Coding barrier lets hackers browse

THE ABILITY of companies to protect themselves against hackers who prowl the Internet computer network is being hampered by government regulations that bar the introduction of new security-coding, or encrypting, software.

In the United States, companies such as AT&T, Citibank and Lehman Brothers and governmental organisations such as the National Aeronautics and Space Administration have been moving quickly to install a 'user authentification' package called Cygnus Network Security (CNS).

But Internet users in the UK have been denied this opportunity by both the British and US governments. John Leach, an IT expert at Zergo, the computer security firm, says that the US regards encrypting software as unexportable military equipment while the British government views such software as 'a worrying means of avoiding government surveillance'.

Alarm bells rang last month when it was revealed that thousands of passwords had been stolen from Internet, a web that links some three million home and business computers round the world. Rob Whitcher, an expert in computer security at IBM in the UK, said that the Computer Emergency Response Team (CERT), the US agency responsible for Internet security, was warning that companies whose internal networks were linked to Internet could be powerless to prevent access by an outsider with the password.

CNS was developed by Cygnus Support, a Californian computer company, to prevent such security breaches. It hides users' passwords in encrypted messages, making hacking virtually impossible.

CNS is based on another security package, Kerberos, developed by the Massachusetts Institute of Technology, but is more popular commercially because it is easier to install and use. CNS uses a third party, known as the 'authorisation server', to verify the identity of any user who tries to gain access to external computers. It does this by issuing temporary encrypted tickets that the user then sends over the Internet system to the client computer. The client computer in turn asks the key distribution centre to authenticate identity.

'The response has been amazing,' said Simon Elphick, a sales manager at Cygnus Support. 'We have been swamped with calls from businesses, universities and government institutions concerned that their internal security is at risk.'

However, the US departments of commerce and defence, citing prohibitions in the Munitions Act, will not allow the export of such encrypting devices. 'Just as one can't sell weapons abroad, so one can't export encryption machines,' Mr Leach explained.

'Everyone, bar the government, thinks the law is wrong,' observed David Henkel-Wallace, co-founder of Cygnus Support. 'Our encoder is clearly not a munition. It should be available internationally, through Internet.'

MIT tried to overcome the problem by developing an exportable version of Kerberos called 'Bones', which has no encrypter. But without encryption, thieves can still find the password. Adding encryption to Bones after export is complicated, as the programme does not have the necessary 'hooks' - special gaps in the programming where one is prompted to insert the encrypting commands.

Mr Elphick said that it was possible that both CNS and Kerberos were being exported illegally. CNS is hidden on the Internet in a private directory that changes its name every day. Users can gain access to the file name only if they fax a request to Cygnus from within the US. 'Of course, there is nothing to stop these companies passing on the directory name to sister companies abroad, but at least we won't be liable,' Mr Elphick said.

It is even easier to export Kerberos illegally. To find its hidden directory, one has first to read its Read Me file, which explicitly states that firms cannot use Kerberos outside the US. However, no proof of US residence is then needed to enter the file.

(Photograph omitted)

Start your day with The Independent, sign up for daily news emails
PROMOTED VIDEO
ebooks
ebooksA year of political gossip, levity and intrigue from the sharpest pen in Westminster
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

iJobs Job Widget
iJobs Money & Business

Ashdown Group: Market Research Executive

£23000 - £26000 per annum + Benefits: Ashdown Group: Market Research Executive...

Recruitment Genius: Technical Report Writer

£25000 - £35000 per annum: Recruitment Genius: A Technical Report Writer is re...

MBDA UK Ltd: Indirect Procurement Category Manager

Competitive salary & benefits!: MBDA UK Ltd: MBDA UK LTD Indirect Procurement...

Recruitment Genius: Web Developer - PHP

£16500 - £16640 per annum: Recruitment Genius: This fast growing Finance compa...

Day In a Page

Greece elections: In times like these, the EU has far more dangerous adversaries than Syriza

Greece elections

In times like these, the EU has far more dangerous adversaries than Syriza, says Patrick Cockburn
Holocaust Memorial Day: Nazi victims remembered as spectre of prejudice reappears

Holocaust Memorial Day

Nazi victims remembered as spectre of prejudice reappears over Europe
Fortitude and the Arctic attraction: Our fascination with the last great wilderness

Magnetic north

The Arctic has always exerted a pull, from Greek myth to new thriller Fortitude. Gerard Gilbert considers what's behind our fascination with the last great wilderness
Homeless Veterans appeal: Homeless in Wales can find inspiration from Daniel’s story

Homeless Veterans appeal

Homeless in Wales can find inspiration from Daniel’s story
Front National family feud? Marine Le Pen and her relatives clash over French far-right party's response to Paris terror attacks

Front National family feud?

Marine Le Pen and her relatives clash over French far-right party's response to Paris terror attacks
Pot of gold: tasting the world’s most expensive tea

Pot of gold

Tasting the world’s most expensive tea
10 best wildlife-watching experiences: From hen harriers to porpoises

From hen harriers to porpoises: 10 best wildlife-watching experiences

While many of Britain's birds have flown south for the winter, it's still a great time to get outside for a spot of twitching
Nick Easter: 'I don’t want just to hold tackle bags, I want to be out there'

'I don’t want just to hold tackle bags, I want to be out there'

Nick Easter targeting World Cup place after England recall
DSK, Dodo the Pimp, and the Carlton Hotel

The inside track on France's trial of the year

Dominique Strauss-Kahn, Dodo the Pimp, and the Carlton Hotel:
As provocative now as they ever were

Sarah Kane season

Why her plays are as provocative now as when they were written
Murder of Japanese hostage has grim echoes of a killing in Iraq 11 years ago

Murder of Japanese hostage has grim echoes of another killing

Japanese mood was against what was seen as irresponsible trips to a vicious war zone
Syria crisis: Celebrities call on David Cameron to take more refugees as one young mother tells of torture by Assad regime

Celebrities call on David Cameron to take more Syrian refugees

One young mother tells of torture by Assad regime
The enemy within: People who hear voices in their heads are being encouraged to talk back – with promising results

The enemy within

People who hear voices in their heads are being encouraged to talk back
'In Auschwitz you got used to anything'

'In Auschwitz you got used to anything'

Survivors of the Nazi concentration camp remember its horror, 70 years on
Autumn/winter menswear 2015: The uniforms that make up modern life come to the fore

Autumn/winter menswear 2015

The uniforms that make up modern life come to the fore