-----Original Message----- From: NIPC Watch Sent: 7/19/01 10:35 AM Subject: NIPC Daily Report, 19 July 2001 Significant Changes and Assessment - No Significant Changes. Private Sector - A phony Microsoft bulletin offers protection against one of the most prevalent and dangerous viruses on the Internet. However, while the bogus cure for the Magistr worm is nowhere near as bad as the disease, security experts are warning Internet users to beware of such Trojan horse prescriptions. Discovered last week and dubbed W32.Pet_Tick.G, the worm is distributed by e-mail with the subject line "New Virus Alert!!" according to a description by Symantec Corp. The body of the fraudulent message, which is made up to look as though it came from the Microsoft Corp., claims that an attached executable file, mvsa.exe, will "detect, repair, and protect" against Magistr. If a recipient of the e-mail launches the attachment, a message box will pop-up, erroneously announcing "Your system does not appear infected with I.Worm.Magistr." Unlike many e-mailing worms, it propagates not by using the Microsoft Outlook address book but instead searches for "mailto" tags in any Web pages cached in the victim's Internet Explorer history folder. (Source: InfoSec News, 18 July) On 18 July, an Internet security coalition released its first set of minimum OS security standards in an effort to encourage vendors to ship systems that are more secure out-of-the-box. "Vendors currently ship their systems with security entirely disabled, and it's like taking delivery of a house that has no doors or windows installed and everything is open," says Clint Kreitner, president and CEO of the Center for Internet Security (CIS), which drafted the standards. "It's quite remarkable that the vendors have been able to get away with this practice." Kreitner hopes that consumers will pressure vendors into complying with the CIS recommendations. The settings can be automatically implemented and monitored with little or no security knowledge, and are unlikely to interfere with operation of other applications. (Source: Security Wire Digest, 19 July) Government - While the numbers still are subject to massive change, the House today is expected to begin debating an appropriations bill containing a number of cyber-security and online crime-fighting initiatives. The House today is scheduled to begin considering H.R. 2500, the Commerce-Justice-State (CJS) appropriations bill that funds operations of various agencies for the 2002 fiscal year. Cyber-crime and security funding levels show up, for the most part, under funding for various programs under the Justice Dept., which the House Appropriations Committee has recommended should receive a total $38.5 billion in discretionary spending - nearly $600 million more than requested by the Bush administration. It also is about $971 million higher than fiscal year 2001 levels. Mixed in is $469 million that would be divvied up between the Drug Enforcement Administration, the FBI and U.S. attorneys to fight violent crime, drugs and "to provide new tools to combat cyber-crime and national security threats." The Justice Department's Criminal Division also stands to receive an extra $2.5 million for issues including cyber-terrorism, security issues and foreign counterintelligence. The FBI would receive $17.2 million extra for its cyber-crime efforts, combined with an existing base of $91.4 million, for a total of $108.6 million. The appropriations report also calls on the attorney general to "formulate a coordinated approach to preventing, detecting and successfully prosecuting instances of cybercrime." (Source: Newsbytes, 18 July) Defacements - NTR Military - NTR International - The German Multimedia Association (DMMV) said it supports a so-called "opt-in" remedy for fighting unsolicited commercial e-mail, or "spam." The announcement comes amid continued debate at the highest levels of the European Union on how to deal with spam. A solid majority of the EU Telecoms Council supports the "opt-in" system, which would ban direct marketers from sending unsolicited e-mails unless they are given explicit consent by potential recipients. The council comprises telecommunications ministers of the 15 EU member states. However, the European Parliament is leaning toward an "opt-out" system, under which e-mail-box owners would be targets for direct marketers unless they make it known that they do not want to be spammed. Before any EU-wide regulation can be enacted, the sides must come to an agreement. (Source: Newsbytes, 18 July) According to the Republic of Korea, a report from the National Intelligence Service (NIS) said on 18 July that the U.S. Navy believes North Korea is capable of waging cyber warfare. The report listed U.S. steps to counter cyber