Lost in the Noise (Archive)

A top secret IT centre will ensure pensioners and civil servants receive payments in the aftermath of a disaster or hurricane.

The location of the Government facility is so under-wraps, Minister of Energy, Telecommunications and E-Commerce Terry Lister could only disclose it was "a number of miles from Hamilton".

Mr. Lister said he could not reveal the location of the centre for "security reasons".

"We can't tell you that," he told The Royal Gazette. "Because Bermuda is so small, one would know exactly where they are.

"The whole point to it is if our systems went down from sabotage we would have another site where no one knew where it was."

The Minister did disclose the costs of the facility – $44,000, plus staffing costs.

The "high-security processing site" is built from concrete to withstand hurricanes, with a generator for power outages. It will be manned by staff from a Bermudian IT company, which Mr. Lister also refused to disclose the details of, for "security reasons".

The 'Disaster Recovery System' however, is now capable of processing transactions for the Accountant General and Department of Social Insurance after successful testing on November 1.

Mr. Lister said that during 2009, Disaster Recovery Plans will also be rolled out for other Government departments, with Customs and Immigration the next in line. He said priority would be given to "the biggest and most critical departments, in terms of interacting with the public".

"In the modern world of Information Communication Technology (ICT) factors such as security and disaster recovery are critical for an organisation's success," said the Minister.

"I know many large businesses in Bermuda take disaster recovery seriously and have world-class recovery plans including offsite redundancy centres from where they can run their business, providing seamless service to clients.

"In line with this initiative the Government Information Technology Office (ITO) has been working on and improving the Disaster Recovery Plan for two critical Government Departments - the Accountant General's office and Social Insurance. The work of these two Departments touches the lives of nearly every Bermuda resident, and most businesses, because these applications make accounts payable, payroll and pension payments."

Mr. Lister explained that the Disaster Recovery Plan rallies a 'real time' copy of all transactions on Government's production systems over to the Disaster Recovery System. The new IT system was an improvement, he said, because it no longer relied on "time consuming" tape copies, in which reading errors could also be made.

Mr. Lister said that in the event of a hurricane, such an offsite secure facility would "facilitate recovery efforts, allowing life to return to normal".

"I encourage businesses to follow Government's example and develop disaster recovery plans if they haven't already," he said.

Australian Federal Police have launched a high-level investigation into a security breach involving confidential Australian diplomatic cables and police documents that were left in open files on a computer and read by guests at a hotel in Nepal.

Within hours of The Age revealing the breach yesterday, the AFP ordered an officer based in south Asia to return at once to Australia.

"The breach is believed to have involved an officer using a USB stick in a hotel computer," the AFP said in a statement.

"The officer allegedly involved in the security breach will be returned to Australia to assist the investigation."

AFP officers also yesterday apologised to family members of a Melbourne couple killed in a plane crash near Mount Everest on October 8.

Police photographs of the charred bodies of Andrew Frick McLeod, 31, his girlfriend Charlene Kate Zamudio, 24, and 16 other crash victims were left on a computer and could be seen by guests at the Radisson Hotel in Kathmandu for three weeks, The Age revealed yesterday.

In a statement, the AFP said: "While the full circumstances surrounding the security breach are yet to be established, the AFP has spoken to the families of the Australian victims and unreservedly apologised for any additional distress it may have caused."

The Age revealed documents left on computers in the hotel's business centre included a copy of a seven-page document detailing priorities and strategies for the AFP's office in Bangladesh, including information about sharing intelligence with foreign agencies.

A hotel guest took copies of some of the material and gave them to The Age so that Australian authorities would be made aware of the security breach.

The Age yesterday gave all its copies to the AFP.

President Asif Ali Zardari promulgated the Prevention of Electronic Crimes Ordinance on Thursday, making cyber-terrorism punishable with death or imprisonment for life.

The penalty is limited to an offence that ‘causes death of any person’, according to the ordinance that will be considered effective from September 29.

“Whoever commits the offence of cyber terrorism and causes death of any person shall be punishable with death or imprisonment for life, and with fine,” the new law states. In other cases, “he shall be punishable with imprisonment of either description for a term which may extend to 10 years, or with fine not less than Rs 10 million, or with both”.

“Any person, group or organisation who, with terroristic intent, utilises, accesses or causes to be accessed a computer or computer network or electronic system or electronic device or by any available means, and thereby knowingly engages in or attempts to engage in a terroristic act commits the offence of cyber terrorism.”

‘Terroristic intent’ has been defined as: “To act with the purpose to alarm, frighten, disrupt, harm, damage, or carry out an act of violence against any segment of the population, the government or entity associated therewith”.

“Aiding the commission of or attempting to aid the commission of an act of violence against the sovereignty of Pakistan, whether or not the commission of such act of violence is actually completed; or stealing or copying, or attempting to steal or copy, or secure classified information or data necessary to manufacture any form of chemical, biological or nuclear weapon, or any other weapon of mass destruction also includes cyber terrorism,” states the ordinance.

Fraud, stalking, spamming: Criminal access to an electronic system will be punishable with up to two years in prison and a Rs 300,000 fine, according to the ordinance. Criminal data or system damage is punishable with up to three years.

Electronic fraud will be punishable with up to seven years of imprisonment and/or fine, ‘misuse’ of electronic systems with up to three years, unauthorised access to code with up to three years, and producing malicious code with up to five years.

Cyber stalking is punishable with up to seven years in prison and a Rs 100,000 fine, and up to 10 years if the victim is a minor.

Spamming will be punishable with up to a Rs 50,000 fine for the first offence, and three months in prison for subsequent offences.

A former prison inmate has been arrested and charged with hacking the facility's computer network, stealing personal details of more than 1,100 prison employees and making them available to fellow inmates.

