[ISN] Virus hits Navy Marine Corps Intranet

From: InfoSec News (isnat_private)
Date: Wed Aug 20 2003 - 02:20:48 PDT

  • Next message: InfoSec News: "Re: [ISN] Patching Becoming a Major Resource Drain for Companies"

    Forwarded from: William Knowles <wkat_private>
    By Matthew French 
    Aug. 19, 2003
    The lead contractor for the Navy Marine Corps Intranet blames a new
    worm for NMCI's connection problems today.
    NMCI users have been experiencing "intermittent problems" in
    connecting to outside networks, said a spokesman for tech services
    firm EDS, the lead vendor for the program. The network did not fully
    crash, and NMCI users still have access to their desktop applications.  
    NMCI personnel are trying to distribute a patch from security firm
    "We are currently experiencing connectivity issues enterprise wide to
    include e-mail, Web and shared drive access due to a virus," states a
    recording on a hotline for the NMCI Strike Force, which is made up of
    Navy and contractor personnel who handle network problems.
    A so-called "good Samaritan" worm roots through networks looking for
    the Blaster worm that debilitated so many networks last week. The new
    virus finds the Blaster, removes it and fixes it by automatically
    downloading the Microsoft patch, but does so at the expense of
    processing speed and bandwidth, EDS said. When the new worm got inside
    the NMCI network, it ate up huge amounts of bandwidth by sending out
    pings to locate instances of the Blaster worm, EDS spokesman Kevin
    Clarke said.
    Pushing the Symantec patch out to users who were already experiencing
    very limited bandwidth proved to be difficult, he said.
    NMCI is an enterprisewide network designed to connect everyone in the
    Navy and Marine Corps on a single, secure network. Since users started
    being moved to the system in 2001, almost 97,000 seats have been
    shifted from legacy systems.
    Until now, NMCI officials have always said that their network has
    never been successfully attacked by a virus. Last week, the Blaster
    worm affected some legacy systems, but no system moved to NMCI had
    been affected, a department spokesperson said at the time.
    EDS, the lead contractor on the $8.8 billion deal, could earn up to
    $10 million per year for information assurance if NMCI performs well
    in unannounced "information warfare" tests of its security and
    survivability. It is not known if an outside source's ability to bring
    the system down would affect this financial incentive. Symantec is one
    of several subcontracts who provide security devices, patches and
    software for the NMCI network. Symantec supplies 10 products for NMCI,
    including NetProwler, Norton AntiVirus, Raptor Firewall and Mail Gear.
    Consultant Robert Guerra of Guerra, Kiviat, Flyzik and Associates said
    he doubts the outage will have any lasting effects on either EDS or
    the NMCI program.
    "The history of the performance of the network is incredible," he
    said. "It's been up for a couple of years and this would mark the
    first time it's been down. The project has a responsible vendor, who's
    done a great job at deploying a very complex network, and a very good
    customer in the Navy."
    Guerra said he hopes people don't rush to any conclusions before the
    Navy can sort out what brought the network down.
    "We had a power outage last week across several states and the border
    with Canada, but no one is looking to shut down" Con Edison, he said.  
    "I hope this doesn't affect the program, because the Navy has decided
    this is the right way for the Navy to go."
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    Help C4I.org with a donation: http://www.c4i.org/contribute.html
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Aug 20 2003 - 20:15:09 PDT