Last summer, Japan's Fuji Bank learned a hard lesson about the perils of computer viruses. It happened like this:
Looking to mobilize support for a proposed merger with two other Japanese banks, Fuji's public relations department fired off an email touting the deal to prospective investors around the world. Imagine the recipients' surprise, then, when they opened the pitch to read "You are a big stupid jerk" flashing on their computer screen. Now imagine their consternation upon discovering that opening Fuji's message also caused names in their email address book to change to "Mr. Diet Mountain Dew."
Bad enough to be called a stupid jerk, but what about us cola drinkers?
The story would be merely an amusing footnote to banking lore if it weren't for one thing-Fuji's misadventures were a harbinger of much worse things to come. And the culprit, apart from one bank's carelessness, is the very global electronic interconnectivity that communications theorist Marshall McLuhan prophesied 40 years ago and that is currently rocking the financial services industry.
In May, as everyone now knows, a virus offering declarations of love emerged from the electronic wilds-and laid waste to computers the world over. According to Computer Economics, a California research firm, the financial losses from the "I Love You" bug and its many mutations range as high as $10 billion, mostly from lost productivity. In a matter of hours, the contagion had afflicted some 50 million computers around the globe, including the majority of federal agencies in the United States, and 70% and 80% of companies, respectively, in Germany and Sweden.
In a survey conducted less than a week after the incident by U.S. market researcher Angus Reid Group and security software vendor Symantec, 26% of American workers with Internet access reported that their companies were infected by the virus. Of that group, roughly half said their employers' computer systems were damaged.
Although some security experts dispute the scale of the losses, they're clearly not chicken feed, especially on the heels of the estimated $12 billion in costs stemming from the "Melissa" and "Explorer.Zip" bugs that struck last year. The Bank Industry Technology Secretariat estimates that productivity, liability and related losses due to electronic fraud or system failure can range from $300 million to a staggering $1.5 billion per company.
Welcome to the global village, Mr. McLuhan.
Financial services firms fared better than most other companies in warding off
"I Love You." Could that possibly mean finance professionals feel sufficiently adored in their offline lives that they don't need to seek romance via email? No offense, anyone, but I doubt it. More likely it suggests the vigilance with which banks, brokerages and insurers approach information security.
Take the Financial Services Information Sharing and Analysis Center, which is a model for collective industry action against computer crime. Organized last fall at the behest of the U.S. Treasury Department and run by Global Integrity, a Reston, VA, security services provider, FS-ISAC is a private consortium of prominent financial companies that share intelligence about computer security threats. The concern's board includes executives from Bank of America, Citigroup, Depository Trust & Clearing Corp., J.P. Morgan and Wells Fargo, among others.
FS-ISAC acknowledges that merely participating in the group won't kill a virus, but it does "give members an alert or early warning notice and offers known patches or solution recommendations," a spokes-person says.
Such early warning is essential because more virtual vermin and so-called denial-of-service attacks, which crippled major Web sites in February, are incubating at this very moment. And they're mean.
In late May, a new variation on "Melissa" dubbed "Killer Resume" began making the rounds, reportedly infecting a number of corporate email systems. The bug, which like previous viruses afflicts computers equipped with Microsoft Outlook, deletes files on hard drives, network drives, zip drives and floppy disks.
Meanwhile, FS-ISAC on May 25 published a notice on its Web site (www.fsisac.com) reporting a virus that arrives as an attachment with the subject header "You've GOT Mail." If opened, the attachment erases a computer's hard drive and also mails itself to addressees in a user's Outlook address book.
Even more insidious is a Love Bug clone that surfaced in May titled "Virus Alert!!!" Disguised as a software patch from Symantec, the email addresses recipients as "Dear Symantec Customer" and even appears to offer details on the virus and possible fixes. Opening the attachment, however, effectively renders a computer useless by overwriting its core system files.
The deluge of viruses is alarming not only because of the proliferation of networked computers and ecommerce, but also because many organizations are so unprepared to deal with hackers' handiwork. In a recent survey done in conjunction with the FBI, the Computer Security Institute found that 85% of U.S. corporations have detected system viruses. Ecommerce-related problems include Web site vandalism (64%); denial of service (60%); theft of transaction information (8%); and financial fraud (3%).
Like the song says: Love stinks.
