FW: NIPC Daily Report 4 September 01

From: George Heuston (georgeh@private)
Date: Tue Sep 04 2001 - 09:02:09 PDT

  • Next message: Zot O'Connor: "Virus costs skyrocket (CNN)"

    -----Original Message-----
    From: NIPC Watch
    To: daily@private
    Sent: 9/4/01 8:11 AM
    Subject: NIPC Daily Report 4 September 01
    
    Significant Changes and Assessment  - No significant changes
    
    Private Sector - A new worm has been detected that disguises itself as a
    warning from Microsoft Corp.  Known as Win32.Invalid.A@mm, the worm mass
    mails itself to users and, once launched from an attachment, encrypts
    executable files, rendering them unusable.  The worm can infect
    computers running Windows NT and 2000.  The worm first verifies that an
    Internet connection is available, and if a connection is established, it
    searches for all files starting with the extension '.ht*' in the My
    Documents folder.  It then extracts the e-mail addresses from within the
    files and sends a  messaging claiming to be from Microsoft.  The worm
    attempts to use social engineering to again trick users into opening its
    attached file which may put casual Internet users most at risk from this
    worm. (Source: ComputerWorld, 30 August)
    
    A new Trojan spreading in the wild called TROJ_APOST.A (alias APOST.A;
    READ.ME.A, I-Worm.Readme; and W32.APOST-A) copies itself to all local
    drives (root directories) and sends a copy of itself as an attachment
    via e-mail.  It sends itself via Microsoft Outlook to all addresses
    listed in the infected user's address book.  If the e-mail address of
    the infected user is included in the address book, the infected user
    also receives the e-mail.  It does this four times to each address, but
    does not have a destructive payload.  The e-mail comes with the subject
    "AS PER YOUR REQUEST!" and the attachment "README.EXE."  This Trojan was
    created using Visual Basic, but uses Windows Scripting commands that are
    embedded in its code to propagate and send e-mails.  Anti-virus vendor
    Trend Micro currently rates this as Medium risk.  (Source: Trend Micro,
    3 September)
    
    Prosecutors and investigators are seeing more cases related to computer
    hacking, theft of trade secrets and hardware, and other tech crimes.  In
    Silicon Valley, the Santa Clara District Attorney's Office is tackling
    twice as many cases as last year.  In Boston, the federal prosecutor's
    high-tech unit is juggling 10 cybercrime cases, ''a marked increase''
    from last year.  In Austin, Texas, cybercrime cases are up 30%, to 84,
    for the first 8 months of this year from last year.  As the global tech
    economy grows, so does the value of stolen tech goods and intellectual
    property. Last year, 273 firms surveyed by the Computer Security
    Institute said they lost $266 million to tech crime.  The $80 billion
    software industry estimates it lost $12 billion in revenue last year due
    to piracy. (Source: USA Today, 31 August)
    
    According to independent research firm Computer Economics, the cost of
    coping with the Code Red computer worms has reached about $2.6 billion.
    While hefty, that was just a part of the total cost of attacks on
    computer systems this year. The cost of virus attacks on information
    systems around the world reached an estimated $10.7 billion so far this
    year, according to the firm. That compares with $17.1 billion for all of
    2000 and $12.1 billion in 1999. "If there are no new bugs, then we will
    land around $15 billion," said Michael Erbschloe, vice president of
    research at Computer Economics. But "one more big outbreak that becomes
    a billion-dollar bug" would put the total over last year's. (Source:
    Reuters, 31 August)
    
    Government - The House Government Management and Information Technology
    Subcommittee held a hearing in California on 29 August to listen to a
    panel of private and public sector security officials explain the steps
    federal agencies can take to evade threats posed by various computer
    viruses. "There is no easy fix, but governments at every level must be
    prepared for the next attempted invasion," Subcommittee Chairman Steven
    Horn said at the field hearing.  "Computer security must become a
    priority."  Jeff Carpenter, manager of the CERT/CC, said agency
    procurement offices need to do a better job of evaluating suppliers for
    product security and recommended promotion of greater diversity of
    acquisition practices to be used by federal agencies. Stephen Trilling,
    senior director Symantec Corp., said agencies need to consider blocking
    all executable programs coming into their e-mail systems.  Peter
    Neumann, a scientist at SRI International's computer science laboratory,
    urged lawmakers to push for policies that encourage cooperation between
    universities and the private sector.  Keith Rhodes, chief technologist
    for the GAO's Center for Technology and Engineering, said poor security
    planning and management are still the rule rather than the exception at
    most federal agencies and that the federal government sorely needs a
    framework for promptly obtaining and analyzing data on imminent
    attacks.  (Source: Newsbytes, 30 August)
    
    According to a GAO report released last month, the DoE is on the right
    path in upgrading its protection and control over classified
    information, but there is still much work to be done. The GAO report
    found that the Los Alamos and Sandia national laboratories had
    implemented DoE's access controls and need-to-know requirements for the
    classified computer systems containing the most sensitive information.
    However, GAO noted that the department's "requirements for documenting
    need-to-know (access) lack specificity, allowing laboratory managers
    wide variation in interpretation and implementation."  In order to
    improve classified document security and accountability, GAO recommended
    that the Secretary of Energy issue more specific requirements for
    documenting need-to-know determinations and provide guidance on when the
    use of "blanket" need-to-know approvals for large numbers of employees
    is appropriate and how it should be documented.  (Source: Federal
    Computer Week, 3 September)
    
