like a bank's central computer, to support communications between the two computers.
For instance, in 1982 a former employee of the Federal Reserve Board dialed into a Fed computer using the access code of another Fed employee. Working for a brokerage firm at the time, the former Fed worker was looking for secret money supply data.
In a typical hacker operation -- accurately depicted in the movie "War Games" -- the hacker finds a phone number that is connected to a computer and repeatedly tries different passwords to get into the system. …