TST on Cyber Terror Inquiry

[John Young]

The article Winn Schwartau cited today and a related column: 
 
---------- 
 
   The Sunday Times (London), June 9, 1996, p. 1/8 
 
 
   Secret DTI inquiry into cyber terror [Insight Column] 
 
 
   The government has been holding a secret investigation into 
   attacks by "cyber terrorists" on the City of London for 
   more than two years. The Department of Trade and Industry 
   (DTI), Bank of England, GCHQ, the secret listening station, 
   and the Defence Research Agency (DRA) are involved in the 
   inquiry. 
 
   The existence of the investigation, which began in April 
   1994, emerged after The Sunday Times revealed last week 
   that banks, broking firms and investment houses had paid 
   millions of pounds to gangs that threaten to wipe out 
   computer systems. 
 
   Correspondence from the investigating authorities, seen by 
   Insight, include letters from civil servants saying they 
   are "extremely concerned" at the evidence of extortion 
   demands. 
 
   Yesterday the DTI issued a statement confirming the inquiry 
   and suggesting its work had been hampered by the lack of 
   co-operation from City institutions. 
 
   "We are very interested in the allegations of extortion 
   directed at City of London institutions which were brought 
   to our attention in 1994. We responded then by involving 
   many government organisations, including the DTI, the 
   police, the Bank of England and other agencies. So far, we 
   have not been presented with any hard evidence from 
   victims. We would urge those threatened to come forward," 
   a spokesman said. 
 
   In one letter, dated May 1995, David Hendon, director of 
   DTI technical affairs, wrote to a company specialising in 
   computer security work stating that he was taking the City 
   extortion issue "extremely seriously". Insight has since 
   seen the evidence passed to the DTI and GCHQ which sparked 
   the investigation. In 1994, a consultant working for a 
   company which undertakes computer risk assessments for City 
   institutions compiled a table of 46 attacks on banks and 
   finance houses in New York, London and other centres, 
   starting in January 1993. 
 
   The list included details of raids on three British banks 
   and one American investment house. The documents suggested 
   that operations in the futures markets had been a focus for 
   some of the attacks. 
 
   Documents sent by the DRA, from the office of Professor 
   David Parks, a senior director, indicate that the agency is 
   especially interested in the "weaponry" deployed by the 
   cyber terrorists. 
 
   The agency believes high-intensity radio frequency (HIRF) 
   guns may have been used to black out trading positions in 
   City finance houses. The weapon disables a computer by 
   firing electromagnetic radiation at it and is a "black 
   programme" at the defence ministry, one of the highest 
   security classification levels. 
 
   Last December, Parks approached a company which specialises 
   in defensive measures against information warfare and 
   carries out work for GCHQ. For a L30,000 fee it was asked 
   to arrange a demonstration of a portable HIRF weapon in 
   Germany. 
 
   Details of the HIRF weaponry and its use in the City have 
   also been compiled by Computing magazine, which intends to 
   pass them to the DTI and other authorities. 
 
   [End] 
 
---------- 
 
   [Related column, p. 2/4] 
 
   Held to ransom by superhighway-men 
 
   Private Account [Column] 
 
   By Jeff Randall 
 
 
   Forget Butch Cassidy and the Sundance Kid, the world's 
   financial institutions have a new type of bank robber to 
   deal with -- the cyber terrorist. 
 
   Before you start thinking it sounds like science fiction, 
   consider this: the Department of Trade and Industry (DTI) 
   this weekend confirmed there is an official investigation 
   into "raids" by gangs of computer experts who threaten to 
   wipe out electronic information and trading systems, unless 
   they are paid off. 
 
   The DTI spoke out after last weekend's scoop by the Sunday 
   Times' Insight team revealing that some of London's best- 
   known institutions have paid huge ransoms to "electronic 
   highwaymen" to prevent the meltdown of computer networks. 
   These revelations have sent a shiver up the spines of the 
   City's top banks. Financiers are terrified the emergence of 
   a gaping hole in their systems will cause a loss of 
   investor and customer confidence -- and rightly so. 
 
   Can you imagine calling your stockbroker to buy a few 
   thousand ICI shares, only to be told its entire information 
   bank had been blown away by a Dick Turpin with a PhD in 
   electronic engineering? 
 
   If, like me, you know nothing about computer technology, 
   and care even less, the temptation is to dismiss the 
   problem as the creation of Arthur C Clarke. But the DTI has 
   acknowledged for the first time that an investigation into 
   these "attacks" has been under way for two years. The Bank 
   of England and GCHQ, the government's secret listening 
   station, are working alongside the DTI in the inquiry. 
 
   Agencies in Britain and America believe there have been 
   more than 40 raids on investment firms in New York, London 
   and other European financial centres since 1993. Victims 
   are understood to have paid up to L13m a time after 
   blackmailers showed their ability to bring electronic 
   trading in shares, bonds and commodities to a halt. 
   Futures-market systems have been a favoured target of the 
   space-age bandits. In some cases, the blackmailers have 
   used technology developed by military scientists. 
 
   But here is the paradox: the DTI has been hampered by the 
   reluctance of City firms involved to co-operate. 
   Extortionists have so frightened the investment houses, 
   they fear reprisals if they are discovered helping official 
   agencies track down the gangs. There is also concern that 
   an admission of the threats would diminish confidence in 
   the banking system and create a loss of face for the 
   victims. A banker told Insight: "You will never get a 
   financial institution to admit it has an extortion policy, 
   let alone that it has paid money." 
 
   That begs the question: who in London has paid up? Insight 
   has been told of at least four blue-chip firms caving in to 
   extortionists. For the time being, we have agreed to keep 
   certain information confidential to preserve the integrity 
   of the institutions while the agencies investigate. But the 
   names will eventually surface, and then there will be some 
   serious explaining to do. 
 
   [End]