    International - Russia may soon have a censored Internet.  The Head of
    Russian Ministry, Alexander Manoshkin, has been quoted as saying, "ANY
    important activity must be regulated by the state." Currently, the
    non-commercial Regional Network Information Center, better known as the
    Ru-Center, allocates the ".ru" domain names.  It was once established by
    a scientific research institute, which also granted the right to license
    domain names to several large Internet providers.  Russia's
    Communications Minister himself has been talking about the need for
    state regulation of the Internet since 1999, causing a stir with many
    social organizations and even the Justice Ministry, who were the ones
    that struck down the first edition of the resolution in 2000.  (Source:
    SecurityWatch, 31 August)
    
    India's first police station to exclusively handle cyber crimes,
    computer hacking, data damage, and Internet fraud will start work in
    Bangalore on 15 September.  The Station which would cover the state of
    Karnataka, was launched on Thursday, a senior police official told
    Reuters. The station, which would cover crimes under India's information
    technology law passed last year, was aimed at taking quick action on
    solving cyber crimes, taking the burden from local police.   Local
    police stations would continue to register cyberspace crimes and would
    also carry out searches.  The Cyber Crime Police Station (CCPS) has set
    up a Web site for complaints.  (Source: Newsbytes, 31 August)
    
    Sweden's Defense Policy Committee (DPC) stated the country must
    concentrate more on protecting its increasingly vulnerable
    infrastructures rather than the military defense of its territory, and
    proposed the government set up a new crisis management system.  The
    Committee identified the electric power supply, telecommunications, and
    IT systems as infrastructures particularly at risk.  According to the
    DPC, the protection of these systems has been severely neglected, and
    quick measures are required.  The Committee stated county administrative
    boards should be responsible for crisis management at the regional
    level, and municipalities would have responsibility at the local level.
    The DPC claimed that major changes in the organization of civil defense
    are needed in order to adjust to new threat scenarios, and proposed that
    there be greater cooperation between the political leadership and
    business. (Source: Stockholm Dagens Nyheter, Internet Version, 31
    August)
    
    Cybercrime is on the rise in the United Kingdom and for the first time
    those businesses that are hit by hacks are more likely to be attacked by
    hackers from outside of the company instead of inside.  According to a
    study published on 29 August by the Confederation of British Industry, a
    CBI spokesman said of the 148 companies surveyed for the study
    "Cybercrime Survey 2001," two-thirds have been the victim of "serious"
    cybercrime in the past year. (Source: IDG News Service, 1 September)
    
    According to data on cyber crimes submitted by the National Police
    Agency (NPA) in South Korea, crimes committed through the Internet have
    been rising sharply in recent years, but police appear to have become
    less capable of catching offenders.  In 1998, 394 cyber crimes were
    committed, compared to the 9,502 in just the first seven months of
    2001.  The number of hacking cases committed increased from 16 in 1998
    to 20 in 1999, 449 in 2000 and 2,939 between January and July 2001.
    Police arrested just 14.4 percent of the hackers this year, compared
    with 61.3 percent last year.  (Source: Seoul Yonhap, 2 September)
    
    China's public security sector will take it as a major task to crack
    down on and give punishment to criminal activities that endanger the
    information network security; such as invading computer information
    systems in key areas, deliberately creating and disseminating computer
    viruses to undermine computer programs, and jeopardizing computer
    systems and information networks. They will gear up the investigative
    effort in this field so as to prevent the spread of network-related
    crimes.  (Source:  Beijing Xinhua Domestic Service, 27 August)
    
    On 1 September, a 22-year-old British computer engineer appealed against
    a $2,725 fine for hacking into the network of state-run telecoms company
    Etisalat in the United Arab Emirates (UAE).  Lee Ashurst from Oldham,
    England, was convicted in July of misusing "equipment, services or
    facilities provided by Etisalat."  "We have submitted an appeal," said
    Ali al-Hashimi, lawyer for the Briton.  "The grounds of the appeal are
    that the court of first instance ruled wrongly as there are no laws that
    criminalize computer hacking."  "The court will deliver its appeal
    judgement on 15 September," the lawyer said.  Etisalat, the UAE's sole
    Internet service provider, experienced major web disruptions in June
    2000 and is also seeking compensation of 770,000 dollars in the civil
    courts for four days of lost business.  Ashurst was found not guilty on
    a second charge of opening other people's e-mail.  (Source: Agence
    France-Presse, 1 September)
    
    Police have raided two cybercafes in Nairobi, Kenya, suspected to have
    hacked into the government's classified data.  An unknown number of
    suspects, including ex-Somali militiamen, Rwandan, Ugandan, Ethiopian,
    and Kenyan nationals were caught in the dragnet and are being held at
    various police stations as investigations go on.  The suspects are said
    to be allied to Somali warlord General Morgan who is said to be a
    frequent visitor to Kenya.  Some of the suspects are from as far away as
    Jamaica and Australia. Others are from the DRCongo. They are alleged to
    have illegally accessed state secrets and could have misused the
    knowledge in self-serving ways, most likely in dealing in illegal
    firearms and narcotic drugs.  Four of the suspects are ex-military men
    who had been contracted to repair Jumbonet Internet server at Longonot
    (satellite earth station) sources said. (Source: Agence France-Presse, 4
    September)
    
    Military - NTR
    
    U.S. SECTOR INFORMATION:
    Telecommunications - NTR
    Banking and Finance - NTR
    Emergency Services - NTR
    Water Supply - NTR
    Gas and Oil Storage Distribution - NTR
    Government Services - NTR
    Electrical Power - NTR
    Transportation - NTR
    
    NOTE: Please understand that this is for informational purposes only and
    does not constitute any verification of the information contained in
    this report nor does this constitute endorsement by the NIPC of the FBI
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:24:35 PDT