Carriers' Web Sites Breached

MSNBC (www.msnbc.com) reported in late July that the personal data of consumers who had purchased wireless phones from the Web sites of an AT&T Wireless (www.attws.com) reseller and Verizon Wireless had been posted in Internet chat rooms (www.verizonwireless.com).

Both Verizon Wireless and AT&T Wireless have announced that they're investigating the alleged security breaches but have offered little additional comment.

However, a security expert familiar with the investigation, requesting anonymity, said AT&T Wireless is investigating a number of possibilities, including computer viruses and employee-information theft.

“It's good for companies to remember that they're locking the door (to networks) and putting up firewalls, but that employees can walk out the door with secure information,” the source said.

Scanners haven't detected a virus, but it can't be ruled out, the source added, citing the alleged December breach at Microsoft in which code was stolen (www.microsoft.com).

“The best working theory that (the security community) has is that somebody inside the company took their laptop on the road and picked up a Trojan (virus) — something we call QAZ,” the source said. “When they got back to the office, the QAZ virus kept spreading from computer to computer. It moved until it found a computer with a user that had really good security access, and (the virus) was able to create a hole to the outside world, allowing the guy who wrote it to get access to secure information.”

Michael Panczenko, e-crime director at The Windermere Group (www.windermeregroup.com), said cyber crime can't be stopped, but carriers can reduce their risks.

“Technology provides part of the answer,” Panczenko said. “But it's only a small part because security is a complex process comprising technology, threat and risk assessment, policies and people. The other parts of the solution lie in education and awareness. We need to raise awareness of the dark side of the Internet and avoid those behaviors that increase the risk of doing business online.”

Cybercrime Facts

Approximately 80% of all cyber crime is the result of insider attacks. Sometimes, the cyber attacker is a recently laid-off system administrator whose remote-account privileges still are active, or perhaps he created back doors to the network. Organized crime groups also can be behind security breaches.

Scarier still, some carriers' fraud and forensic-services providers report that organized crime and terrorist groups are recruiting telecommunications workers actively to use telephone networks to commit fraud, piracy and money laundering. These workers can control how information is routed over the network and access computer logs to erase transaction trails such as electronic fund transfers.

Network forensics, such as looking for anomalies in files and reviewing log entries, can be used to help carriers determine how a system was attacked. Wireless carriers also can reduce security breaches by testing software before releasing it for employee or customer use, by monitoring networks for threats and fixing problems when they are discovered, which includes being aware of manufacturers' software patches and updates.

Michael Panczenko, The Windermere Group (www.windermeregroup.com) e-crime director