FW: NIPC Daily Report 29 June 01

From: George Heuston (georgeh@private)
Date: Fri Jun 29 2001 - 09:48:38 PDT


-----Original Message-----
From: NIPC Watch [mailto:nipc.watch@private] 
Sent: Friday, June 29, 2001 9:03 AM
To: daily
Subject: NIPC Daily Report 29 June 01

Private Sector - A national survey in the U.S., conducted in early June
by Camelot and eWeek magazine, has concluded that the vast majority of
IT security crimes are committed by authorized personnel.  It also found
that layoffs, mergers and acquisitions increase the chances of an IT
security breach.  Camelot says that the results highlight the fact that
companies are placing greater emphasis on IT security issues by
increasing internal IT network security budgets within the last year.
Of the respondents, 57 percent cited users are accessing resources they
shouldn't be entitled to as a cause of network security breaches.  In
addition, 43 percent of respondents indicated security breaches were
caused by user accounts being left open after an employee has left the
company.  Nearly half of the companies surveyed are increasing the
budget for network security software and hardware, while one in three
companies has an annual budget specifically allocated to maintain and/or
upgrade a network security system.  Of those companies, 40 percent have
an annual budget of at least $100,000 for network security systems.
(Source: InfoSec News, 28 June)

An Internet worm that automatically defaces Web sites claimed another
high-profile victim today, redecorating the home page of a site operated
by Lycos' Quote.com investment service.

The Sadmind/IIS worm replaced the home page of Quote.com's Virtual
Advisor Portfolio Tracker site with its trademark anti-American message
in red letters on a black background.  The defacement was still viewable
this morning.  The free Virtual Advisor service, located at
http://vaweb.quote.com , enables investors to track their investments
online but does not allow trading of securities or other financial
instruments.  A Lycos spokesperson said that the company is
investigating the security breach and had no immediate comment. (Source:
Newsbytes, 28 June) (NIPC Comment: The NIPC's Malicious Code Team will
continue to monitor this worm and will advise of changes as warranted.)

Flaws in Cisco Systems software for routers, switches and firewalls
could give attackers complete control over the widely used equipment
that supports the bulk of the Internet's backbone.   On 27 June, the San
Jose, California-based company posted advisories on the vulnerabilities,
which affect any device running Cisco Internet Operating System (IOS)
software version 11.3 and later, as well as Cisco software supporting
Secure Shell protocol (SSH), including firewalls.  Security Focus
incident analyst Ryan Russell said most systems are not vulnerable to
attack because network and firewall administrators are not using the
flawed SSH capabilities.  According to an advisory from the CERT
Coordination Center, equipment affected by the software flaws includes
Cisco IOS systems using local authentication databases with the HTTP
server enabled.  (Source: News Factor, 28 June)

Government  - On 27 June, the Commerce Department has formally approved
the new standard for the minimum level of cryptography in federal
security products, replacing a standard that had been in effect for
seven years.  This approval will require security products that are used
by agencies for sensitive, unclassified information must be certified
under the National Institute of Standards and Technology's (NIST)
Federal Information Processing Standard (FIPS) 140-2, Security
Requirements for Cryptographic Modules.  The new FIPS 140-2 standard,
replacing FIPS 140-1, goes into effect 25 Nov. and covers four
increasing levels of security, to encompass a range of applications.
NIST maintains a list of vendors and modules with FIPS 140-1 and 140-2
validation on its Web site.  (Source: Federal Computer Week, 28 June)

The flurry of cybercrime-related bills, over three dozen, is enough to
make anyone think federal lawmakers are making combating Internet abuses
and protecting Web surfers a top priority.  However, pundits say the
steady stream of digital legislation is more political than a concerted
effort to tame the Wild-Wild Web, and that the bulk of the bills deal
more with issues like online pornography and libel than protecting
information infrastructures.   However, a growing concern in the private
sector is that new cybercrime and security laws will come with specific
technology requirements.  Other proposed federal bills would simply
duplicate existing state cybercrime statutes.  Federal statutes that
supercede states' laws are a high priority for some industry groups,
which believe broad national statutes are better than a patchwork of 50
different standards.  Observers say they expect most Capitol Hill
cybercrime debates will continue to deal with privacy concerns.
Likewise, the business sector will continue to oppose any laws or
regulations that will cost them money, such as laws requiring the
archiving of huge amounts of data for forensics purposes.  (Source:
Security Wire Digest, 28 June)

Defacements - According to the Web defacement mirror site Alladas.de,
the following U.S. government and military sites were defaced on 29 June
by the hacker indicated:

 abBioCAT Facilities at the advanced Photon Source located at the
Argonne National Lab web site, (www.bio.aps.anl.gov), defaced by
BluePanda

 abUS. Navy A21 Acquisition Related Business Systems site,
(www.peoarbs.navy.mil)
 defaced by: tty0

Military - NTR

International - In South Korea, computer-related crimes among youth are
increasing steadily, according to a police report released on 28 June.
Conducted by the Cyber Crime Investigation Division of the Gyeonggi
police, the survey found 636 reported cases of cyber crime in the
Gyeonggi region this year, almost a three-fold increase from 222 last
year.  "The rise in youth crimes shown by the survey reflects the larger
issue of the upward trend in cyber crimes," said Kim Gi-Cheon, a police
sergeant of the Cyber Terror Response Center.  As to the type of
offenses, 449 involved forging of electronic documents or other general
crimes.  The remaining 187 involved hacking or cyber terrorism.  The
general crimes included 247 offenses of illegally using the Internet and
game sites, 43 libel cases, 39 cases of personal information
infringement, 35 cases of distributing lewd material or promoting
suicide sites, 21 cases of pirating pornographic material and programs,
and two cases of sexual assault.  The types of cyber terror offenses
included 114 cases of misappropriation of other people's information, 30
cases of illegally circulating personal and official information, 11
cases of spam mail and five cases of spreading computer viruses.
(Source: Seoul The Korea Herald, 29 June)

U.S. SECTOR INFORMATION:

Banking and Finance - NTR
Emergency Services - NTR
Government Services - NTR
Water Supply - NTR
Gas and Oil Storage Distribution - NTR
Electrical Power - NTR
Transportation - NTR
Telecommunications - NTR

NOTE: Please understand that this is for informational purposes only and
does not constitute any verification of the information contained in the
report nor does this constitute endorsement by the NIPC or the FBI.



This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:23:47 PDT