-----Original Message----- From: NIPC Watch To: daily@private Sent: 9/4/01 8:11 AM Subject: NIPC Daily Report 4 September 01 Significant Changes and Assessment - No significant changes Private Sector - A new worm has been detected that disguises itself as a warning from Microsoft Corp. Known as Win32.Invalid.A@mm, the worm mass mails itself to users and, once launched from an attachment, encrypts executable files, rendering them unusable. The worm can infect computers running Windows NT and 2000. The worm first verifies that an Internet connection is available, and if a connection is established, it searches for all files starting with the extension '.ht*' in the My Documents folder. It then extracts the e-mail addresses from within the files and sends a messaging claiming to be from Microsoft. The worm attempts to use social engineering to again trick users into opening its attached file which may put casual Internet users most at risk from this worm. (Source: ComputerWorld, 30 August) A new Trojan spreading in the wild called TROJ_APOST.A (alias APOST.A; READ.ME.A, I-Worm.Readme; and W32.APOST-A) copies itself to all local drives (root directories) and sends a copy of itself as an attachment via e-mail. It sends itself via Microsoft Outlook to all addresses listed in the infected user's address book. If the e-mail address of the infected user is included in the address book, the infected user also receives the e-mail. It does this four times to each address, but does not have a destructive payload. The e-mail comes with the subject "AS PER YOUR REQUEST!" and the attachment "README.EXE." This Trojan was created using Visual Basic, but uses Windows Scripting commands that are embedded in its code to propagate and send e-mails. Anti-virus vendor Trend Micro currently rates this as Medium risk. (Source: Trend Micro, 3 September) Prosecutors and investigators are seeing more cases related to computer hacking, theft of trade secrets and hardware, and other tech crimes. In Silicon Valley, the Santa Clara District Attorney's Office is tackling twice as many cases as last year. In Boston, the federal prosecutor's high-tech unit is juggling 10 cybercrime cases, ''a marked increase'' from last year. In Austin, Texas, cybercrime cases are up 30%, to 84, for the first 8 months of this year from last year. As the global tech economy grows, so does the value of stolen tech goods and intellectual property. Last year, 273 firms surveyed by the Computer Security Institute said they lost $266 million to tech crime. The $80 billion software industry estimates it lost $12 billion in revenue last year due to piracy. (Source: USA Today, 31 August) According to independent research firm Computer Economics, the cost of coping with the Code Red computer worms has reached about $2.6 billion. While hefty, that was just a part of the total cost of attacks on computer systems this year. The cost of virus attacks on information systems around the world reached an estimated $10.7 billion so far this year, according to the firm. That compares with $17.1 billion for all of 2000 and $12.1 billion in 1999. "If there are no new bugs, then we will land around $15 billion," said Michael Erbschloe, vice president of research at Computer Economics. But "one more big outbreak that becomes a billion-dollar bug" would put the total over last year's. (Source: Reuters, 31 August) Government - The House Government Management and Information Technology Subcommittee held a hearing in California on 29 August to listen to a panel of private and public sector security officials explain the steps federal agencies can take to evade threats posed by various computer viruses. "There is no easy fix, but governments at every level must be prepared for the next attempted invasion," Subcommittee Chairman Steven Horn said at the field hearing. "Computer security must become a priority." Jeff Carpenter, manager of the CERT/CC, said agency procurement offices need to do a better job of evaluating suppliers for product security and recommended promotion of greater diversity of acquisition practices to be used by federal agencies. Stephen Trilling, senior director Symantec Corp., said agencies need to consider blocking all executable programs coming into their e-mail systems. Peter Neumann, a scientist at SRI International's computer science laboratory, urged lawmakers to push for policies that encourage cooperation between universities and the private sector. Keith Rhodes, chief technologist for the GAO's Center for Technology and Engineering, said poor security planning and management are still the rule rather than the exception at most federal agencies and that the federal government sorely needs a framework for promptly obtaining and analyzing data on imminent attacks. (Source: Newsbytes, 30 August) According to a GAO report released last month, the DoE is on the right path in upgrading its protection and control over classified information, but there is still much work to be done. The GAO report found that the Los Alamos and Sandia national laboratories had implemented DoE's access controls and need-to-know requirements for the classified computer systems containing the most sensitive information. However, GAO noted that the department's "requirements for documenting need-to-know (access) lack specificity, allowing laboratory managers wide variation in interpretation and implementation." In order to improve classified document security and accountability, GAO recommended that the Secretary of Energy issue more specific requirements for documenting need-to-know determinations and provide guidance on when the use of "blanket" need-to-know approvals for large numbers of employees is appropriate and how it should be documented. (Source: Federal Computer Week, 3 September) International - Russia may soon have a censored Internet. The Head of Russian Ministry, Alexander Manoshkin, has been quoted as saying, "ANY important activity must be regulated by the state." Currently, the non-commercial Regional Network Information Center, better known as