Special Report: Year 2000 raises threat of system attacks

Special Report: Year 2000 raises threat of system attacks

As the date change nears, organizations should redouble security efforts, experts advise

As By Christopher J. Dorobek

GCN Staff

Although security is being touted as the big post-1999 issue, systems security experts are urging agencies to re-examine security practices before Dec. 31.

Hackers may use the year 2000 date change to mask attacks or unleash viruses, computer security experts warned during a forum this month in Washington.

During the rollover, it may be difficult to distinguish year 2000 problems from normal computer problems and malicious activities, said Stephen R. Malphrus, staff director of the Federal Reserve Board.

Added Steve Katz, chief information security officer at Citigroup Inc. of New York, 'The issues we face with Y2K are the issues we've faced since computers first went live.' Attacks on systems have increased, he said. 'It's not Y2K. It's fundamental security issues.'

As the date change nears, organizations should redouble their security efforts, Katz said.

'If you haven't done them, you still have time to do it now,' he said.

World is watching

The year 2000 rollover will be a carefully monitored period, said Bill Murray, an information systems security consultant for Deloitte & Touche of New Canaan, Conn. 'If everybody is walking around looking up, it's highly unlikely that you will see an acorn,' he said.

The challenge will be determining whether something is a year 2000 problem or evidence of something more sinister, said Phil Lacombe, senior vice president of policy and communication at Veridian Inc. of Oakton, Va.

Then there are viruses that use certain dates as triggers, said Bernard May, senior project manager for enterprise solutions atSymantec Corp. of Cupertino, Calif.

'Expect there will be a few year 2000 viruses that will re-trigger as a result of Y2K,' May said.

The 2001fix virus, for example, comes as an executable file suggesting that the program must be run to make the system year 2000-ready.

But when the user runs the file, it sends a Trojan horse virus to other users and begins deleting the hard drive.

A more insidious problem is the possibility that people who supposedly were fixing systems instead inserted malicious code or accidentally created security holes.

Experts, however, also warned that unfounded fears could get out of hand. Katz recounted, for instance, having read that people were concerned whether London's Big Ben, which is mechanical, was year 2000-ready.

'That's how ridiculous this has become,' he said.

inside gcn

  • artificial intelligence (ktsdesign/Shutterstock.com)

    Machine learning with limited data

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group