Australian Bank Fraud
I really wish this article had more details about the crime. Basically, a criminal ring used an authentication failure with fax transmissions to steal (unsuccessfully, as it turned out) $150 million Australian dollars.
Entries Tagged "Australia"
Page 4 of 4
Australian Minister's Sensible Comments on Airline Security Sparks Outcry
I’m the first to admit that I don’t know anything about Australian politics. I don’t know who Amanda Vanstone is, what she stands for, and what other things she’s said about any other topic.
But I happen to think she’s right about airline security:
In a wide-ranging speech to Adelaide Rotarians, Senator Vanstone dismissed many commonwealth security measures as essentially ineffective. “To be tactful about these things, a lot of what we do is to make people feel better as opposed to actually achieve an outcome,” Senator Vanstone said.
And:
During her Adelaide speech, Senator Vanstone implied the use of plastic cutlery on planes to thwart terrorism was foolhardy.
Implied? I’ll say it outright. It’s stupid. For all its faults, I’m always pleased when Northwest Airlines gives me a real metal knife, and I am always annoyed when American Airlines still gives me a plastic one.
“Has it ever occurred to you that you just smash your wine glass and jump at someone, grab the top of their head and put it in their carotid artery and ask anything?” Senator Vanstone told her audience of about 100 Rotarians. “And believe me, you will have their attention. I think of this every time I see more money for the security agencies.”
The Immigration Minister also told of a grisly conversation with Mr Howard during a discussion on increased spending on national security.
Senator Vanstone said: “I asked him if I was able to get on a plane with an HB pencil, which you are able to, and I further asked him if I went down and came and grabbed him by the front of the head and stabbed the HB pencil into your eyeball and wiggled it around down to your brain area, do you think you’d be focusing? He’s thinking, she’s gone mad again.”
Okay, so maybe that was a bit graphic for the Rotarians. But her comments are basically right, and don’t deserve this kind of response:
“(Her) extraordinary outburst that airport security was a sham to make the public feel good has made a mockery of the Howard Government’s credibility in this important area of counter-terrorism,” Mr Bevis said yesterday. “And for Amanda Vanstone to once again put her foot in her mouth while John Howard is overseas for serious talks on terrorism is appalling. She should apologise and quit, or if the Prime Minister can’t shut her up he should sack her.”
But Mr. Bevis, airport security is largely a sham to make the public feel better about flying. And if your Prime Minister doesn’t know that, then you should worry about how serious his talks will be.
Vanstone has been defending herself:
Vanstone rejected calls from the Labor Party opposition for her resignation over the comments they said trivialised an important issue, saying she was not ridiculing security measures.
“If the day has come when a minister can’t say what every other Australian says and that is that plastic knives drive us crazy, I think we’re in desperate straits,” the minister told commercial radio on Monday.
Vanstone said she did not believe the security measures should be scrapped.
“What I have said is that putting a plastic knife on a plane doesn’t necessarily make you very much safer. Bear in mind there are other things that are on planes,” she said.
“People should not feel that because plastic knives are there, the world has dramatically changed—because there are still HB pencils.”
Plastic knives on airplanes drive me crazy too, and they don’t do anything to improve our security against terrorism. I know nothing about Vanstone and her policies, but she has this one right.
Australia's New Anti-Terrorism Legislation
There’s a new Australian anti-terrorism law in the works. It includes such things as:
- 14-day secret detention without arrest by security services
- Shoot-to-kill “on suspicion” powers for police
- Imprisonment and fines for revealing an individual has been the subject of an investigation
This draft legislation was not supposed to be public yet, but the Chief Minister of the ACT revealed it on his website last week in defiance of a federal government request not to do so.
Prince Andrew Screened At Melbourne Airport
We are all more secure because everyone goes through airport screening, and there’s no automatic white list.
The Keys to the Sydney Subway
Global secrets are generally considered poor security. The problems are twofold. One, you cannot apply any granularity to the security system; someone either knows the secret or does not. And two, global secrets are brittle. They fail badly; if the secret gets out, then the bad guys have a pretty powerful secret.
This is the situation right now in Sydney, where someone stole the master key that gives access to every train in the metropolitan area, and also starts them.
Unfortunately, this isn’t a thief who got lucky. It happened twice, and it’s possible that the keys were the target:
The keys, each of which could start every train, were taken in separate robberies within hours of each other from the North Shore Line although police believed the thefts were unrelated, a RailCorp spokeswoman said.
The first incident occurred at Gordon station when the driver of an empty train was robbed of the keys by two balaclava-clad men shortly after midnight on Sunday morning.
