[ISN] Tip from Mtn. View sparked online terror probe

From: InfoSec News (isnat_private)
Date: Fri Jun 28 2002 - 01:21:27 PDT

  • Next message: InfoSec News: "[ISN] WS-Security Spec Sent to OASIS"

    Forwarded from: William Knowles <wkat_private>
    By Sean Webby
    Mercury News
    June 27, 2002
    Laura Wigod, Mountain View's Web site coordinator, was thrilled when
    she first noticed the Middle Easterners visiting the city's site.
    ``Oh, wow! That is so neat that we have visitors from Saudi Arabia,''
    Wigod recalled thinking to herself as she looked over Web transaction
    report one Monday in August. Wigod was studying Farsi, the main
    language spoken in Iran, and was fascinated by the Mideast.
    It wasn't until October, after Sept. 11 and with the faraway hits on
    the site continuing -- from Saudi Arabia, Pakistan and the United Arab
    Emirates -- that she got a chilling thought: Why would someone in the
    Middle East be so intently researching how the Silicon Valley city's
    water system, utilities and police department worked?
    Her observations, which were soon shared with the FBI, were apparently
    the catalyst for an investigation that documented a much larger
    pattern throughout the country, now of great concern to the U.S.  
    A disturbing pattern
    ``We did get the impression from the FBI that no one else had yet
    identified this pattern,'' City Manager Kevin Duggan said. ``We are
    very happy we played a part in helping identify this issue for a
    broader array of public agencies that could in theory be potential
    Duggan reported that the FBI had identified at least 30 other
    municipalities with similar patterns.
    The FBI did not return phone calls late Wednesday. Mountain View
    police confirmed that their department referred the pattern to federal
    investigators and helped them investigate it.
    Wigod's reports showed that at least 50 times since August 2001,
    people in certain Middle Eastern countries had used the Google or
    Yahoo search engines to bring up the city's official Web site.
    Specifically, they had spent time looking at the site's links to
    Mountain View's engineering standards, its police and fire operations
    and its utilities.
    ``It was a little chilling,'' Wigod said. ``What made me nervous was
    what they were looking at. Why were they downloading the water
    Wigod then brought the information to her supervisor and the Mountain
    View Police Department.
    ``It seemed curious,'' Duggan said. ``We didn't want to leap to any
    conclusions about it. But when you see a pattern like that you can't
    be complacent.''
    Police take over
    Detective Chris Hsiung -- at the time the department's high-tech
    investigator -- took over the case, said police news officer Jim
    Bennett. After examining the traffic, Hsiung called the FBI's
    high-tech squad in the Bay Area and began working with them on the
    investigation. Hsiung, who is now a patrol supervisor, would not
    comment for this story.
    Meanwhile, the city continued to quietly watch the Web site. The hits
    kept coming.
    On Oct. 18, the city decided -- on the advice of the FBI -- to shut
    down the Web site. By the next Monday, after having stripped off a
    variety of information relating to the city's water supply and some
    public-safety operations, they put the site back up.
    Duggan cautioned that he had no reason to believe that Mountain View
    is, or was, a terror target.
    After she discovered the pattern, Wigod kept her secret to herself.  
    But she said she was quietly thrilled whenever she saw the president
    warning about cyberterror or an FBI warning about threats to the water
    ``I go, `Wooo, I'm thwarting terrorists!' ''
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Jun 28 2002 - 04:19:17 PDT