the Ru-Center, allocates the ".ru" domain names. It was once established by a scientific research institute, which also granted the right to license domain names to several large Internet providers. Russia's Communications Minister himself has been talking about the need for state regulation of the Internet since 1999, causing a stir with many social organizations and even the Justice Ministry, who were the ones that struck down the first edition of the resolution in 2000. (Source: SecurityWatch, 31 August) India's first police station to exclusively handle cyber crimes, computer hacking, data damage, and Internet fraud will start work in Bangalore on 15 September. The Station which would cover the state of Karnataka, was launched on Thursday, a senior police official told Reuters. The station, which would cover crimes under India's information technology law passed last year, was aimed at taking quick action on solving cyber crimes, taking the burden from local police. Local police stations would continue to register cyberspace crimes and would also carry out searches. The Cyber Crime Police Station (CCPS) has set up a Web site for complaints. (Source: Newsbytes, 31 August) Sweden's Defense Policy Committee (DPC) stated the country must concentrate more on protecting its increasingly vulnerable infrastructures rather than the military defense of its territory, and proposed the government set up a new crisis management system. The Committee identified the electric power supply, telecommunications, and IT systems as infrastructures particularly at risk. According to the DPC, the protection of these systems has been severely neglected, and quick measures are required. The Committee stated county administrative boards should be responsible for crisis management at the regional level, and municipalities would have responsibility at the local level. The DPC claimed that major changes in the organization of civil defense are needed in order to adjust to new threat scenarios, and proposed that there be greater cooperation between the political leadership and business. (Source: Stockholm Dagens Nyheter, Internet Version, 31 August) Cybercrime is on the rise in the United Kingdom and for the first time those businesses that are hit by hacks are more likely to be attacked by hackers from outside of the company instead of inside. According to a study published on 29 August by the Confederation of British Industry, a CBI spokesman said of the 148 companies surveyed for the study "Cybercrime Survey 2001," two-thirds have been the victim of "serious" cybercrime in the past year. (Source: IDG News Service, 1 September) According to data on cyber crimes submitted by the National Police Agency (NPA) in South Korea, crimes committed through the Internet have been rising sharply in recent years, but police appear to have become less capable of catching offenders. In 1998, 394 cyber crimes were committed, compared to the 9,502 in just the first seven months of 2001. The number of hacking cases committed increased from 16 in 1998 to 20 in 1999, 449 in 2000 and 2,939 between January and July 2001. Police arrested just 14.4 percent of the hackers this year, compared with 61.3 percent last year. (Source: Seoul Yonhap, 2 September) China's public security sector will take it as a major task to crack down on and give punishment to criminal activities that endanger the information network security; such as invading computer information systems in key areas, deliberately creating and disseminating computer viruses to undermine computer programs, and jeopardizing computer systems and information networks. They will gear up the investigative effort in this field so as to prevent the spread of network-related crimes. (Source: Beijing Xinhua Domestic Service, 27 August) On 1 September, a 22-year-old British computer engineer appealed against a $2,725 fine for hacking into the network of state-run telecoms company Etisalat in the United Arab Emirates (UAE). Lee Ashurst from Oldham, England, was convicted in July of misusing "equipment, services or facilities provided by Etisalat." "We have submitted an appeal," said Ali al-Hashimi, lawyer for the Briton. "The grounds of the appeal are that the court of first instance ruled wrongly as there are no laws that criminalize computer hacking." "The court will deliver its appeal judgement on 15 September," the lawyer said. Etisalat, the UAE's sole Internet service provider, experienced major web disruptions in June 2000 and is also seeking compensation of 770,000 dollars in the civil courts for four days of lost business. Ashurst was found not guilty on a second charge of opening other people's e-mail. (Source: Agence France-Presse, 1 September) Police have raided two cybercafes in Nairobi, Kenya, suspected to have hacked into the government's classified data. An unknown number of suspects, including ex-Somali militiamen, Rwandan, Ugandan, Ethiopian, and Kenyan nationals were caught in the dragnet and are being held at various police stations as investigations go on. The suspects are said to be allied to Somali warlord General Morgan who is said to be a frequent visitor to Kenya. Some of the suspects are from as far away as Jamaica and Australia. Others are from the DRCongo. They are alleged to have illegally accessed state secrets and could have misused the knowledge in self-serving ways, most likely in dealing in illegal firearms and narcotic drugs. Four of the suspects are ex-military men who had been contracted to repair Jumbonet Internet server at Longonot (satellite earth station) sources said. (Source: Agence France-Presse, 4 September) Military - NTR U.S. SECTOR INFORMATION: Telecommunications - NTR Banking and Finance - NTR Emergency Services - NTR Water Supply - NTR Gas and Oil Storage Distribution - NTR Government Services - NTR Electrical Power - NTR Transportation - NTR NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in this report nor does this constitute endorsement by the NIPC of the FBI
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:24:35 PDT