crimes and related the U.S. Navy's concern that North Korea, Iran, Iraq and Syria are capable of hacking their way into U.S. intelligence systems to damage military operations. The U.S. Defense Department is pushing for the introduction of service-wide computer systems capable of fending off cyber attacks, the report said. According to the department, foreign hackers attacked U.S. forces-related computer systems 715 times and other federal agencies 155 times last year. (Source: Seoul Yonhap, 18 July) Internet services in Cyprus have been disrupted by a data bombardment from abroad whose source the FBI has been asked to help track down, industry officials said on 18 July. One of the largest Internet companies on the Mediterranean island, said the denial of service blitz was observed by one of its clients on 12 July. An avalanche of incoming data blocked lines, slowed down servers and affected other subscribers. Other local Internet providers were also affected by this due to the massive amounts of data sent towards Cyprus. "We don't know the source yet, we are in contact with the FBI, Interpol and AT&T," said Thois Themistocleous, Spidernet's marketing manager." Internet service provider Spidernet said service was now back to normal but warned the attacker or attackers, who had been moving about to bypass system defenses, could strike again from a new location. (Source: Reuters, 18 July) It was reported on 19 July that the Commonwealth Bank of Australia is investigating claims that one of its Internet banking services were hacked. Melbourne radio reported that a computer technician claimed he could crack the service and access the accounts of about 50,000 bank customers. A flaw in the Commonwealth's Quickline service, aimed at helping small businesses deal with day-to-day banking transactions, allowed a cracker to break into accounts and steal unlimited funds, radio 3AW reported. According to Commonwealth Bank spokeswoman Bernadette Heyfield, they are taking this very seriously and are looking into this matter further. Ms. Heyfield stated that they are ensuring customers that their funds are safe. (Source: Australian Associated Press, 19 July) In New Zealand a jury returned a split verdict yesterday in the long-running trial of computer hacker Andrew Garrett. It found him guilty on five charges but was undecided on five others. Garrett was found guilty on four counts of reproducing a document with intent to defraud and one count of threatening to damage property. The fraud charges relate to Garrett's obtaining Internet access and passwords from computers remotely using the Back Orifice Trojan virus. Judge David Harvey will sentence Garrett next month for the five offences on which he was found guilty. His decision will draw considerable interest as there have been few prosecutions for similar cases. (Source: The New Zealand News, 19 July) U.S. SECTOR INFORMATION: Electrical Power - On 17 July, San Diego Gas & Electric (SDG&E) unveiled a new, dynamic blackout notification feature that has been added to its Web site, http://www.sdge.com. The enhanced Web page gives customers a better idea of whether, and when, they are likely to be affected by a rolling blackout. Using color-coded groups of areas, along with curtailment block and circuit numbers, the "Rolling Blackout Outage Status" page alerts customers to where they stand in the next potential outage rotation. According to Steven D. Davis, vice president of distribution operations for SDG&E, "We think this addition to our Web site is a useful tool for customers to be better prepared both at work and at home in the event of a rolling blackout." (Source: PR Newswire, 17 July) Transportation - A 60-car freight train carrying hazardous chemicals derailed in a narrow Baltimore tunnel blocks from Camden Yards yesterday, sparking a five-alarm fire that shut down much of the city, sent ballplayers running from Oriole Park and led residents to evacuate or huddle indoors with their windows shut against the acrid smoke. The fire in the tunnel wreaked havoc on Howard Street, causing water main pipes to burst and shoot geysers 20 feet into the air, manhole covers to loosen and the pavement to buckle into lumps pushed up by broken pipes. Close to midnight, police had reopened all major roadways into the city except for Interstate 395. The state Highway Administration had closed all major roadways earlier in the night at the request of police and fire officials. (Source: Washington Post, 19 July) Telecommunications - NTR Banking and Finance - NTR Emergency Services - NTR Government Services - NTR Water Supply - NTR Gas and Oil Storage Distribution - NTR NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC or the FBI.
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:23:53 PDT