Francis G. Janosko, 42, gained access to the names, addresses, dates of birth, social security numbers and telephone numbers of employees working for the Plymouth County Correctional Facility in Massachusetts, according to an indictment unsealed Wednesday in US District Court in Boston. Using a thin client that was connected to a prison server, the prisoner was able to access an employee database by exploiting a bug in legal research software made available to inmates.

Once he obtained the personal information of the employees, he made it accessible to other inmates. Janosko also managed to obtain the username and password to a prison management program, and to access the internet to download videos and digital photographs of prison employees, inmates and aerial shots of the prison. The accused hacking took place between October 2006 and February 2007.

"Although the legal research computer server was connected through the prison's network to the internet solely so that it could obtain updates to its Windows operating system, the legal research server was configured to disallow access to the worldwide web," the indictment stated. Computer use was limited to legal research only; use of the internet was forbidden.

Janosko is charged with one count each of aggravated identity theft and intentional damage to a protected computer. If convicted, he faces a maximum sentence of 12 years in prison and a fine of $250,000. He could also be forced to pay unspecified restitution.

According to The Boston Globe, Janosko was arrested in 2005 on child pornography charges after investigators discovered nude photos of children on his cellphone. It was the third time he faced such charges, The Globe reported. He was listed as a Level 3, or high-risk, sex offender in Massachusetts in 2005.

Attackers bent on shutting down large Web sites — even the operators that run the backbone of the Internet — are arming themselves with what are effectively vast digital fire hoses capable of overwhelming the world’s largest networks, according to a new report on online security.

In these attacks, computer networks are hijacked to form so-called botnets that spray random packets of data in huge streams over the Internet. The deluge of data is meant to bring down Web sites and entire corporate networks. Known as distributed denial of service, or D.D.O.S., attacks, such cyberweapons are now routinely used during political and military conflicts, as in Estonia in 2007 during a political fight with Russia, and in the Georgian-Russian war last summer. Such attacks are also being used in blackmail schemes and political conflicts, as well as for general malicious mischief.

A survey of 70 of the largest Internet operators in North America, South America, Europe and Asia found that malicious attacks were rising sharply and that the individual attacks were growing more powerful and sophisticated, according to the Worldwide Infrastructure Security Report. This report is produced annually by Arbor Networks, a company in Lexington, Mass., that provides tools for monitoring the performance of networks.

The report, which will be released Tuesday, shows that the largest attacks have grown steadily in size to over 40 gigabits, from less than half a megabit, over the last seven years. The largest network connections generally available today carry 10 gigabits of data, meaning that they can be overwhelmed by the most powerful attackers.

The Arbor Networks researchers said a 40-gigabit attack took place this year when two rival criminal cybergangs began quarreling over control of an online Ponzi scheme. “This was, initially, criminal-on-criminal crime though obviously the greatest damage was inflicted on the infrastructure used by the criminals,” the network operator wrote in a note on the attack.

The attack employed a method called reflective amplification, which allowed a relatively small number of attack computers to generate a huge stream of data toward a victim. The technique has been in use since 2006.

“We’re definitely seeing more targeted attacks toward e-commerce sites,” said Danny McPherson, chief security officer for Arbor Networks. “Most enterprises are connected to the Internet with a one-gigabit connection or less. Even a two-gigabit D.D.O.S. attack will take them offline.”

Large network operators that run the backbone of the Internet have tried to avoid the problem by building excess capacity into their networks, said Edward G. Amoroso, the chief security officer of AT&T. He likened the approach to a large shock absorber, but said he still worried about the growing scale of the attacks.

“We have a big shock absorber,” he said. “It works, but it’s not going to work if there’s some Pearl Harbor event.”

Over all, the operators reported they were growing more able to respond to D.D.O.S. attacks because of improved collaboration among service providers.

According to the Arbor Networks report, the network operators said the largest botnets — which in some cases encompass millions of “zombie” computers — continue to “outpace containment efforts and infrastructure investment.”

Despite a drastic increase in the number of attacks, the percentage referred to law enforcement authorities declined. The report said 58 percent of the Internet service providers had referred no instances to law enforcement in the last 12 months. When asked why there were so few referrals, 29 percent said law enforcement had limited capabilities, 26 percent said they expected their customers to report illegal activities and 17 percent said there was “little or no utility” in reporting attacks.

Een proef met het Elektronisch Patiëntendossier (EPD) in Twente heeft forse problemen aan het licht gebracht. Deze variëren van talloze technische storingen waardoor medische gegevens niet toegankelijk zijn, tot twijfels over veilig gebruik van pasjes die artsen toegang geven tot de elektronische dossiers. afbeelding vergroten. Dat blijkt uit een afrondende studie van onderzoekers bij TNO en het Telematica Instituut in opdracht van het ministerie van VWS.

Bij de ruim twee jaar durende proef in Twente werden digitale dossiers van huisartsen aangesloten op een landelijk netwerk. Via dat netwerk moeten op termijn ook patiëntgegevens uit ziekenhuizen en apotheken voor zorgverleners beschikbaar zijn.

Twentse huisartsen kaartten de storingen en knelpunten al eerder dit jaar aan, maar volgens minister Klink (Volksgezondheid) zouden ze worden opgelost. Naar nu blijkt bleven onder meer Overijsselse huisartsenposten met problemen kampen. Storingen in het systeem leiden bij gebruikers tot frustratie en extra werkbelasting, schrijven de onderzoekers.

VWS stelt in een reactie dat het gaat om 'kinderziektes'. Klink wil dat alle huisartsen in september volgend jaar op het landelijke systeem zijn aangesloten. De projectleider van de proef twijfelt aan dat tempo.

bron: http://www.ad.nl/binnenland/2756042/Test_met_patintendossier_faalt.html