The second theft took place at Waverton Station on Sunday night when a driver was robbed of a bag, which contained the keys, she said.
So, what can someone do with the master key to the Sydney subway? It’s more likely a criminal than a terrorist, but even so it’s definitely a serious issue:
A spokesman for RailCorp told the paper it was taking the matter “very seriously,” but would not change the locks on its trains.
Instead, as of Sunday night, it had increased security around its sidings, with more patrols by private security guards and transit officers.
The spokesman said a “range of security measures” meant a train could not be stolen, even with the keys.
I don’t know if RailCorp should change the locks. I don’t know the risk: whether that “range of security measures” only protects against train theft—an unlikely scenario, if you ask me—or other potential scenarios as well. And I don’t know how expensive it would be to change the locks.
Another problem with global secrets is that it’s expensive to recover from a security failure.
And this certainly isn’t the first time a master key fell into the wrong hands:
Mr Graham said there was no point changing any of the metropolitan railway key locks.
“We could change locks once a week but I don’t think it reduces in any way the security threat as such because there are 2000 of these particular keys on issue to operational staff across the network and that is always going to be, I think, an issue.”
A final problem with global secrets is that it’s simply too easy to lose control of them.
Moral: Don’t rely on global secrets.
The MD5 Defense
A team of Chinese maths enthusiasts have thrown NSW’s speed cameras system into disarray by cracking the technology used to store data about errant motorists.
The NRMA has called for a full audit of the way the state’s 110 enforcement cameras are used after a motorist escaped a conviction by claiming that data was vulnerable to hackers.
A Sydney magistrate, Laurence Lawson, threw out the case because the Roads and Traffic Authority failed to find an expert to testify that its speed camera images were secure.
The motorist’s defence lawyer, Denis Mirabilis, argued successfully that an algorithm known as MD5, which is used to store the time, date, place, numberplate and speed of cars caught on camera, was a discredited piece of technology.
It’s true that MD5 is broken. On the other hand, it’s almost certainly true that the speed cameras were correct. If there’s any lesson here, it’s that theoretical security is important in legal proceedings.
I think that’s a good thing.
White Powder Anthrax Hoaxes
Earlier this month, there was an anthrax scare at the Indonesian embassy in Australia. Someone sent them some white powder in an envelope, which was scary enough. Then it tested positive for bacillus. The building was decontaminated, and the staff was quarantined for twelve hours. By then, tests came back negative for anthrax.
A lot of thought went into this false alarm. The attackers obviously knew that their white powder would be quickly tested for the presence of a bacterium of the bacillus family (of which anthrax is a member), but that the bacillus would have to be cultured for a couple of days before a more exact identification could be made. So even without any anthrax, they managed to cause two days of terror.
At a guess, this incident had something to do with Schapelle Corby (yet another security related story). Corby was arrested in Bali for smuggling drugs into the country. Her defense, widely believed in Australia, was that she was an unwitting dupe of the real drug smugglers. Supposedly, the smugglers work as airport baggage handlers and slip packages into checked baggage and remove them at the far end before reclaim. In any case, Bali has very strict drug laws and Corby was recently convicted in what Australians consider a miscarriage of justice. There have been news reports saying that there is no connection, but it just seems too obvious.
In an interesting side note, the media have revealed for the first time that 360 “white powder” incidents have taken place since 11 September 2001. This news had been suppressed by the government, which had issued D notices to the media for all such incidents. So there has been one such incident approximately every four days—an astonishing number, given Australia’s otherwise low crime rate.
Melbourne Water-Supply Security Risk
Here’s a scary hacking target: the remote-control system for Melbourne’s water supply. According to TheAge:
Remote access to the Brooklyn pumping station and the rest of the infrastructure means the entire network can be controlled from any of seven main Melbourne Water sites, or by key staff such as Mr Woodland from home via a secure internet connection using Citrix’s Metaframe or a standard web browser.
SCADA systems are hard to hack, but SSL connections—at least, that’s what I presume they mean by “secure internet connection”—are much easier.
(Seen on Benambra.)
Bank Mandates Insecure Browser
The Australian bank Suncorp has just updated its terms and conditions for Internet banking. They have a maximum withdrawal limit, hint about a physical access token, and require customers to use the most vulnerability-laden browser:
“suitable software” means Internet Explorer 5.5 Service Pack 2 or above or Netscape Navigator 6.1 or above running on Windows 98/ME/NT/2000/XP with anti-virus software or other software approved by us.
Sidebar photo of Bruce Schneier by Joe MacInnis.