-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Tuesday, August 28, 2001 8:04 AM To: daily@private Subject: NIPC Daily Report 28 August 01 Significant Changes and Assessment - No significant changes Private Sector - Network security company SSH Communications said on 24 August they are investigating claims that advanced pattern recognition can be used to weaken the security around an encryption standard used to protect connections between computers. The standard known as Secure Shell, or SSH, encrypts the data traveling between an administrator's computer and a remote server, allowing for much more secure communications, even over the Internet. That security, however, was called into question at a technical security conference last week, when three University of California-Berkeley researchers outlined a process by which guessing passwords sent using SSH can be made an estimated 50 times easier. According to the company's senior director of technical services and operations, "The problem with the program is not in a weakness in the encryption but the mere fact that the application is interactive. Once logged into the server from a remote computer, every keystroke on the remote machine is sent one by one to the server." (Source: Infosec News, 27 August) (NIPC Comment: The process outlined by the researchers at the University of California-Berkeley was originally reported on 20 August.) After years of promoting high-tech anti-fraud measures like smart cards and neural networks, a low-tech feature is coming to credit cards that might go a long way toward protecting your private information. Visa is moving forward with plans to add old-fashioned password protection to credit card purchases made online. By Christmas, many online checkout procedures will be interrupted by a request for a bank-issued credit card password. The problem with most current online transactions is there is no way for a merchant to know who is behind the keyboard when a credit card number is typed into a Web page. (Source: MSNBC.com, 27 August) The Internet population is approaching half a billion people worldwide, according to figures released today by the Nielsen/NetRatings Internet measurement service and all those PC manufacturers, that number contains some good news. Nielsen/NetRatings' second quarter Global Internet Trends Report shows an increase of 30 million people online since the first quarter of 2001, reaching a projected 459 million people globally. The report measures Internet populations of 30 nations in North America, the Middle East, the Asia-Pacific region and Latin America. The firm claims it now measures 93 percent of the online universe, after adding Argentina, India, South Africa and Israel to its latest quarterly survey. (Source: Newsbytes, 27 August) Government - The United States sees Australia as a leader in cyber security in the Asia-Pacific region and is looking for the country's partnership in the fight against increasingly sophisticated hackers, according to a visiting US expert. The deputy assistant director for the NIPC, Ron Dick, said fighting cyber crime needed the cooperation of countries and the private sector because it was a "huge mission." "We are looking for Australia to be a partner with us and to be a leader in this region in addressing these areas," he said at a recent Federal Government conference on privacy and security in the information age. (Source: The Age.com.au, 28 August) International - Tens of thousands of consumers have unknowingly had their credit card details intercepted by high-tech criminal gangs, a government security agency has revealed. Datastreaming, a new and fast-growing crime, involves hacking into the computer systems of high street retailers and stealing credit card details in bulk. Earlier forms of the fraud usually affected just one or two cardholders at a time. The new scam has contributed to Britain's position as the worst country in Europe for credit card fraud. The total lost to criminals last year was 300 million pounds according to the Association of Payment Clearing Services (Apacs), an increase of 55 percent on 1999. This year, it is expected to reach 400 million pounds. (Source: Sunday Times, 27 August) The Federal Government's proposed cyber crime laws in Australia, will not be effective unless law enforcement agencies have adequate resources to enforce them. Ernst & Young e-security analyst Eric Keser says the lack of resources is already forcing organizations to train in-house cyber detectives to collect evidence of electronic crime. "Police and the National Crime Authority have often in the past made comments about the need to have sufficient resources, people on the ground, skills, tools and techniques to actually enforce any legislation," Keser says. "Many (law enforcement agencies) are saying to organizations, `You need to actually take part in the investigation up front and you really need to build a brief that you can bring to us'." Keser is the principal of the Ernst & Young's e-risk consulting group, which is hired to hack into clients' networks to expose weaknesses. (Source: The Age.com.au, 28 August) Electromagnetic waves routinely leak from computers. Monitoring of such invisible electromagnetic waves is prompting concern as a new form of "cyber terrorism" of hackers and giving them simultaneous computer access. The reason is that it is now possible to steal information without invading computers. In addition, exposure to special external electromagnetic waves makes it possible to destroy computer systems. The Japanese government is aware of this risk, and the former Ministry of Posts and Telecommunications contracted with a team of experts to conduct and compile a report on a secret survey in 1993. The final report issued in November 2000 titled, "Council for the Study of Cyber Terrorism in the Telecommunications Industry" mentioned the need for measures on the leakage of electromagnetic waves. Reportedly, China and North Korea are enthusiastic about researching "electromagnetic wave spy instruments." The two countries place more emphasis on compromising enemy computers using electromagnetic waves, rather than clandestine stealing of information based on electronic waves. ( Source: JPP, 28 August) Military - U.S. soldiers sitting at computers played the role of an enemy in war games designed to test the ability of South Korea and the US to fend off a North Korean invasion. Some 10,000 American troops are taking part in an annual joint exercise that has drawn verbal attacks from the communist North since it was first launched in 1976. This year was no exception, with North Korea accusing the US of "a mock 'cyber warfare' drill" to practice its skills at spreading computer viruses and hacking into computer networks. The 12-day maneuvers, called "Ulchi Focus Lens," ended on 24 August. They are among the U.S. military's most advanced war games involving computer simulation. (Source: Associated Press, 27 August) U.S. SECTOR INFORMATION: Water Supply - NTR Gas and Oil Storage Distribution - NTR Government Services - NTR Emergency Services - NTR Electrical Power - NTR Telecommunications - NTR Banking and Finance - NTR Transportation - NTR NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC of the FBI.
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:24:22 PDT