[ISN] A Big LOL for FBI Alert

From: InfoSec News (isnat_private)
Date: Thu Aug 08 2002 - 01:08:38 PDT

  • Next message: InfoSec News: "[ISN] HP Exploit Suit Threat Has Holes"

    By Michelle Delio 
    10:05 a.m. Aug. 7, 2002 PDT 
    In a Chicken Little-like incident that flew under virtually every
    computer security experts' radar, the FBI's National Infrastructure
    Protection Center bravely predicted and monitored a ferocious
    cyberattack Tuesday morning on U.S. computer systems, launched by an
    army of European enemy hackers.
    Never mind that no independent Internet traffic monitoring service or
    security expert had even noticed that any sort of cyberattack had
    The FBI's National Infrastructure Protection Center warned of the
    impending widescale hacker attacks in an alert issued on Monday. Then,
    on Tuesday, according to wire reports, Richard Clarke -- the Bush
    administration's top official for cyber-security -- said, "There was a
    real spike in Internet traffic at odd hours. It was clearly unusual
    because it was five-times and seven-times normal, but it didn't take
    anything down."
    Perhaps there may have been a brief rise in Internet traffic early
    Tuesday morning -- but it was a mere blip on the screen if anything,
    security experts said. But the general consensus is that Monday's
    alert was a self-created crisis caused by an over-reactive,
    publicity-seeking government agency, sparked by the idle online
    conversations of a band of young and aspiring "hackers" who had
    threatened to attack U.S. sites in retaliation for the Aug. 1 arrest
    of 14 Italian hackers in Milan.
    "It is bizarre," ventured Vern Paxton, senior scientist with the
    International Computer Science Institute in Berkeley, California. "And
    if there were political cyberattacks, then they appear miserably
    unsuccessful. What sort of politically motivated attacker targets East
    Coast sites at 2 a.m., EDT?"
    The "enemy" combatants appear to be a half-dozen, evidently clueless
    Italian youngsters who couldn't even sort out the time difference
    between Italy and the East Coast of the United States.
    Last week, Italian police arrested 14 local hackers, acting on tips
    received from American officials. The Italian hackers are charged with
    attacking U.S. government sites, including those belonging to the Army
    and NASA.
    And some published news reports indicated that the NIPC's hack attack
    alert on Monday was based on information provided by Italian
    Italian computer security experts said that they had noticed "vague
    threats" about retaliatory hacks, but dismissed them since the threats
    appeared to be originating from youngsters.
    "There was some talk on Italian Internet chat channels about DOSing
    and defacing American websites last week in response to the Milano
    arrests," Augustine DelFalco, a security consultant based in Rome,
    said. "But to me it was apparent that the conversations were being
    conducted by young teenagers. It's odd that such nonsense should
    concern your government."
    "At one point, the kids said they would attack at 9 in the morning,
    when the American business was just getting started," DelFalco added.  
    "Young children who perhaps didn't know of the time difference?"
    George Smith, editor of virus and computer security information site
    vMyths, wondered whether the "spike" in Internet activity that Richard
    Clarke alluded to occurred before or after the NIPC issued its
    The Associated Press story, Smith said, gives the impression that the
    alleged attack occurred a few hours after the NIPC posted its alert.
    "Knowing the average cyber-ankle-biter, people known to stay up at odd
    hours, it's not at all unreasonable to entertain the idea that the
    NIPC alert might have precipitated some nincompoops who had nothing
    better to do with their time except create a statistical blip in
    someone's Internet monitoring service," Smith said.
    But neither Smith nor his colleagues in the security community saw
    anything unusual yesterday, and no one seemed surprised that the
    NIPC's alert apparently fizzled.
    "The NIPC and Richard Clarke do have an excellent track record of
    warning about cyberattacks and cyber-badness that is often only
    visible to them," Smith said.
    Such warnings of invisible menaces include the NIPC's 1999 alert
    warning that every nation whose name began with the letter "I" would
    target American computer systems on Jan. 1, 2000.
    That warning was followed by another prediction of worldwide hack
    attacks on Jan. 1, 2001, and the impending fall of the Internet due to
    the Code Red worm last summer.
    Since the NIPC doesn't have a sterling reputation among many security
    experts, more time and energy was devoted to attempts to figure out
    what might have induced them to issue their latest alert rather than
    hardening websites and systems.
    Some believe that the latest NIPC warning may have been a rather
    desperate move made in the hopes of gaining publicity and proving the
    agency's value.
    According to Rob Rosenberger, also of vMyths, it appears the CERT
    Coordination Center, a federally funded research lab focused on
    computer security, has decided to sever what Rosenberger described as
    its "co-dependent relationship" with the NIPC.
    Rosenberger mentioned this rumor at his keynote speech Tuesday at
    CERT's annual computer security conference.
    "NIPC believes they need CERT's technical prowess if they want to
    survive politically. I tend to agree," Rosenberger said. "But if CERT
    doesn't want to continue the relationship, I imagine they'll suffer
    the classic symptoms of a co-dependent breakup. I can imagine NIPC
    wailing how the relationship must continue in order to save the world
    from future cyber-terrorism. 'Honey, I swear, just give me one more
    chance, I need you'...."
    "So who knows?" Rosenberger added. "The NIPC's latest PR move could be
    a manifestation of a co-dependent breakup in progress."
    Whatever motivated Monday's warning, security experts believe that the
    NIPC shouldn't issue public alerts about issues that concern Web and
    systems administrators.
    "It seems to me that warnings of attacks against the Internet
    infrastructure and large websites don't really require a public
    announcement," said security researcher Richard Smith. "A private
    e-mail list for system administrators should be good enough."
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Aug 08 2002 - 03:46:40 PDT