Camps-Math-2004 [Slide #17]

AMSTERDAM, Netherlands (AP)--A group of scientists claimed Friday to have broken an international security code used to protect millions of daily Internet transactions, exposing a potentially serious security failure in electronic commerce.

Researchers working for the National Research Institute for Mathematics and Computer Science (CWI) in Amsterdam said consumers and some businesses could fall victim to computer hackers if they get their hands on the right tools.

However, not every computer whiz has access to the equipment, worth several million dollars, and no related Internet crimes have yet been uncovered, the experts said.

The scientists used a Cray 900-16 supercomputer, 300 personal computers and specially designed number-crunching software to break the so-called RSA-155 code - the backbone of encryption codes designed to protect e-mail messages and credit-card transactions.

"Your everyday hacker won't be able to do this," said project director Herman te Reile. "You have to have extensive capacity, the mon- ey, and the know-how, but we did it."

Te Reile said his international team of researchers, assisted by companies Microsoft Corp. (MSFT) and Sun Microsystems Inc. (SUNW) and professionals from Britain, Canada and Australia, took six weeks to crack the security system.

The codes are used to protect information transmitted over the Internet - such as credit card numbers, stock transactions or private e- mail messages. The ability to decipher the electronic data increases as the length and frequency of the data transmission increases, Te Reile said.

RSA codes - and frequently the same RSA-155 version the Amsterdam group managed to decipher - protect "many billions of dollars" worth of daily transactions at banks, stock exchanges and on-line retailers, the CWI said.

Although many banks use the RSA code, no criminal attempts to unscramble the code have been reported, it said. "But a hacker isn't going to tell us if he's successfully broken the code," Te Reile added.

The group said it cracked lower-level security codes used worldwide. But higher-level security codes used by some Web browsers in the United States and Canada will face the same fate because they are based on similar systems, the institute predicts.

RSA codes were designed in the mid-1970s by a team at the Massachusetts Institute of Technology and are an international standard. Information of high-level confidentiality - such as that used by governments, national security agencies or corporations - is protected with more intricate coding.

Although the discovery announced Friday was bound to spark concern at some companies, business consultant company PriceWaterhouseCoopers said the code is safe enough for the applications for which it's used.

"It can be cracked, but to say it is completely unsafe goes too far," said Eric Verheul, a cryptography consultant. "In your average con- sumer-to-business transaction, the risk is low and the security is sufficient for most applications. When business-to-business transactions are cracked, that's when you get real problems."


	Scientist Claim To Crack RSA-155 Internet Security Code AMSTERDAM, Netherlands (AP)--A group of scientists claimed Friday to have broken an international security code used to protect millions of daily Internet transactions, exposing a potentially serious security failure in electronic commerce. Researchers working for the National Research Institute for Mathematics and Computer Science (CWI) in Amsterdam said consumers and some businesses could fall victim to computer hackers if they get their hands on the right tools. However, not every computer whiz has access to the equipment, worth several million dollars, and no related Internet crimes have yet been uncovered, the experts said. The scientists used a Cray 900-16 supercomputer, 300 personal computers and specially designed number-crunching software to break the so-called RSA-155 code - the backbone of encryption codes designed to protect e-mail messages and credit-card transactions. "Your everyday hacker won't be able to do this," said project director Herman te Reile. "You have to have extensive capacity, the mon- ey, and the know-how, but we did it." Te Reile said his international team of researchers, assisted by companies Microsoft Corp. (MSFT) and Sun Microsystems Inc. (SUNW) and professionals from Britain, Canada and Australia, took six weeks to crack the security system. The codes are used to protect information transmitted over the Internet - such as credit card numbers, stock transactions or private e- mail messages. The ability to decipher the electronic data increases as the length and frequency of the data transmission increases, Te Reile said. RSA codes - and frequently the same RSA-155 version the Amsterdam group managed to decipher - protect "many billions of dollars" worth of daily transactions at banks, stock exchanges and on-line retailers, the CWI said. Although many banks use the RSA code, no criminal attempts to unscramble the code have been reported, it said. "But a hacker isn't going to tell us if he's successfully broken the code," Te Reile added. The group said it cracked lower-level security codes used worldwide. But higher-level security codes used by some Web browsers in the United States and Canada will face the same fate because they are based on similar systems, the institute predicts. RSA codes were designed in the mid-1970s by a team at the Massachusetts Institute of Technology and are an international standard. Information of high-level confidentiality - such as that used by governments, national security agencies or corporations - is protected with more intricate coding. Although the discovery announced Friday was bound to spark concern at some companies, business consultant company PriceWaterhouseCoopers said the code is safe enough for the applications for which it's used. "It can be cracked, but to say it is completely unsafe goes too far," said Eric Verheul, a cryptography consultant. "In your average con- sumer-to-business transaction, the risk is low and the security is sufficient for most applications. When business-to-business transactions are cracked, that's when you get real problems." DOW JONES NEWS 08-27-99