Coding barrier lets hackers browse

THE ABILITY of companies to protect themselves against hackers who prowl the Internet computer network is being hampered by government regulations that bar the introduction of new security-coding, or encrypting, software.

In the United States, companies such as AT&T, Citibank and Lehman Brothers and governmental organisations such as the National Aeronautics and Space Administration have been moving quickly to install a 'user authentification' package called Cygnus Network Security (CNS).

But Internet users in the UK have been denied this opportunity by both the British and US governments. John Leach, an IT expert at Zergo, the computer security firm, says that the US regards encrypting software as unexportable military equipment while the British government views such software as 'a worrying means of avoiding government surveillance'.

Alarm bells rang last month when it was revealed that thousands of passwords had been stolen from Internet, a web that links some three million home and business computers round the world. Rob Whitcher, an expert in computer security at IBM in the UK, said that the Computer Emergency Response Team (CERT), the US agency responsible for Internet security, was warning that companies whose internal networks were linked to Internet could be powerless to prevent access by an outsider with the password.

CNS was developed by Cygnus Support, a Californian computer company, to prevent such security breaches. It hides users' passwords in encrypted messages, making hacking virtually impossible.

CNS is based on another security package, Kerberos, developed by the Massachusetts Institute of Technology, but is more popular commercially because it is easier to install and use. CNS uses a third party, known as the 'authorisation server', to verify the identity of any user who tries to gain access to external computers. It does this by issuing temporary encrypted tickets that the user then sends over the Internet system to the client computer. The client computer in turn asks the key distribution centre to authenticate identity.

'The response has been amazing,' said Simon Elphick, a sales manager at Cygnus Support. 'We have been swamped with calls from businesses, universities and government institutions concerned that their internal security is at risk.'

However, the US departments of commerce and defence, citing prohibitions in the Munitions Act, will not allow the export of such encrypting devices. 'Just as one can't sell weapons abroad, so one can't export encryption machines,' Mr Leach explained.

'Everyone, bar the government, thinks the law is wrong,' observed David Henkel-Wallace, co-founder of Cygnus Support. 'Our encoder is clearly not a munition. It should be available internationally, through Internet.'

MIT tried to overcome the problem by developing an exportable version of Kerberos called 'Bones', which has no encrypter. But without encryption, thieves can still find the password. Adding encryption to Bones after export is complicated, as the programme does not have the necessary 'hooks' - special gaps in the programming where one is prompted to insert the encrypting commands.

Mr Elphick said that it was possible that both CNS and Kerberos were being exported illegally. CNS is hidden on the Internet in a private directory that changes its name every day. Users can gain access to the file name only if they fax a request to Cygnus from within the US. 'Of course, there is nothing to stop these companies passing on the directory name to sister companies abroad, but at least we won't be liable,' Mr Elphick said.

It is even easier to export Kerberos illegally. To find its hidden directory, one has first to read its Read Me file, which explicitly states that firms cannot use Kerberos outside the US. However, no proof of US residence is then needed to enter the file.

(Photograph omitted)

Start your day with The Independent, sign up for daily news emails
ebooksA special investigation by Andy McSmith
  • Get to the point
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating

By clicking 'Search' you
are agreeing to our
Terms of Use.

iJobs Job Widget
iJobs Money & Business

Ashdown Group: Treasury Assistant - Accounts Assistant - London, Old Street

£24000 - £26000 per annum + benefits : Ashdown Group: A highly successful, glo...

Ashdown Group: Business Analyst - Financial Services - City, London

£50000 - £55000 per annum: Ashdown Group: Business Analyst - Financial Service...

SThree: Trainee Recruitment Consultant

£18000 - £23000 per annum + OTE £45K: SThree: At SThree, we like to be differe...

SThree: Trainee Recruitment Consultant

£20000 - £25000 per annum + competitive: SThree: Did you know? SThree is the o...

Day In a Page

General Election 2015: Chuka Umunna on the benefits of immigration, humility – and his leader Ed Miliband

Chuka Umunna: A virus of racism runs through Ukip

The shadow business secretary on the benefits of immigration, humility – and his leader Ed Miliband
Yemen crisis: This exotic war will soon become Europe's problem

Yemen's exotic war will soon affect Europe

Terrorism and boatloads of desperate migrants will be the outcome of the Saudi air campaign, says Patrick Cockburn
Marginal Streets project aims to document voters in the run-up to the General Election

Marginal Streets project documents voters

Independent photographers Joseph Fox and Orlando Gili are uploading two portraits of constituents to their website for each day of the campaign
Game of Thrones: Visit the real-life kingdom of Westeros to see where violent history ends and telly tourism begins

The real-life kingdom of Westeros

Is there something a little uncomfortable about Game of Thrones shooting in Northern Ireland?
How to survive a social-media mauling, by the tough women of Twitter

How to survive a Twitter mauling

Mary Beard, Caroline Criado-Perez, Louise Mensch, Bunny La Roche and Courtney Barrasford reveal how to trounce the trolls
Gallipoli centenary: At dawn, the young remember the young who perished in one of the First World War's bloodiest battles

At dawn, the young remember the young

A century ago, soldiers of the Empire – many no more than boys – spilt on to Gallipoli’s beaches. On this 100th Anzac Day, there are personal, poetic tributes to their sacrifice
Dissent is slowly building against the billions spent on presidential campaigns – even among politicians themselves

Follow the money as never before

Dissent is slowly building against the billions spent on presidential campaigns – even among politicians themselves, reports Rupert Cornwell
Samuel West interview: The actor and director on austerity, unionisation, and not mentioning his famous parents

Samuel West interview

The actor and director on austerity, unionisation, and not mentioning his famous parents
General Election 2015: Imagine if the leading political parties were fashion labels

Imagine if the leading political parties were fashion labels

Fashion editor, Alexander Fury, on what the leaders' appearances tell us about them
Phumzile Mlambo-Ngcuka: Home can be the unsafest place for women

Phumzile Mlambo-Ngcuka: Home can be the unsafest place for women

The architect of the HeForShe movement and head of UN Women on the world's failure to combat domestic violence
Public relations as 'art'? Surely not

Confessions of a former PR man

The 'art' of public relations is being celebrated by the V&A museum, triggering some happy memories for DJ Taylor
Bill Granger recipes: Our chef succumbs to his sugar cravings with super-luxurious sweet treats

Bill Granger's luxurious sweet treats

Our chef loves to stop for 30 minutes to catch up on the day's gossip, while nibbling on something sweet
London Marathon 2015: Paula Radcliffe and the mother of all goodbyes

The mother of all goodbyes

Paula Radcliffe's farewell to the London Marathon will be a family affair
Everton vs Manchester United: Steven Naismith demands 'better' if Toffees are to upset the odds against United

Steven Naismith: 'We know we must do better'

The Everton forward explains the reasons behind club's decline this season
Arsenal vs Chelsea: Praise to Arsene Wenger for having the courage of his convictions

Michael Calvin's Last Word

Praise to Wenger for having the courage of his convictions